Re: [OpenWrt-Devel] More bad RPATH
Hi Etienne, so we should keep rpaths below /usr/lib/ or /lib/ and remove everything else including exactly /usr/lib and /lib (with or without trailing /) ? ~ Jow signature.asc Description: OpenPGP digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] More bad RPATH
Hi jow, 2015-02-10 11:20 GMT+01:00 Jo-Philipp Wich j...@openwrt.org: Hi Etienne, so we should keep rpaths below /usr/lib/ or /lib/ and remove everything else including exactly /usr/lib and /lib (with or without trailing /) ? ~ Jow I think so yes, i'm in favor of white list approach here. we may also allow $ORIGIN/* (no package seems to use it but why not) According to my extract (rpath.txt)(all ar71xx packages minus ~20), we are not breaking any package for now. (or maybe just kamailo, which use ///usr/lib/kamailio/) see also https://wiki.debian.org/RpathIssue#Debian.27s_Stance Etienne ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] More bad RPATH
Hi Etienne, please test after fresh build with these two patches applied: http://luci.subsignal.org/~jow/rpath/ My first thought was to fixup libtool to not spray rpaths all over the place but since replacing every libtool in every package seems futile the next best place to do so would be the rstrip.sh script which already prepares all executables and shared objects for packaging. The series above packages patchelf as host utility and uses it to strip rpaths which are either within $TOPDIR or exactly /lib or /usr/lib (standard library search path). We can extend this as needed to exclude other dangerous paths like /tmp, /var or /mnt... ~ Jow signature.asc Description: OpenPGP digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] More bad RPATH
On 09/02/2015 14:07, Etienne Champetier wrote: Hi 2015-02-09 14:01 GMT+01:00 John Crispin blo...@openwrt.org mailto:blo...@openwrt.org: On 09/02/2015 13:57, Etienne Champetier wrote: Hi all, To follow r44328 (https://dev.openwrt.org/browser/trunk?rev=44328) (jow fix for cmake RPATH) I've launched a full build of ar71xx to check all bin/lib for bad RPATH # cd ./staging_dir/target-mips_34kc_uClibc-0.9.33.2/root-ar71xx # find . -type f | xargs -n1 -P24 file | grep ': ELF' | awk -F':' '{print $1}' | xargs -n1 ./checksec.sh --file | grep -v 'STACK CANARY' checksec.txt # awk '{print $NF}' checksec.txt lib.txt # awk '{print $NF}' checksec.txt | xargs -n1 readelf -a | grep RPATH | awk -F'[' '{print [$2}' rpath.txt you can merge libs.txt and rpath.txt with # paste lib.txt rpath.txt I will try to fix later Also i think we should have a test that fail the build if there is builroot path in the RPATH Regards Etienne can you build a script to turns this into a list of package names that are effected ? I'll try, but not before tonight $root/var/lib/opkg/* has files that will help you map the file-ipkg/package John ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel