[OpenWrt-Devel] [PATCH] ppp: activate PIE ASLR by default
Felix Fietkau
nbd at nbd.name
Sat Feb 22 04:10:04 EST 2020
On 2020-02-22 09:54, Stijn Tintel wrote:
> On 20/02/2020 11:56, Petr Štetiar wrote:
>> This activates PIE ASLR support by default when the regular option is
>> selected.
>>
> Unfortunately this seems to break build on x86/64:
>
> x86_64-openwrt-linux-musl-gcc -O2 -pipe -fno-caller-saves -fno-plt
> -fhonour-copts -Wno-error=unused-but-set-variable
> -Wno-error=unused-result
> -ffile-prefix-map=/home/stijn/Development/LEDE/source/build_dir/target-x86_64_musl/linux-x86_64/ppp-default/ppp-2.4.8=ppp-2.4.8
> -Wformat -Werror=format-security -fpic -fstack-protector-strong
> -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -ffunction-sections
> -fdata-sections -flto -DHAVE_PATHS_H -DHAVE_MMAP -I../include
> '-DDESTDIR="/usr"' -DCHAPMS=1 -DMPPE=1 -DHAS_SHADOW -DHAVE_CRYPT_H=1
> -DUSE_CRYPT=1 -DPLUGIN -DPPP_FILTER -DPPP_PRECOMPILED_FILTER
> -I/home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/include
> -DINET6=1 -DMAXOCTETS
> -L/home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/lib
> -L/home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/lib
> -L/home/stijn/Development/LEDE/source/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/usr/lib
> -L/home/stijn/Development/LEDE/source/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/lib
> -fpic
> -specs=/home/stijn/Development/LEDE/source/include/hardened-ld-pie.specs
> -znow -zrelro -Wl,--gc-sections -flto -fuse-linker-plugin -Wl,-E -o
> pppd main.o magic.o fsm.o lcp.o ipcp.o upap.o chap-new.o md5.o ccp.o
> ecp.o auth.o options.o demand.o utils.o sys-linux.o ipxcp.o tty.o eap.o
> chap-md5.o session.o md4.o chap_ms.o sha1.o pppcrypt.o pcap_pcc.o
> ipv6cp.o eui64.o -lcrypt -ldl
> /home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/lib/libpcap.a
> /home/build/openwrt/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/bin/../lib/gcc/x86_64-openwrt-linux-musl/8.3.0/../../../../x86_64-openwrt-linux-musl/bin/ld:
> /home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/lib/libpcap.a(bpf_filter.c.o):
> relocation R_X86_64_32S against `.rodata' can not be used when making a
> PIE object; recompile with -fPIC
> /home/build/openwrt/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/bin/../lib/gcc/x86_64-openwrt-linux-musl/8.3.0/../../../../x86_64-openwrt-linux-musl/bin/ld:
> final link failed: nonrepresentable section on output
> collect2: error: ld returned 1 exit status
>
> So NACK from me until this is fixed.
This one can most likely be fixed by setting PKG_ASLR_PIE_REGULAR:=1 in
libpcap as well. That way -fPIC gets passed for the static library build.
- Felix
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list