From patchwork Sun Oct 27 16:13:24 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matt Weber <matthew.weber@rockwellcollins.com>
X-Patchwork-Id: 1185079
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
	smtp.mailfrom=busybox.net (client-ip=140.211.166.137;
	helo=fraxinus.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=rockwellcollins.com
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 471NF81TWTz9sPK
	for <incoming-buildroot@patchwork.ozlabs.org>;
	Mon, 28 Oct 2019 03:13:32 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by fraxinus.osuosl.org (Postfix) with ESMTP id 1112985193;
	Sun, 27 Oct 2019 16:13:30 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ZEDU6AAU_anC; Sun, 27 Oct 2019 16:13:29 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by fraxinus.osuosl.org (Postfix) with ESMTP id A352284E5A;
	Sun, 27 Oct 2019 16:13:28 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	by ash.osuosl.org (Postfix) with ESMTP id E66AE1BF410
	for <buildroot@lists.busybox.net>;
	Sun, 27 Oct 2019 16:13:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id C87F9853F8
	for <buildroot@lists.busybox.net>;
	Sun, 27 Oct 2019 16:13:26 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ChBLPjhU0s0a for <buildroot@lists.busybox.net>;
	Sun, 27 Oct 2019 16:13:26 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from secvs04.rockwellcollins.com (secvs04.rockwellcollins.com
	[205.175.225.130])
	by whitealder.osuosl.org (Postfix) with ESMTPS id C7FB585456
	for <buildroot@buildroot.org>; Sun, 27 Oct 2019 16:13:25 +0000 (UTC)
IronPort-SDR: 
 9PDdxzTM7srp2njuCi08s6IExyWp//0D9l9Av33FCio95qoYsDkiMX56uSlIVZs0tHKOwKNlr7
	ETdZaRY7axQy4Ci9assBjk2dRrxLkG42QVaU18FWz48BFmFLGIceBPABUHk09VVYY+zkDfmDlh
	w9o5d6SNshqTFy32+srDWJCZyuh79rsDRc/mSxqn7sjhPi8EbaEDRAT5EWF9A0C7iMQAxVnefh
	WtmfGPp5BxPFsSuN8hNFs5tDPjmoTHIIUTnVI8Uyh6uASv33fBGbTOSt2SLqIHDYa4emd3Ho9J
	rw0=
Received: from ofwgwc03.rockwellcollins.com (HELO
	ciulimr02.rockwellcollins.com) ([205.175.225.12])
	by secvs04.rockwellcollins.com with ESMTP; 27 Oct 2019 11:13:25 -0500
X-Received: from biscuits.rockwellcollins.lab (biscuits.rockwellcollins.lab
	[10.148.119.137])
	by ciulimr02.rockwellcollins.com (Postfix) with ESMTP id CB7932008A;
	Sun, 27 Oct 2019 11:13:24 -0500 (CDT)
From: Matt Weber <matthew.weber@rockwellcollins.com>
To: buildroot@buildroot.org
Date: Sun, 27 Oct 2019 11:13:24 -0500
Message-Id: <20191027161324.15946-1-matthew.weber@rockwellcollins.com>
X-Mailer: git-send-email 2.17.1
Subject: [Buildroot] [PATCH] utils/genrandconfig: test full set of hardening
	options
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

This patch adds the remaining ssp and relro cases plus both of the
fortify options. The randomization was left consistant between the
options but the order of the conditions placed the most restrictive
hardening options with more priority.

Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
NOTE: These other two need to be applied first.
http://patchwork.ozlabs.org/patch/1184843/
http://patchwork.ozlabs.org/patch/1184842
---
 utils/genrandconfig | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/utils/genrandconfig b/utils/genrandconfig
index 4308261932..aaba6c4204 100755
--- a/utils/genrandconfig
+++ b/utils/genrandconfig
@@ -370,8 +370,18 @@ def gen_config(args):
         configlines.append("BR2_PIC_PIE=y\n")
     if randint(0, 4) == 0:
         configlines.append("BR2_RELRO_FULL=y\n")
+    elif randint(0, 4) == 0:
+        configlines.append("BR2_RELRO_PARTIAL=y\n")
     if randint(0, 4) == 0:
         configlines.append("BR2_SSP_ALL=y\n")
+    elif randint(0, 4) == 0:
+        configlines.append("BR2_SSP_REGULAR=y\n")
+    elif randint(0, 4) == 0:
+        configlines.append("BR2_SSP_STRONG=y\n")
+    if randint(0, 4) == 0:
+        configlines.append("BR2_FORTIFY_SOURCE_2=y\n")
+    elif randint(0, 4) == 0:
+        configlines.append("BR2_FORTIFY_SOURCE_1=y\n")
 
     # Randomly enable BR2_REPRODUCIBLE 10% of times
     # also enable tar filesystem images for testing