mirror of
https://github.com/crosstool-ng/crosstool-ng.git
synced 2024-12-22 06:07:49 +00:00
libc/glibc: add fortify option
By default, recent versions of glibc and eglibc will build some functions that take format strings (eg. printf, syslog...) with run-time checks against some format string attacks. This is called a fortified build. Unfortunately, this fails somehow while building the instrumented version of syslog, with some kind of circular dependency... Disable fortified builds by default, and hide the enabling option behind EXPERIMENTAL for daring users... Signed-off-by: "Yann E. MORIN" <yann.morin.1998@anciens.enib.fr>
This commit is contained in:
parent
6635f8cd2e
commit
b93e67f07c
@ -58,6 +58,27 @@ config LIBC_EXTRA_CC_ARGS
|
|||||||
Seldom used, except for sparc64 which seems to need the flag -64
|
Seldom used, except for sparc64 which seems to need the flag -64
|
||||||
to be passed onto gcc.
|
to be passed onto gcc.
|
||||||
|
|
||||||
|
config LIBC_ENABLE_FORTIFIED_BUILD
|
||||||
|
bool
|
||||||
|
prompt "Enable fortified build (EXPERIMENTAL)"
|
||||||
|
depends on EXPERIMENTAL
|
||||||
|
default n
|
||||||
|
help
|
||||||
|
If you say 'y' here, then glibc will be using fortified versions
|
||||||
|
of functions with format arguments (eg. vsyslog, printf...), and
|
||||||
|
do a sanity check on the format at runtime, to avoid some of the
|
||||||
|
common format string attacks.
|
||||||
|
|
||||||
|
This is currently not supported, and will most probably result in
|
||||||
|
a broken build, with an error message like:
|
||||||
|
../misc/syslog.c: In function '__vsyslog_chk':
|
||||||
|
../misc/syslog.c:123: sorry, unimplemented: inlining failed in
|
||||||
|
call to 'syslog': function body not available
|
||||||
|
|
||||||
|
If you are brave enough and want to debug the issue, then say 'y'
|
||||||
|
here. Otherwise, be still and say 'n' (the default). ;-)
|
||||||
|
|
||||||
|
|
||||||
config LIBC_DISABLE_VERSIONING
|
config LIBC_DISABLE_VERSIONING
|
||||||
bool
|
bool
|
||||||
prompt "Disable symbols versioning"
|
prompt "Disable symbols versioning"
|
||||||
|
@ -114,6 +114,7 @@ do_libc() {
|
|||||||
local extra_cc_args
|
local extra_cc_args
|
||||||
local -a extra_config
|
local -a extra_config
|
||||||
local -a extra_make_args
|
local -a extra_make_args
|
||||||
|
local glibc_cflags
|
||||||
|
|
||||||
CT_DoStep INFO "Installing C library"
|
CT_DoStep INFO "Installing C library"
|
||||||
|
|
||||||
@ -199,6 +200,12 @@ do_libc() {
|
|||||||
CT_DoLog DEBUG "Extra config args passed: '${extra_config[*]}'"
|
CT_DoLog DEBUG "Extra config args passed: '${extra_config[*]}'"
|
||||||
CT_DoLog DEBUG "Extra CC args passed : '${extra_cc_args}'"
|
CT_DoLog DEBUG "Extra CC args passed : '${extra_cc_args}'"
|
||||||
|
|
||||||
|
glibc_cflags="${CT_TARGET_CFLAGS} ${CT_LIBC_GLIBC_EXTRA_CFLAGS} ${OPTIMIZE}"
|
||||||
|
case "${CT_LIBC_ENABLE_FORTIFIED_BUILD}" in
|
||||||
|
y) ;;
|
||||||
|
*) glibc_cflags+=" -U_FORTIFY_SOURCE";;
|
||||||
|
esac
|
||||||
|
|
||||||
# ./configure is mislead by our tools override wrapper for bash
|
# ./configure is mislead by our tools override wrapper for bash
|
||||||
# so just tell it where the real bash is _on_the_target_!
|
# so just tell it where the real bash is _on_the_target_!
|
||||||
# Notes:
|
# Notes:
|
||||||
@ -221,7 +228,7 @@ do_libc() {
|
|||||||
# Set BUILD_CC, or we won't be able to build datafiles
|
# Set BUILD_CC, or we won't be able to build datafiles
|
||||||
|
|
||||||
BUILD_CC="${CT_BUILD}-gcc" \
|
BUILD_CC="${CT_BUILD}-gcc" \
|
||||||
CFLAGS="${CT_TARGET_CFLAGS} ${CT_LIBC_GLIBC_EXTRA_CFLAGS} ${OPTIMIZE}" \
|
CFLAGS="${glibc_cflags}" \
|
||||||
CC="${CT_TARGET}-gcc ${CT_LIBC_EXTRA_CC_ARGS} ${extra_cc_args}" \
|
CC="${CT_TARGET}-gcc ${CT_LIBC_EXTRA_CC_ARGS} ${extra_cc_args}" \
|
||||||
AR=${CT_TARGET}-ar \
|
AR=${CT_TARGET}-ar \
|
||||||
RANLIB=${CT_TARGET}-ranlib \
|
RANLIB=${CT_TARGET}-ranlib \
|
||||||
|
Loading…
Reference in New Issue
Block a user