From 93e7fc3e53bff9db971f3ae951d93d3bd1a39d1e Mon Sep 17 00:00:00 2001 From: "Yann E. MORIN" Date: Mon, 7 Nov 2022 22:49:03 +0100 Subject: [PATCH] toolchain: make paranoid check of library/header paths unconditional When we introduced support for the paranoid check of unsafe libraries and headers path with commit 4ac8f78d3771 (Add option for paranoid unsafe path checking) back in 2014, we made it optional, as we expected that would break quite a few packages. Now, almost 8 years later, we only have three packages that explicitly reference the option (dillo, gnuradio, and libtalloc), either in a patch or in their .mk. The option has been enabled by default since 2016, with 61c8854cef2a (toolchain: enable paranoid unsafe path check by default), and that has not triggered many build failures in a while. The minimal defconfig used by test-pkg has also had it enabled as of b6c98b3549d8 (minimal.config: add BR2_COMPILER_PARANOID_UNSAFE_PATH=y) in 2017. It is time to make that globally unconditional now. There is still a remnant, in our binutils patches. As our toolchain may get used outside of Buildroot, people may got the expectation that path poisoning is only a warning, so we keep the current behaviour. Signed-off-by: Yann E. MORIN Cc: Thomas Petazzoni Cc: Romain Naour Acked-by: Thomas Petazzoni Signed-off-by: Yann E. MORIN --- Config.in | 18 ------------------ package/Makefile.in | 3 +-- support/config-fragments/minimal.config | 1 - toolchain/toolchain-wrapper.c | 21 ++++----------------- 4 files changed, 5 insertions(+), 38 deletions(-) diff --git a/Config.in b/Config.in index 86699f58c6..0d7641633c 100644 --- a/Config.in +++ b/Config.in @@ -685,24 +685,6 @@ config BR2_GLOBAL_PATCH_DIR menu "Advanced" -config BR2_COMPILER_PARANOID_UNSAFE_PATH - bool "paranoid check of library/header paths" - default y - help - By default, when this option is disabled, when the Buildroot - cross-compiler will encounter an unsafe library or header path - (such as /usr/include, or /usr/lib), the compiler will display - a warning. - - By enabling this option, this warning is turned into an error, - which will completely abort the build when such unsafe paths - are encountered. - - Note that this mechanism is available for both the internal - toolchain (through the toolchain wrapper and binutils patches) - and external toolchain backends (through the toolchain - wrapper). - config BR2_FORCE_HOST_BUILD bool "Force the building of host dependencies" help diff --git a/package/Makefile.in b/package/Makefile.in index 7f1b00ba24..d70aded82b 100644 --- a/package/Makefile.in +++ b/package/Makefile.in @@ -426,9 +426,8 @@ else ifeq ($(BR2_SHARED_STATIC_LIBS),y) SHARED_STATIC_LIBS_OPTS = --enable-static --enable-shared endif -ifeq ($(BR2_COMPILER_PARANOID_UNSAFE_PATH),y) +# Used by our binutils patches. export BR_COMPILER_PARANOID_UNSAFE_PATH=enabled -endif include package/pkg-download.mk include package/pkg-autotools.mk diff --git a/support/config-fragments/minimal.config b/support/config-fragments/minimal.config index 71344e2c69..3430fcce11 100644 --- a/support/config-fragments/minimal.config +++ b/support/config-fragments/minimal.config @@ -4,5 +4,4 @@ BR2_INIT_NONE=y BR2_SYSTEM_BIN_SH_NONE=y # BR2_PACKAGE_BUSYBOX is not set # BR2_TARGET_ROOTFS_TAR is not set -BR2_COMPILER_PARANOID_UNSAFE_PATH=y BR2_PACKAGE_BUSYBOX_SHOW_OTHERS=y diff --git a/toolchain/toolchain-wrapper.c b/toolchain/toolchain-wrapper.c index 37b24dd24a..4c08e97237 100644 --- a/toolchain/toolchain-wrapper.c +++ b/toolchain/toolchain-wrapper.c @@ -154,12 +154,9 @@ static const struct str_len_s unsafe_opts[] = { * or separated (e.g. -I /foo/bar). In the first case, we need only print * the argument as it already contains the path (arg_has_path), while in * the second case we need to print both (!arg_has_path). - * - * If paranoid, exit in error instead of just printing a warning. */ static void check_unsafe_path(const char *arg, const char *path, - int paranoid, int arg_has_path) { const struct str_len_s *p; @@ -168,14 +165,12 @@ static void check_unsafe_path(const char *arg, if (strncmp(path, p->str, p->len)) continue; fprintf(stderr, - "%s: %s: unsafe header/library path used in cross-compilation: '%s%s%s'\n", + "%s: ERROR: unsafe header/library path used in cross-compilation: '%s%s%s'\n", program_invocation_short_name, - paranoid ? "ERROR" : "WARNING", arg, arg_has_path ? "" : "' '", /* close single-quote, space, open single-quote */ arg_has_path ? "" : path); /* so that arg and path are properly quoted. */ - if (paranoid) - exit(1); + exit(1); } } @@ -250,8 +245,6 @@ int main(int argc, char **argv) char *progpath = argv[0]; char *basename; char *env_debug; - char *paranoid_wrapper; - int paranoid; int ret, i, count = 0, debug = 0, found_shared = 0; /* Debug the wrapper to see arguments it was called with. @@ -470,12 +463,6 @@ int main(int argc, char **argv) #endif } - paranoid_wrapper = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH"); - if (paranoid_wrapper && strlen(paranoid_wrapper) > 0) - paranoid = 1; - else - paranoid = 0; - /* Check for unsafe library and header paths */ for (i = 1; i < argc; i++) { const struct str_len_s *opt; @@ -492,9 +479,9 @@ int main(int argc, char **argv) i++; if (i == argc) break; - check_unsafe_path(argv[i-1], argv[i], paranoid, 0); + check_unsafe_path(argv[i-1], argv[i], 0); } else - check_unsafe_path(argv[i], argv[i] + opt->len, paranoid, 1); + check_unsafe_path(argv[i], argv[i] + opt->len, 1); } }