from:"Antoine Manache"

Re: [OE-core][PATCH] security_flags.inc: fix flags missing from SDK toolchain

2020-03-24 Thread Antoine Manache

Absolutely.
I would add an example of issue I've seen in a software project.
Someone developing a new application and using the image-based SDK that I
provided got the right functional behaviour on target.
Once this application was integrated into the core image of our Yocto
project (new recipe), the same tests on target failed (application crash).
The root cause was : the two binaries produced were different because the
effective GCC options at compile time were different between both methods
(security flags not enabled when compiling with the SDK).
Antoine

Le mar. 24 mars 2020 à 19:34, Tom Hochstein  a
écrit :

>
>
> > -Original Message-
> > From: Richard Purdie 
> > Sent: Tuesday, March 24, 2020 1:03 PM
> > To: Antoine Manache ; Tom Hochstein <
> tom.hochst...@nxp.com>
> > Cc: openembedded-core@lists.openembedded.org
> > Subject: Re: [OE-core][PATCH] security_flags.inc: fix flags missing from
> SDK toolchain
> >
> > On Tue, 2020-03-24 at 18:25 +0100, Antoine Manache wrote:
> > > I've already sent this patch few months ago but not taken into
> > > account yet.
> >
> > Can someone explain more about the issue here please?
> >
> > Shouldn't these flags be added to the SDK toolchain environment files
> > rather than coded into the compiler? Why aren't they being coded in? or
> > is gcc being misconfigured?
>
> The recipe meta-environment inherits cross-canadian and toolchain-scripts.
> The latter generates the SDK toolchain environment file using
> TARGET_CC_ARCH and TARGET_LDFLAGS like this:
>
> echo 'export CC="${TARGET_PREFIX}gcc ${TARGET_CC_ARCH}
> --sysroot=$SDKTARGETSYSROOT"' >> $script
> echo 'export LDFLAGS="${TARGET_LDFLAGS}"' >> $script
>
>
> https://github.com/openembedded/openembedded-core/blob/master/meta/classes/toolchain-scripts.bbclass#L82
>
> With class-cross-canadian as the applicable override, updating the
> security flags for class-target does nothing for the SDK toolchain, hence
> the proposed fix:
>
> TARGET_CC_ARCH_append_class-target = " ${SECURITY_CFLAGS}"
> +TARGET_CC_ARCH_append_class-cross-canadian = " ${SECURITY_CFLAGS}"
>  TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
> +TARGET_LDFLAGS_append_class-cross-canadian = " ${SECURITY_LDFLAGS}"
>
> Tom
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#136668): 
https://lists.openembedded.org/g/openembedded-core/message/136668
Mute This Topic: https://lists.openembedded.org/mt/72521987/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] security_flags.inc: fix flags missing from SDK toolchain

2020-03-24 Thread Antoine Manache

I've already sent this patch few months ago but not taken into account yet.
AM

>From : Antoine Manache 
Date: mer. 20 nov. 2019 at 16:44
Subject: [OE-core] [PATCH v2] sdk: environment script doesn't set security
options in CC and LDFLAGS variables
To: 

When building a SDK from a DISTRO with security flags enabled, options
added to
CC and LDFLAGS are not replicated in the SDK environment script.
This could lead to some situations where an application compiled with
the SDK and having some security weaknesses correctly runs on target but
crashes once integrated to the core image built with the full Yocto
stack.

Signed-off-by: Antoine Manache 
---
 meta/conf/distro/include/security_flags.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/conf/distro/include/security_flags.inc
b/meta/conf/distro/include/security_flags.inc
index 620978a8ed..329482bfa3 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -56,7 +56,9 @@ SECURITY_STRINGFORMAT_pn-busybox = ""
 SECURITY_STRINGFORMAT_pn-gcc = ""

 TARGET_CC_ARCH_append_class-target = " ${SECURITY_CFLAGS}"
+TARGET_CC_ARCH_append_class-cross-canadian = " ${SECURITY_CFLAGS}"
 TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
+TARGET_LDFLAGS_append_class-cross-canadian = " ${SECURITY_LDFLAGS}"

 SECURITY_STACK_PROTECTOR_pn-gcc-runtime = ""
 SECURITY_STACK_PROTECTOR_pn-glibc = ""

--
2.11.0

Le mar. 24 mars 2020 à 18:03, Tom Hochstein  a
écrit :

> The security flags were missing from the SDK toolchain
> because they were added specifically to class-target.
> Add them to class-cross-canadian as well.
>
> Signed-off-by: Tom Hochstein 
> ---
>  meta/conf/distro/include/security_flags.inc | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/meta/conf/distro/include/security_flags.inc
> b/meta/conf/distro/include/security_flags.inc
> index aaf04e9e59..568d03693c 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -57,6 +57,8 @@ SECURITY_STRINGFORMAT_pn-gcc = ""
>
>  TARGET_CC_ARCH_append_class-target = " ${SECURITY_CFLAGS}"
>  TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
> +TARGET_CC_ARCH_append_class-cross-canadian = " ${SECURITY_CFLAGS}"
> +TARGET_LDFLAGS_append_class-cross-canadian = " ${SECURITY_LDFLAGS}"
>
>  SECURITY_STACK_PROTECTOR_pn-gcc-runtime = ""
>  SECURITY_STACK_PROTECTOR_pn-glibc = ""
> --
> 2.17.1
>
> 
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#136658): 
https://lists.openembedded.org/g/openembedded-core/message/136658
Mute This Topic: https://lists.openembedded.org/mt/72521987/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] sdk: backport of ba2df1f on thud ?

2019-11-24 Thread Antoine Manache

Hi all,

Is it already planned to backport this fix to the thud branch ?
ba2df1fa43b79c4959911c1b0bcad996f255b7a8


I see it is OK in Yocto 3.0 but not in 2.6.4, and I have an issue with my
eSDK install on a DISTRO configured with TCLIBC musl.

Thanks
Antoine
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH v2] sdk: environment script doesn't set security options in CC and LDFLAGS variables

2019-11-20 Thread Antoine Manache

When building a SDK from a DISTRO with security flags enabled, options
added to
CC and LDFLAGS are not replicated in the SDK environment script.
This could lead to some situations where an application compiled with
the SDK and having some security weaknesses correctly runs on target but
crashes once integrated to the core image built with the full Yocto
stack.

Signed-off-by: Antoine Manache 
---
 meta/conf/distro/include/security_flags.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/conf/distro/include/security_flags.inc
b/meta/conf/distro/include/security_flags.inc
index 620978a8ed..329482bfa3 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -56,7 +56,9 @@ SECURITY_STRINGFORMAT_pn-busybox = ""
 SECURITY_STRINGFORMAT_pn-gcc = ""

 TARGET_CC_ARCH_append_class-target = " ${SECURITY_CFLAGS}"
+TARGET_CC_ARCH_append_class-cross-canadian = " ${SECURITY_CFLAGS}"
 TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
+TARGET_LDFLAGS_append_class-cross-canadian = " ${SECURITY_LDFLAGS}"

 SECURITY_STACK_PROTECTOR_pn-gcc-runtime = ""
 SECURITY_STACK_PROTECTOR_pn-glibc = ""

--
2.11.0
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [yocto] [PATCH] SDK environment script doesn't set security options in CC and LDFLAGS variables

2019-11-20 Thread Antoine Manache

When building a SDK from a DISTRO with security flags enabled, options
added to
CC and LDFLAGS are not replicated in the SDK environment script.
This could lead to some situations where an application compiled with
the SDK and having some security weaknesses correctly runs on target but
crashes once integrated to the core image built with the full Yocto
stack.

Signed-off-by: Antoine Manache 
---
 meta/conf/distro/include/security_flags.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/conf/distro/include/security_flags.inc
b/meta/conf/distro/include/security_flags.inc
index 620978a8ed..329482bfa3 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -56,7 +56,9 @@ SECURITY_STRINGFORMAT_pn-busybox = ""
 SECURITY_STRINGFORMAT_pn-gcc = ""

 TARGET_CC_ARCH_append_class-target = " ${SECURITY_CFLAGS}"
+TARGET_CC_ARCH_append_class-cross-canadian = " ${SECURITY_CFLAGS}"
 TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
+TARGET_LDFLAGS_append_class-cross-canadian = " ${SECURITY_LDFLAGS}"

 SECURITY_STACK_PROTECTOR_pn-gcc-runtime = ""
 SECURITY_STACK_PROTECTOR_pn-glibc = ""

--
2.11.0
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core][PATCH] security_flags.inc: fix flags missing from SDK toolchain

Re: [OE-core][PATCH] security_flags.inc: fix flags missing from SDK toolchain

[OE-core] sdk: backport of ba2df1f on thud ?

[OE-core] [PATCH v2] sdk: environment script doesn't set security options in CC and LDFLAGS variables

[OE-core] [yocto] [PATCH] SDK environment script doesn't set security options in CC and LDFLAGS variables

5 matches

Site Navigation

Mail list logo

Footer information