Re: [OpenWrt-Devel] More bad RPATH
Hi Etienne, so we should keep rpaths below /usr/lib/ or /lib/ and remove everything else including exactly /usr/lib and /lib (with or without trailing /) ? ~ Jow signature.asc Description: OpenPGP digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] More bad RPATH
Hi jow, 2015-02-10 11:20 GMT+01:00 Jo-Philipp Wich j...@openwrt.org: Hi Etienne, so we should keep rpaths below /usr/lib/ or /lib/ and remove everything else including exactly /usr/lib and /lib (with or without trailing /) ? ~ Jow I think so yes, i'm in favor of white list approach here. we may also allow $ORIGIN/* (no package seems to use it but why not) According to my extract (rpath.txt)(all ar71xx packages minus ~20), we are not breaking any package for now. (or maybe just kamailo, which use ///usr/lib/kamailio/) see also https://wiki.debian.org/RpathIssue#Debian.27s_Stance Etienne ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] More bad RPATH
Hi Etienne, please test after fresh build with these two patches applied: http://luci.subsignal.org/~jow/rpath/ My first thought was to fixup libtool to not spray rpaths all over the place but since replacing every libtool in every package seems futile the next best place to do so would be the rstrip.sh script which already prepares all executables and shared objects for packaging. The series above packages patchelf as host utility and uses it to strip rpaths which are either within $TOPDIR or exactly /lib or /usr/lib (standard library search path). We can extend this as needed to exclude other dangerous paths like /tmp, /var or /mnt... ~ Jow signature.asc Description: OpenPGP digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] More bad RPATH
On 09/02/2015 14:07, Etienne Champetier wrote:
Hi
2015-02-09 14:01 GMT+01:00 John Crispin blo...@openwrt.org
mailto:blo...@openwrt.org:
On 09/02/2015 13:57, Etienne Champetier wrote:
Hi all,
To follow r44328
(https://dev.openwrt.org/browser/trunk?rev=44328) (jow fix for
cmake RPATH) I've launched a full build of ar71xx to check all
bin/lib for bad
RPATH
# cd ./staging_dir/target-mips_34kc_uClibc-0.9.33.2/root-ar71xx #
find . -type f | xargs -n1 -P24 file | grep ': ELF' | awk -F':'
'{print $1}' | xargs -n1 ./checksec.sh --file | grep -v 'STACK
CANARY'
checksec.txt # awk '{print $NF}' checksec.txt lib.txt # awk
'{print $NF}' checksec.txt | xargs -n1 readelf -a | grep RPATH |
awk -F'[' '{print [$2}' rpath.txt
you can merge libs.txt and rpath.txt with # paste lib.txt
rpath.txt
I will try to fix later Also i think we should have a test that
fail the build if there is builroot path in the RPATH
Regards Etienne
can you build a script to turns this into a list of package names
that are effected ?
I'll try, but not before tonight
$root/var/lib/opkg/* has files that will help you map the
file-ipkg/package
John
___ openwrt-devel
mailing list openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
