* [Buildroot] [PATCH] support/check-rpath: recognise PIE
@ 2017-09-24 16:22 Yann E. MORIN
2017-09-26 22:40 ` Arnout Vandecappelle
2017-10-17 8:58 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Yann E. MORIN @ 2017-09-24 16:22 UTC (permalink / raw)
To: buildroot
We sanity-check the host executables that they have a correct RPATH
pointing to the host libraries.
This is currently done by looking for all files in $(HOST_DIR) that
match the 'ELF executable' pattern (a bit more complex, but that's
idea).
However, when an executable is built with -fPIE of -fpie, it no longer
appears to be an 'ELF executable', but it rather looks like an 'ELF
sheard object' (like if it were an library.
So, we miss those files.
It turns out that the problem is a real one, because quite a few
mainline distros, expecially those based on Debian for example, have
already switched to generating PIE code by default, and thus we miss on
a whole class of systems..
We fix that by simply looking if we can find an ELF interpreter in each
file. If we there is one, this is an ELF executable; if not, it may be
anything else: we don't care (not even about ELF libraries).
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
---
support/scripts/check-host-rpath | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/support/scripts/check-host-rpath b/support/scripts/check-host-rpath
index 74a25ba99c..169628decb 100755
--- a/support/scripts/check-host-rpath
+++ b/support/scripts/check-host-rpath
@@ -18,6 +18,7 @@ main() {
ret=0
while read file; do
+ is_elf "${file}" || continue
elf_needs_rpath "${file}" "${hostdir}" || continue
check_elf_has_rpath "${file}" "${hostdir}" && continue
if [ ${ret} -eq 0 ]; then
@@ -26,14 +27,18 @@ main() {
printf "*** ERROR: package %s installs executables without proper RPATH:\n" "${pkg}"
fi
printf "*** %s\n" "${file}"
- done < <( find "${hostdir}"/{bin,sbin} -type f -exec file {} + 2>/dev/null \
- |sed -r -e '/^([^:]+):.*\<ELF\>.*\<executable\>.*/!d' \
- -e 's//\1/' \
- )
+ done < <( find "${hostdir}"/{bin,sbin} -type f 2>/dev/null )
return ${ret}
}
+is_elf() {
+ local f="${1}"
+
+ readelf -l "${f}" 2>/dev/null \
+ |grep -E 'Requesting program interpreter:' >/dev/null 2>&1
+}
+
elf_needs_rpath() {
local file="${1}"
local hostdir="${2}"
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] support/check-rpath: recognise PIE
2017-09-24 16:22 [Buildroot] [PATCH] support/check-rpath: recognise PIE Yann E. MORIN
@ 2017-09-26 22:40 ` Arnout Vandecappelle
2017-10-17 8:58 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Arnout Vandecappelle @ 2017-09-26 22:40 UTC (permalink / raw)
To: buildroot
On 24-09-17 18:22, Yann E. MORIN wrote:
> We sanity-check the host executables that they have a correct RPATH
> pointing to the host libraries.
>
> This is currently done by looking for all files in $(HOST_DIR) that
> match the 'ELF executable' pattern (a bit more complex, but that's
> idea).
>
> However, when an executable is built with -fPIE of -fpie, it no longer
> appears to be an 'ELF executable', but it rather looks like an 'ELF
> sheard object' (like if it were an library.
>
> So, we miss those files.
>
> It turns out that the problem is a real one, because quite a few
> mainline distros, expecially those based on Debian for example, have
> already switched to generating PIE code by default, and thus we miss on
> a whole class of systems..
>
> We fix that by simply looking if we can find an ELF interpreter in each
> file. If we there is one, this is an ELF executable; if not, it may be
> anything else: we don't care (not even about ELF libraries).
>
> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
> Cc: Arnout Vandecappelle <arnout@mind.be>
Applied to master, thanks.
One remark: this will be slower than it was before. But since typically there
aren't so many files in host/{bin,sbin}, it's not a problem.
Regards,
Arnout
> ---
> support/scripts/check-host-rpath | 13 +++++++++----
> 1 file changed, 9 insertions(+), 4 deletions(-)
>
> diff --git a/support/scripts/check-host-rpath b/support/scripts/check-host-rpath
> index 74a25ba99c..169628decb 100755
> --- a/support/scripts/check-host-rpath
> +++ b/support/scripts/check-host-rpath
> @@ -18,6 +18,7 @@ main() {
>
> ret=0
> while read file; do
> + is_elf "${file}" || continue
> elf_needs_rpath "${file}" "${hostdir}" || continue
> check_elf_has_rpath "${file}" "${hostdir}" && continue
> if [ ${ret} -eq 0 ]; then
> @@ -26,14 +27,18 @@ main() {
> printf "*** ERROR: package %s installs executables without proper RPATH:\n" "${pkg}"
> fi
> printf "*** %s\n" "${file}"
> - done < <( find "${hostdir}"/{bin,sbin} -type f -exec file {} + 2>/dev/null \
> - |sed -r -e '/^([^:]+):.*\<ELF\>.*\<executable\>.*/!d' \
> - -e 's//\1/' \
> - )
> + done < <( find "${hostdir}"/{bin,sbin} -type f 2>/dev/null )
>
> return ${ret}
> }
>
> +is_elf() {
> + local f="${1}"
> +
> + readelf -l "${f}" 2>/dev/null \
> + |grep -E 'Requesting program interpreter:' >/dev/null 2>&1
> +}
> +
> elf_needs_rpath() {
> local file="${1}"
> local hostdir="${2}"
>
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] support/check-rpath: recognise PIE
2017-09-24 16:22 [Buildroot] [PATCH] support/check-rpath: recognise PIE Yann E. MORIN
2017-09-26 22:40 ` Arnout Vandecappelle
@ 2017-10-17 8:58 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2017-10-17 8:58 UTC (permalink / raw)
To: buildroot
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes:
> We sanity-check the host executables that they have a correct RPATH
> pointing to the host libraries.
> This is currently done by looking for all files in $(HOST_DIR) that
> match the 'ELF executable' pattern (a bit more complex, but that's
> idea).
> However, when an executable is built with -fPIE of -fpie, it no longer
> appears to be an 'ELF executable', but it rather looks like an 'ELF
> sheard object' (like if it were an library.
> So, we miss those files.
> It turns out that the problem is a real one, because quite a few
> mainline distros, expecially those based on Debian for example, have
> already switched to generating PIE code by default, and thus we miss on
> a whole class of systems..
> We fix that by simply looking if we can find an ELF interpreter in each
> file. If we there is one, this is an ELF executable; if not, it may be
> anything else: we don't care (not even about ELF libraries).
> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
> Cc: Arnout Vandecappelle <arnout@mind.be>
Committed to 2017.08.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-10-17 8:58 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-24 16:22 [Buildroot] [PATCH] support/check-rpath: recognise PIE Yann E. MORIN
2017-09-26 22:40 ` Arnout Vandecappelle
2017-10-17 8:58 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.