Re: [systemd-devel] [PATCH] build: Honour SUID_CFLAGS and SUID_LDFLAGS
the main question is *why* is it systemd's business? that flags are generelly set at the distribution level and in case of Fedora they can differ between archs because each arch has it's own %{optflags} the whole mess exists because upstream projects don't leave their fingers from that flags at all Am 02.07.2014 13:52, schrieb Umut Tezduyar Lindskog: > I am agreeing with Simon. We use mips and we see the mentioned > impacts. We also see quite size difference (%6 large on systemd-cat > binary text section) which might not be so welcomed on embedded > system. > > Umut > > On Mon, May 19, 2014 at 12:37 PM, Simon McVittie > wrote: >> On 18/05/14 16:47, Cristian Rodríguez wrote: >>> OK, Let's try [building everything -fPIE] instead. >> >> Hopefully things have improved since 2011, but my experience with >> dbus[1] has been that this works fine on mainstream architectures, but >> frequently fails on embedded architectures (arm* family, mips* family, >> etc.) where various toolchain versions have been known to fail to >> compile, fail to link, or worse, link binaries that sometimes or always >> crash at runtime (which is hard to detect in a configure script without >> breaking cross-compilation). >> >> libtool has relatively intelligent handling of the PIE compiler flags, >> so if a distro wants to enable -fPIE (or other hardening options like >> -Wl,-z,relro) it's easy for that distro to enable PIE by passing >> appropriate CPPFLAGS, CFLAGS, LDFLAGS, etc. to the configure script, >> which works for any libtool + Autoconf + Automake project without >> modification: >> >> ./configure CFLAGS=-fPIE LDFLAGS=-pie >> >> In distributions where not all architectures have the same level of >> upstream toolchain support, centralizing the decision about compiler >> flags to one place (e.g. dpkg-buildflags, and previously >> hardening-wrapper, in Debian) means it's possible to avoid broken flag >> combinations per-architecture, without having to encode that knowledge >> into each package. signature.asc Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] build: Honour SUID_CFLAGS and SUID_LDFLAGS
Hi, I am agreeing with Simon. We use mips and we see the mentioned impacts. We also see quite size difference (%6 large on systemd-cat binary text section) which might not be so welcomed on embedded system. Umut On Mon, May 19, 2014 at 12:37 PM, Simon McVittie wrote: > On 18/05/14 16:47, Cristian Rodríguez wrote: >> OK, Let's try [building everything -fPIE] instead. > > Hopefully things have improved since 2011, but my experience with > dbus[1] has been that this works fine on mainstream architectures, but > frequently fails on embedded architectures (arm* family, mips* family, > etc.) where various toolchain versions have been known to fail to > compile, fail to link, or worse, link binaries that sometimes or always > crash at runtime (which is hard to detect in a configure script without > breaking cross-compilation). > > libtool has relatively intelligent handling of the PIE compiler flags, > so if a distro wants to enable -fPIE (or other hardening options like > -Wl,-z,relro) it's easy for that distro to enable PIE by passing > appropriate CPPFLAGS, CFLAGS, LDFLAGS, etc. to the configure script, > which works for any libtool + Autoconf + Automake project without > modification: > > ./configure CFLAGS=-fPIE LDFLAGS=-pie > > In distributions where not all architectures have the same level of > upstream toolchain support, centralizing the decision about compiler > flags to one place (e.g. dpkg-buildflags, and previously > hardening-wrapper, in Debian) means it's possible to avoid broken flag > combinations per-architecture, without having to encode that knowledge > into each package. > > S > > [1] https://bugs.freedesktop.org/show_bug.cgi?id=16621 > and more specifically > https://bugs.freedesktop.org/show_bug.cgi?id=16621#c9 > > ___ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] build: Honour SUID_CFLAGS and SUID_LDFLAGS
On 18/05/14 16:47, Cristian Rodríguez wrote: > OK, Let's try [building everything -fPIE] instead. Hopefully things have improved since 2011, but my experience with dbus[1] has been that this works fine on mainstream architectures, but frequently fails on embedded architectures (arm* family, mips* family, etc.) where various toolchain versions have been known to fail to compile, fail to link, or worse, link binaries that sometimes or always crash at runtime (which is hard to detect in a configure script without breaking cross-compilation). libtool has relatively intelligent handling of the PIE compiler flags, so if a distro wants to enable -fPIE (or other hardening options like -Wl,-z,relro) it's easy for that distro to enable PIE by passing appropriate CPPFLAGS, CFLAGS, LDFLAGS, etc. to the configure script, which works for any libtool + Autoconf + Automake project without modification: ./configure CFLAGS=-fPIE LDFLAGS=-pie In distributions where not all architectures have the same level of upstream toolchain support, centralizing the decision about compiler flags to one place (e.g. dpkg-buildflags, and previously hardening-wrapper, in Debian) means it's possible to avoid broken flag combinations per-architecture, without having to encode that knowledge into each package. S [1] https://bugs.freedesktop.org/show_bug.cgi?id=16621 and more specifically https://bugs.freedesktop.org/show_bug.cgi?id=16621#c9 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] build: Honour SUID_CFLAGS and SUID_LDFLAGS
On Sun, 18.05.14 11:47, Cristian Rodríguez (crrodrig...@opensuse.org) wrote: > OK, Let's try the attached patch instead. Thanks, applied! Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] build: Honour SUID_CFLAGS and SUID_LDFLAGS
El 18/05/14 06:47, Lennart Poettering escribió: > On Sat, 17.05.14 12:39, Cristian Rodríguez (crrodrig...@opensuse.org) wrote: > >> This is the standard* way used to pass special linker/compiler >> flags such as -fPIE and -pie >> >> * "Standard" in the sense it is understood by many other >> packages and commonly used by distributions. > > I really don't get this. Why would we build our binaries with two > different sets of options? I mean, our stuff is generally not too > performance critical, there are no CPU bound inner loops, hence which > compiler options to you have in mind that we shouldn't apply to all our > binaries anyway? What should be good for the "secure" binaries, that > shouldn't be good enough for the others too? > > Lennart > OK, Let's try the attached patch instead. -- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." >From 5a65cf524208642565df6ca65738825dc380d1be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Sun, 18 May 2014 11:46:42 -0400 Subject: [PATCH] build: Compile everything with PIE --- configure.ac | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configure.ac b/configure.ac index 30ef33d..469fc2d 100644 --- a/configure.ac +++ b/configure.ac @@ -176,6 +176,7 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ -fdata-sections \ -fstack-protector \ -fstack-protector-strong \ +-fPIE \ --param=ssp-buffer-size=4]) AS_CASE([$CFLAGS], [*-O[[12345\ ]]*], [CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ @@ -195,6 +196,7 @@ CC_CHECK_FLAGS_APPEND([with_ldflags], [LDFLAGS], [\ -Wl,--gc-sections \ -Wl,-z,relro \ -Wl,-z,now \ +-pie \ -Wl,-fuse-ld=gold]) AC_SUBST([OUR_LDFLAGS], "$with_ldflags $sanitizer_ldflags") -- 1.8.4.5 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] build: Honour SUID_CFLAGS and SUID_LDFLAGS
On Sat, 17.05.14 12:39, Cristian Rodríguez (crrodrig...@opensuse.org) wrote: > This is the standard* way used to pass special linker/compiler > flags such as -fPIE and -pie > > * "Standard" in the sense it is understood by many other > packages and commonly used by distributions. I really don't get this. Why would we build our binaries with two different sets of options? I mean, our stuff is generally not too performance critical, there are no CPU bound inner loops, hence which compiler options to you have in mind that we shouldn't apply to all our binaries anyway? What should be good for the "secure" binaries, that shouldn't be good enough for the others too? Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] build: Honour SUID_CFLAGS and SUID_LDFLAGS
Am 17.05.2014 22:02, schrieb Cristian Rodríguez: > El 17/05/14 14:56, Dave Reisner escribió: >> On Sat, May 17, 2014 at 12:39:47PM -0400, Cristian Rodríguez >> wrote: >>> This is the standard* way used to pass special linker/compiler >>> flags such as -fPIE and -pie >>> >>> * "Standard" in the sense it is understood by many other packages >>> and commonly used by distributions. >> >> This doesn't really make sense to me. I infer from the names of >> the variables that these are flags passed to the compiler for >> binaries which will eventually be setuid root. > > That was the initial purpose of this variable, yes. Currently is just > to provide a separate variable for hardened builds. > > Note that I did not came up with this idea, It is just the way things > are done elsewhere, where elsewhere is util-linux, policykit, various > gnome components,enlightment,samba etc.. IMHO these days *anything* should be build as PIE the performance impact on x86_64 is low to zero signature.asc Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] build: Honour SUID_CFLAGS and SUID_LDFLAGS
On Sat, May 17, 2014 at 4:02 PM, Cristian Rodríguez wrote: > El 17/05/14 14:56, Dave Reisner escribió: >> On Sat, May 17, 2014 at 12:39:47PM -0400, Cristian Rodríguez >> wrote: >>> This is the standard* way used to pass special linker/compiler >>> flags such as -fPIE and -pie >>> >>> * "Standard" in the sense it is understood by many other packages >>> and commonly used by distributions. >> >> This doesn't really make sense to me. I infer from the names of >> the variables that these are flags passed to the compiler for >> binaries which will eventually be setuid root. > > That was the initial purpose of this variable, yes. Currently is just > to provide a separate variable for hardened builds. > > Note that I did not came up with this idea, It is just the way things > are done elsewhere, where elsewhere is util-linux, policykit, various > gnome components,enlightment,samba etc.. > Looking through the source of a few of these packages: util-linux-2.24.1: SUID_CFLAGS is utilized in Makefile.am for specific binaries. polkit-0.112: SUID_CFLAGS is utilized in Makefile.am for specific binaries. samba-3.6.19: SUID_CFLAGS does not appear in the source tarball. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] build: Honour SUID_CFLAGS and SUID_LDFLAGS
El 17/05/14 14:56, Dave Reisner escribió: > On Sat, May 17, 2014 at 12:39:47PM -0400, Cristian Rodríguez > wrote: >> This is the standard* way used to pass special linker/compiler >> flags such as -fPIE and -pie >> >> * "Standard" in the sense it is understood by many other packages >> and commonly used by distributions. > > This doesn't really make sense to me. I infer from the names of > the variables that these are flags passed to the compiler for > binaries which will eventually be setuid root. That was the initial purpose of this variable, yes. Currently is just to provide a separate variable for hardened builds. Note that I did not came up with this idea, It is just the way things are done elsewhere, where elsewhere is util-linux, policykit, various gnome components,enlightment,samba etc.. -- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] build: Honour SUID_CFLAGS and SUID_LDFLAGS
On Sat, May 17, 2014 at 12:39:47PM -0400, Cristian Rodríguez wrote: > This is the standard* way used to pass special linker/compiler > flags such as -fPIE and -pie > > * "Standard" in the sense it is understood by many other > packages and commonly used by distributions. This doesn't really make sense to me. I infer from the names of the variables that these are flags passed to the compiler for binaries which will eventually be setuid root. Why then, are you adding them to the global flags, particularly when systemd doesn't even build any SUID binaries? If you want to compile everything with -fPIE and -pie, why not just append these to your flags locally in the build script? > --- > configure.ac | 7 +-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/configure.ac b/configure.ac > index 30ef33d..c798674 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -48,6 +48,9 @@ LT_INIT([disable-static]) > AS_IF([test "x$enable_static" = "xyes"], [AC_MSG_ERROR([--enable-static is > not supported by systemd])]) > AS_IF([test "x$enable_largefile" = "xno"], > [AC_MSG_ERROR([--disable-largefile is not supported by systemd])]) > > +AC_ARG_VAR([SUID_CFLAGS], [CFLAGS used for binaries which are usually with > the suid bit]) > +AC_ARG_VAR([SUID_LDFLAGS], [LDFLAGS used for binaries which are usually with > the suid bit]) > + > # i18n stuff for the PolicyKit policy files > IT_PROG_INTLTOOL([0.40.0]) > > @@ -181,7 +184,7 @@ AS_CASE([$CFLAGS], [*-O[[12345\ ]]*], > [CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ > -flto])], > [AC_MSG_RESULT([skipping -flto, optimization not enabled])]) > -AC_SUBST([OUR_CFLAGS], "$with_cflags $sanitizer_cflags") > +AC_SUBST([OUR_CFLAGS], "$SUID_CFLAGS $with_cflags $sanitizer_cflags") > > AS_CASE([$CFLAGS], [*-O[[12345\ ]]*], > [CC_CHECK_FLAGS_APPEND([with_cppflags], [CPPFLAGS], [\ > @@ -196,7 +199,7 @@ CC_CHECK_FLAGS_APPEND([with_ldflags], [LDFLAGS], [\ > -Wl,-z,relro \ > -Wl,-z,now \ > -Wl,-fuse-ld=gold]) > -AC_SUBST([OUR_LDFLAGS], "$with_ldflags $sanitizer_ldflags") > +AC_SUBST([OUR_LDFLAGS], "$SUID_LDFLAGS $with_ldflags $sanitizer_ldflags") > > AC_CHECK_SIZEOF(pid_t) > AC_CHECK_SIZEOF(uid_t) > -- > 1.8.4.5 > > ___ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] build: Honour SUID_CFLAGS and SUID_LDFLAGS
This is the standard* way used to pass special linker/compiler flags such as -fPIE and -pie * "Standard" in the sense it is understood by many other packages and commonly used by distributions. --- configure.ac | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 30ef33d..c798674 100644 --- a/configure.ac +++ b/configure.ac @@ -48,6 +48,9 @@ LT_INIT([disable-static]) AS_IF([test "x$enable_static" = "xyes"], [AC_MSG_ERROR([--enable-static is not supported by systemd])]) AS_IF([test "x$enable_largefile" = "xno"], [AC_MSG_ERROR([--disable-largefile is not supported by systemd])]) +AC_ARG_VAR([SUID_CFLAGS], [CFLAGS used for binaries which are usually with the suid bit]) +AC_ARG_VAR([SUID_LDFLAGS], [LDFLAGS used for binaries which are usually with the suid bit]) + # i18n stuff for the PolicyKit policy files IT_PROG_INTLTOOL([0.40.0]) @@ -181,7 +184,7 @@ AS_CASE([$CFLAGS], [*-O[[12345\ ]]*], [CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ -flto])], [AC_MSG_RESULT([skipping -flto, optimization not enabled])]) -AC_SUBST([OUR_CFLAGS], "$with_cflags $sanitizer_cflags") +AC_SUBST([OUR_CFLAGS], "$SUID_CFLAGS $with_cflags $sanitizer_cflags") AS_CASE([$CFLAGS], [*-O[[12345\ ]]*], [CC_CHECK_FLAGS_APPEND([with_cppflags], [CPPFLAGS], [\ @@ -196,7 +199,7 @@ CC_CHECK_FLAGS_APPEND([with_ldflags], [LDFLAGS], [\ -Wl,-z,relro \ -Wl,-z,now \ -Wl,-fuse-ld=gold]) -AC_SUBST([OUR_LDFLAGS], "$with_ldflags $sanitizer_ldflags") +AC_SUBST([OUR_LDFLAGS], "$SUID_LDFLAGS $with_ldflags $sanitizer_ldflags") AC_CHECK_SIZEOF(pid_t) AC_CHECK_SIZEOF(uid_t) -- 1.8.4.5 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel