[OpenWrt-Devel] Hardening Issues / Revert r46146 ?
dirkneukirchen at web.de
Wed Jul 8 05:37:22 EDT 2015
On 08.07.2015 09:41, Steven Barth wrote:
> The reason for the commit was that supporting hardening such as SSP
> accross 3 libcs is a PITA to maintain. I'm fine if someone comes up
> with a patch that would fix it, though.
> In general, you suggest to always enabled UCLIBCs SSP options and get
> rid of the GCCs libssp?
If I read the documents correctly libssp will be "empty" because
glibc and uclibc both contain the symbols for SSP in libc.so/ldso
(by default (?) in glibc, if enabled in uclibc case)
This since around 2005/2006.
Most normal software should link/use that glibc/uclibc implementation in OpenWrt environment.
Since libssp is empty the libssp switch should have no effect on building binaries
because gcc decides what to link against in both cases of "--disable/enable-libssp"
("If your libc does not provide SSP, then libssp will be linked automatically.")
so we only need libssp when:
- using a libc without SSP that requires libssp from gcc (dietlibc)
- we disable the SSP features that are in uclibc/glibc
- software not linked against libc (?, example: grub2 upstream disables ssp)
The main issues are probably bad __FLAGS handling when cross compiling and
most of these issues are/should be already fixed by upstream, other hardened distros
or variants of these.
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
More information about the openwrt-devel