Bug#859751: xtrs: please pass buildflags

Fri, 07 Apr 2017 10:09:23 -0700 

At 2017-04-07T14:10:06+0200, Graham Inggs wrote:
> On 07/04/2017 13:12, G. Branden Robinson wrote:
> > compile_rom is an utility internal to the build.  It's not shipped and
> > thus not subject to attacks.  I'm considering adding an --ignore-line
> > for it, but I need to figure out how to embed this information in the
> > package itself so the buildd log scanner knows to use this flag itself.
> 
> Is there any harm in linking compile_rom with those flags?

Probably not, but what's the use case?

This compile_rom utility is only useful for, and only used to, embed
Z-80 instructions into the memory map of an emulated TRS-80 computer;
specifically _this_ emulator, xtrs.

All of this hardening stuff, as I understand it, involves mitigation
strategies for unsafe memory usage in the C language family in the ELF
object file format.

Again, the tool is not shipped.  I am having trouble thinking of any
attack vector involving compile_rom that isn't dwarfed by the fact that
it would have to be expoited during a package build, at which time there
are much simpler and nastier ways to attack a host, such as by embedding
hostile code into a maintainer script.  Those kinds of exploits are much
easier to write and we don't really screen for them.  Just the other I
saw on #debian-devel that we had a package that goofed up an rm -rf
command in its postinst and trashed /usr/bin or something like that.

My preference is to be fastidious about things, but I also have a strong
antipathy towards cargo-cult software engineering.  I cannot think of
any benefit of hardening compile_rom that is not extremely speculative.

Can you?

> > Please advise if you think the attachments don't address the issue.
> 
> All looks good, thanks!  I see the 'format not a string literal and no
> format arguments' errors are already fixed in upstream 4.9d.

Yes, and in the forthcoming -3 I fixed a bunch more that were exposed
when I compiled with -std=c11.

See attached patch.

Regards,
Branden

Align build with the ISO C11 standard.

-- Branden Robinson, 2017-04-04T09:40:13-0400
--- a/debug.c
+++ b/debug.c
@@ -18,6 +18,8 @@
    $Id: debug.c,v 1.28 2009/06/16 00:10:39 mann Exp $
 */
 
+#define _POSIX_C_SOURCE 200112L /* signal.h: sigemptyset(), ... */
+
 #include "z80.h"
 #include "trs.h"
 
@@ -25,6 +27,7 @@
 #include <signal.h>
 #include <errno.h>
 #include <string.h>
+#include <strings.h> /* strcasecmp() */
 
 #ifdef READLINE
 #include <readline/readline.h>
@@ -318,7 +321,7 @@
     int i;
 
     traps = (Uchar *) malloc(ADDRESS_SPACE * sizeof(Uchar));
-    bzero(traps, ADDRESS_SPACE * sizeof(Uchar));
+    memset(traps, 0, ADDRESS_SPACE * sizeof(Uchar));
 
     for(i = 0; i < MAX_TRAPS; ++i) trap_table[i].valid = 0;
 
--- a/cmddump.c
+++ b/cmddump.c
@@ -27,6 +27,9 @@
  *        -p foo  select PDS entry "foo" (padded to 8 bytes with spaces)
  *        -x      ignore anything after the first xfer address
  */
+
+#define _XOPEN_SOURCE /* unistd.h: getopt(), optarg, optind, opterr */
+
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
--- a/mkdisk.c
+++ b/mkdisk.c
@@ -15,6 +15,8 @@
 /* If available, use C11 fopen()'s exclusive open flag.  Option -f overrides. */
 #define _ISOC11_SOURCE 1
 
+#define _XOPEN_SOURCE 500 /* unistd.h: getopt(), ...; sys/stat.h: fchmod() */
+
 #include <stdio.h>
 #include <unistd.h>
 #include <time.h>
--- a/trs_cassette.c
+++ b/trs_cassette.c
@@ -50,6 +50,9 @@
  *   Fabio Ferrari contributed the SB_SOUND implementation.  
  */
 
+#define _POSIX_C_SOURCE 200112L /* signal.h: sigemptyset(), ...
+                                   stdio.h: fileno() */
+
 #if __linux
 #define HAVE_OSS 1
 #define OSS_SOUND 1
--- a/trs_disk.c
+++ b/trs_disk.c
@@ -26,6 +26,8 @@
 #define SIZERETRY 1       /* Retry in different sizes on real_read */
 #define DMK_MARK_IAM 0    /* Mark IAMs in track header; poor idea */
 
+#define _XOPEN_SOURCE 500 /* signal.h: SA_RESTART */
+
 #include "z80.h"
 #include "trs.h"
 #include "trs_disk.h"
--- a/trs_imp_exp.c
+++ b/trs_imp_exp.c
@@ -13,6 +13,8 @@
  *  easier.  
  */
 
+#define _XOPEN_SOURCE 500 /* ftruncate(), strdup() */
+
 #include <stdio.h>
 #include <errno.h>
 #include <signal.h>
--- a/trs_interrupt.c
+++ b/trs_interrupt.c
@@ -10,6 +10,8 @@
  * Emulate interrupts
  */
 
+#define _XOPEN_SOURCE 500 /* signal.h: SA_RESTART */
+
 #include "z80.h"
 #include "trs.h"
 #include <stdio.h>
--- a/trs_uart.c
+++ b/trs_uart.c
@@ -10,6 +10,8 @@
  * Emulation of the Radio Shack TRS-80 Model I/III/4/4P serial port.
  */
 
+#define _POSIX_C_SOURCE 200112L /* signal.h: sigemptyset(), ... */
+
 #include <errno.h>
 #include <termios.h>
 #include <unistd.h>
--- a/trs_xinterface.c
+++ b/trs_xinterface.c
@@ -28,6 +28,9 @@
  * X Windows interface for TRS-80 simulator
  */
 
+#define _DEFAULT_SOURCE /* string.h: strcasecmp() */
+#define _XOPEN_SOURCE 500 /* string.h: strdup() */
+
 #include <stdio.h>
 #include <fcntl.h>
 #include <signal.h>
--- a/Makefile
+++ b/Makefile
@@ -149,7 +149,7 @@
 include Makefile.local
 
 CFLAGS += $(DEBUG) $(ENDIAN) $(DEFAULT_ROM) $(READLINE) $(DISKDIR) $(IFLAGS) \
-       $(APPDEFAULTS) -DKBWAIT
+       $(APPDEFAULTS) -DKBWAIT -std=c11
 LIBS = $(XLIB) $(READLINELIBS) $(EXTRALIBS)
 
 ZMACFLAGS = -h

Attachment: signature.asc
Description: PGP signature

Reply via email to