crosstool-ng/packages/binutils/2.39/0007-poison-system-directories.patch

284 lines
9.4 KiB
Diff
Raw Normal View History

From 6d79a3e0fadbc0e619b039db2c73353d68036acc Mon Sep 17 00:00:00 2001
From: Scott Garman <scott.a.garman@intel.com>
Date: Mon, 8 Aug 2022 20:48:32 +1200
Subject: [PATCH] poison system directories
Patch adapted to binutils 2.23.2 and extended to use
BR_COMPILER_PARANOID_UNSAFE_PATH by Thomas Petazzoni.
[Gustavo: adapt to binutils 2.25]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Upstream-Status: Inappropriate [distribution: codesourcery]
Patch originally created by Mark Hatle, forward-ported to
binutils 2.21 by Scott Garman.
purpose: warn for uses of system directories when cross linking
Code Merged from Sourcery G++ binutils 2.19 - 4.4-277
2008-07-02 Joseph Myers <joseph@codesourcery.com>
ld/
* ld.h (args_type): Add error_poison_system_directories.
* ld.texinfo (--error-poison-system-directories): Document.
* ldfile.c (ldfile_add_library_path): Check
command_line.error_poison_system_directories.
* ldmain.c (main): Initialize
command_line.error_poison_system_directories.
* lexsup.c (enum option_values): Add
OPTION_ERROR_POISON_SYSTEM_DIRECTORIES.
(ld_options): Add --error-poison-system-directories.
(parse_args): Handle new option.
2007-06-13 Joseph Myers <joseph@codesourcery.com>
ld/
* config.in: Regenerate.
* ld.h (args_type): Add poison_system_directories.
* ld.texinfo (--no-poison-system-directories): Document.
* ldfile.c (ldfile_add_library_path): Check
command_line.poison_system_directories.
* ldmain.c (main): Initialize
command_line.poison_system_directories.
* lexsup.c (enum option_values): Add
OPTION_NO_POISON_SYSTEM_DIRECTORIES.
(ld_options): Add --no-poison-system-directories.
(parse_args): Handle new option.
2007-04-20 Joseph Myers <joseph@codesourcery.com>
Merge from Sourcery G++ binutils 2.17:
2007-03-20 Joseph Myers <joseph@codesourcery.com>
Based on patch by Mark Hatle <mark.hatle@windriver.com>.
ld/
* configure.ac (--enable-poison-system-directories): New option.
* configure, config.in: Regenerate.
* ldfile.c (ldfile_add_library_path): If
ENABLE_POISON_SYSTEM_DIRECTORIES defined, warn for use of /lib,
/usr/lib, /usr/local/lib or /usr/X11R6/lib.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
---
ld/config.in | 3 +++
ld/configure | 14 ++++++++++++++
ld/configure.ac | 10 ++++++++++
ld/ld.h | 8 ++++++++
ld/ld.texi | 12 ++++++++++++
ld/ldfile.c | 17 +++++++++++++++++
ld/ldlex.h | 2 ++
ld/ldmain.c | 2 ++
ld/lexsup.c | 21 +++++++++++++++++++++
9 files changed, 89 insertions(+)
--- a/ld/config.in
+++ b/ld/config.in
@@ -55,6 +55,9 @@
language is requested. */
#undef ENABLE_NLS
+/* Define to warn for use of native system library directories */
+#undef ENABLE_POISON_SYSTEM_DIRECTORIES
+
/* Additional extension a shared object might have. */
#undef EXTRA_SHLIB_EXTENSION
--- a/ld/configure
+++ b/ld/configure
@@ -836,6 +836,7 @@
enable_targets
enable_64_bit_bfd
with_sysroot
+enable_poison_system_directories
enable_gold
enable_got
enable_compressed_debug_sections
@@ -1514,6 +1515,8 @@
--enable-checking enable run-time checks
--enable-targets alternative target configurations
--enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes)
+ --enable-poison-system-directories
+ warn for use of native system library directories
--enable-gold[=ARG] build gold [ARG={default,yes,no}]
--enable-got=<type> GOT handling scheme (target, single, negative,
multigot)
@@ -15370,7 +15373,18 @@
fi
+# Check whether --enable-poison-system-directories was given.
+if test "${enable_poison_system_directories+set}" = set; then :
+ enableval=$enable_poison_system_directories;
+else
+ enable_poison_system_directories=no
+fi
+
+if test "x${enable_poison_system_directories}" = "xyes"; then
+$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
+
+fi
# Check whether --enable-got was given.
if test "${enable_got+set}" = set; then :
--- a/ld/configure.ac
+++ b/ld/configure.ac
@@ -102,6 +102,16 @@
AC_SUBST(TARGET_SYSTEM_ROOT)
AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE)
+AC_ARG_ENABLE([poison-system-directories],
+ AS_HELP_STRING([--enable-poison-system-directories],
+ [warn for use of native system library directories]),,
+ [enable_poison_system_directories=no])
+if test "x${enable_poison_system_directories}" = "xyes"; then
+ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
+ [1],
+ [Define to warn for use of native system library directories])
+fi
+
dnl Use --enable-gold to decide if this linker should be the default.
dnl "install_as_default" is set to false if gold is the default linker.
dnl "installed_linker" is the installed BFD linker name.
--- a/ld/ld.h
+++ b/ld/ld.h
@@ -157,6 +157,14 @@
/* If set, display the target memory usage (per memory region). */
bool print_memory_usage;
+ /* If TRUE (the default) warn for uses of system directories when
+ cross linking. */
+ bool poison_system_directories;
+
+ /* If TRUE (default FALSE) give an error for uses of system
+ directories when cross linking instead of a warning. */
+ bool error_poison_system_directories;
+
/* Should we force section groups to be resolved? Controlled with
--force-group-allocation on the command line or FORCE_GROUP_ALLOCATION
in the linker script. */
--- a/ld/ld.texi
+++ b/ld/ld.texi
@@ -2947,6 +2947,18 @@
occurrence of the --package-metdata option.
If the linker has been built with libjansson, then the JSON string
will be validated.
+
+@kindex --no-poison-system-directories
+@item --no-poison-system-directories
+Do not warn for @option{-L} options using system directories such as
+@file{/usr/lib} when cross linking. This option is intended for use
+in chroot environments when such directories contain the correct
+libraries for the target system rather than the host.
+
+@kindex --error-poison-system-directories
+@item --error-poison-system-directories
+Give an error instead of a warning for @option{-L} options using
+system directories when cross linking.
@end table
@c man end
--- a/ld/ldfile.c
+++ b/ld/ldfile.c
@@ -117,6 +117,23 @@
new_dirs->name = concat (ld_sysroot, name + strlen ("$SYSROOT"), (const char *) NULL);
else
new_dirs->name = xstrdup (name);
+
+#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
+ if (command_line.poison_system_directories
+ && ((!strncmp (name, "/lib", 4))
+ || (!strncmp (name, "/usr/lib", 8))
+ || (!strncmp (name, "/usr/local/lib", 14))
+ || (!strncmp (name, "/usr/X11R6/lib", 14))))
+ {
+ if (command_line.error_poison_system_directories)
+ einfo (_("%X%P: error: library search path \"%s\" is unsafe for "
+ "cross-compilation\n"), name);
+ else
+ einfo (_("%P: warning: library search path \"%s\" is unsafe for "
+ "cross-compilation\n"), name);
+ }
+#endif
+
}
/* Try to open a BFD for a lang_input_statement. */
--- a/ld/ldlex.h
+++ b/ld/ldlex.h
@@ -168,6 +168,8 @@
OPTION_NO_WARN_EXECSTACK,
OPTION_WARN_RWX_SEGMENTS,
OPTION_NO_WARN_RWX_SEGMENTS,
+ OPTION_NO_POISON_SYSTEM_DIRECTORIES,
+ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES,
};
/* The initial parser states. */
--- a/ld/ldmain.c
+++ b/ld/ldmain.c
@@ -321,6 +321,8 @@
command_line.warn_mismatch = true;
command_line.warn_search_mismatch = true;
command_line.check_section_addresses = -1;
+ command_line.poison_system_directories = true;
+ command_line.error_poison_system_directories = true;
/* We initialize DEMANGLING based on the environment variable
COLLECT_NO_DEMANGLE. The gcc collect2 program will demangle the
--- a/ld/lexsup.c
+++ b/ld/lexsup.c
@@ -608,6 +608,14 @@
" <method> is: share-unconflicted (default),\n"
" share-duplicated"),
TWO_DASHES },
+ { {"no-poison-system-directories", no_argument, NULL,
+ OPTION_NO_POISON_SYSTEM_DIRECTORIES},
+ '\0', NULL, N_("Do not warn for -L options using system directories"),
+ TWO_DASHES },
+ { {"error-poison-system-directories", no_argument, NULL,
+ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES},
+ '\0', NULL, N_("Give an error for -L options using system directories"),
+ TWO_DASHES },
};
#define OPTION_COUNT ARRAY_SIZE (ld_options)
@@ -620,6 +628,7 @@
int ingroup = 0;
char *default_dirlist = NULL;
char *shortopts;
+ char *BR_paranoid_env;
struct option *longopts;
struct option *really_longopts;
int last_optind;
@@ -1679,6 +1688,14 @@
}
break;
+ case OPTION_NO_POISON_SYSTEM_DIRECTORIES:
+ command_line.poison_system_directories = false;
+ break;
+
+ case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES:
+ command_line.error_poison_system_directories = true;
+ break;
+
case OPTION_PUSH_STATE:
input_flags.pushed = xmemdup (&input_flags,
sizeof (input_flags),
@@ -1824,6 +1841,10 @@
command_line.soname = NULL;
}
+ BR_paranoid_env = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
+ if (BR_paranoid_env && strlen(BR_paranoid_env) > 0)
+ command_line.error_poison_system_directories = true;
+
while (ingroup)
{
einfo (_("%P: missing --end-group; added as last command line option\n"));