From a9652a60af6254d07066f08377415f05e3a9462e Mon Sep 17 00:00:00 2001 From: Romain Naour Date: Fri, 25 Dec 2015 11:45:38 +0100 Subject: [PATCH] poison-system-directories Patch adapted to binutils 2.23.2 and extended to use BR_COMPILER_PARANOID_UNSAFE_PATH by Thomas Petazzoni. [Romain: rebase on top of 2.33.1] Signed-off-by: Romain Naour [Gustavo: adapt to binutils 2.25] Signed-off-by: Thomas Petazzoni Signed-off-by: Gustavo Zacarias Upstream-Status: Inappropriate [distribution: codesourcery] Patch originally created by Mark Hatle, forward-ported to binutils 2.21 by Scott Garman. purpose: warn for uses of system directories when cross linking Code Merged from Sourcery G++ binutils 2.19 - 4.4-277 2008-07-02 Joseph Myers ld/ * ld.h (args_type): Add error_poison_system_directories. * ld.texinfo (--error-poison-system-directories): Document. * ldfile.c (ldfile_add_library_path): Check command_line.error_poison_system_directories. * ldmain.c (main): Initialize command_line.error_poison_system_directories. * lexsup.c (enum option_values): Add OPTION_ERROR_POISON_SYSTEM_DIRECTORIES. (ld_options): Add --error-poison-system-directories. (parse_args): Handle new option. 2007-06-13 Joseph Myers ld/ * config.in: Regenerate. * ld.h (args_type): Add poison_system_directories. * ld.texinfo (--no-poison-system-directories): Document. * ldfile.c (ldfile_add_library_path): Check command_line.poison_system_directories. * ldmain.c (main): Initialize command_line.poison_system_directories. * lexsup.c (enum option_values): Add OPTION_NO_POISON_SYSTEM_DIRECTORIES. (ld_options): Add --no-poison-system-directories. (parse_args): Handle new option. 2007-04-20 Joseph Myers Merge from Sourcery G++ binutils 2.17: 2007-03-20 Joseph Myers Based on patch by Mark Hatle . ld/ * configure.ac (--enable-poison-system-directories): New option. * configure, config.in: Regenerate. * ldfile.c (ldfile_add_library_path): If ENABLE_POISON_SYSTEM_DIRECTORIES defined, warn for use of /lib, /usr/lib, /usr/local/lib or /usr/X11R6/lib. Signed-off-by: Mark Hatle Signed-off-by: Scott Garman --- ld/config.in | 3 +++ ld/configure | 14 ++++++++++++++ ld/configure.ac | 10 ++++++++++ ld/ld.h | 8 ++++++++ ld/ld.texi | 12 ++++++++++++ ld/ldfile.c | 17 +++++++++++++++++ ld/ldlex.h | 2 ++ ld/ldmain.c | 2 ++ ld/lexsup.c | 21 +++++++++++++++++++++ 9 files changed, 89 insertions(+) diff --git a/ld/config.in b/ld/config.in index 7b60d778587..37b8e9b6f6c 100644 --- a/ld/config.in +++ b/ld/config.in @@ -40,6 +40,9 @@ language is requested. */ #undef ENABLE_NLS +/* Define to warn for use of native system library directories */ +#undef ENABLE_POISON_SYSTEM_DIRECTORIES + /* Additional extension a shared object might have. */ #undef EXTRA_SHLIB_EXTENSION diff --git a/ld/configure b/ld/configure index a8d248eab58..f52e1f3c18f 100755 --- a/ld/configure +++ b/ld/configure @@ -828,6 +828,7 @@ with_lib_path enable_targets enable_64_bit_bfd with_sysroot +enable_poison_system_directories enable_gold enable_got enable_compressed_debug_sections @@ -1496,6 +1497,8 @@ Optional Features: --disable-largefile omit support for large files --enable-targets alternative target configurations --enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes) + --enable-poison-system-directories + warn for use of native system library directories --enable-gold[=ARG] build gold [ARG={default,yes,no}] --enable-got= GOT handling scheme (target, single, negative, multigot) @@ -15841,7 +15844,18 @@ else fi +# Check whether --enable-poison-system-directories was given. +if test "${enable_poison_system_directories+set}" = set; then : + enableval=$enable_poison_system_directories; +else + enable_poison_system_directories=no +fi + +if test "x${enable_poison_system_directories}" = "xyes"; then +$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h + +fi # Check whether --enable-got was given. if test "${enable_got+set}" = set; then : diff --git a/ld/configure.ac b/ld/configure.ac index c9c69ab9245..59dab0a6ac4 100644 --- a/ld/configure.ac +++ b/ld/configure.ac @@ -94,6 +94,16 @@ AC_SUBST(use_sysroot) AC_SUBST(TARGET_SYSTEM_ROOT) AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE) +AC_ARG_ENABLE([poison-system-directories], + AS_HELP_STRING([--enable-poison-system-directories], + [warn for use of native system library directories]),, + [enable_poison_system_directories=no]) +if test "x${enable_poison_system_directories}" = "xyes"; then + AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES], + [1], + [Define to warn for use of native system library directories]) +fi + dnl Use --enable-gold to decide if this linker should be the default. dnl "install_as_default" is set to false if gold is the default linker. dnl "installed_linker" is the installed BFD linker name. diff --git a/ld/ld.h b/ld/ld.h index 93f5af92c7d..ff7f71a7b66 100644 --- a/ld/ld.h +++ b/ld/ld.h @@ -166,6 +166,14 @@ typedef struct in the linker script. */ bfd_boolean force_group_allocation; + /* If TRUE (the default) warn for uses of system directories when + cross linking. */ + bfd_boolean poison_system_directories; + + /* If TRUE (default FALSE) give an error for uses of system + directories when cross linking instead of a warning. */ + bfd_boolean error_poison_system_directories; + /* Big or little endian as set on command line. */ enum endian_enum endian; diff --git a/ld/ld.texi b/ld/ld.texi index 7a602b9c6ab..cccbfbab3bb 100644 --- a/ld/ld.texi +++ b/ld/ld.texi @@ -2810,6 +2810,18 @@ string identifying the original linked file does not change. Passing @code{none} for @var{style} disables the setting from any @code{--build-id} options earlier on the command line. + +@kindex --no-poison-system-directories +@item --no-poison-system-directories +Do not warn for @option{-L} options using system directories such as +@file{/usr/lib} when cross linking. This option is intended for use +in chroot environments when such directories contain the correct +libraries for the target system rather than the host. + +@kindex --error-poison-system-directories +@item --error-poison-system-directories +Give an error instead of a warning for @option{-L} options using +system directories when cross linking. @end table @c man end diff --git a/ld/ldfile.c b/ld/ldfile.c index 81cb86d51e2..cd5c2752679 100644 --- a/ld/ldfile.c +++ b/ld/ldfile.c @@ -117,6 +117,23 @@ ldfile_add_library_path (const char *name, bfd_boolean cmdline) new_dirs->name = concat (ld_sysroot, name + strlen ("$SYSROOT"), (const char *) NULL); else new_dirs->name = xstrdup (name); + +#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES + if (command_line.poison_system_directories + && ((!strncmp (name, "/lib", 4)) + || (!strncmp (name, "/usr/lib", 8)) + || (!strncmp (name, "/usr/local/lib", 14)) + || (!strncmp (name, "/usr/X11R6/lib", 14)))) + { + if (command_line.error_poison_system_directories) + einfo (_("%X%P: error: library search path \"%s\" is unsafe for " + "cross-compilation\n"), name); + else + einfo (_("%P: warning: library search path \"%s\" is unsafe for " + "cross-compilation\n"), name); + } +#endif + } /* Try to open a BFD for a lang_input_statement. */ diff --git a/ld/ldlex.h b/ld/ldlex.h index b0101028321..77f5accb5d9 100644 --- a/ld/ldlex.h +++ b/ld/ldlex.h @@ -161,6 +161,8 @@ enum option_values OPTION_CTF_VARIABLES, OPTION_NO_CTF_VARIABLES, OPTION_CTF_SHARE_TYPES, + OPTION_NO_POISON_SYSTEM_DIRECTORIES, + OPTION_ERROR_POISON_SYSTEM_DIRECTORIES, }; /* The initial parser states. */ diff --git a/ld/ldmain.c b/ld/ldmain.c index 863df0293ea..f06f2546ef5 100644 --- a/ld/ldmain.c +++ b/ld/ldmain.c @@ -323,6 +323,8 @@ main (int argc, char **argv) command_line.warn_mismatch = TRUE; command_line.warn_search_mismatch = TRUE; command_line.check_section_addresses = -1; + command_line.poison_system_directories = TRUE; + command_line.error_poison_system_directories = FALSE; /* We initialize DEMANGLING based on the environment variable COLLECT_NO_DEMANGLE. The gcc collect2 program will demangle the diff --git a/ld/lexsup.c b/ld/lexsup.c index f005a58a045..eb383d3755b 100644 --- a/ld/lexsup.c +++ b/ld/lexsup.c @@ -591,6 +591,14 @@ static const struct ld_option ld_options[] = " is: share-unconflicted (default),\n" " share-duplicated"), TWO_DASHES }, + { {"no-poison-system-directories", no_argument, NULL, + OPTION_NO_POISON_SYSTEM_DIRECTORIES}, + '\0', NULL, N_("Do not warn for -L options using system directories"), + TWO_DASHES }, + { {"error-poison-system-directories", no_argument, NULL, + OPTION_ERROR_POISON_SYSTEM_DIRECTORIES}, + '\0', NULL, N_("Give an error for -L options using system directories"), + TWO_DASHES }, }; #define OPTION_COUNT ARRAY_SIZE (ld_options) @@ -603,6 +611,7 @@ parse_args (unsigned argc, char **argv) int ingroup = 0; char *default_dirlist = NULL; char *shortopts; + char *BR_paranoid_env; struct option *longopts; struct option *really_longopts; int last_optind; @@ -1633,6 +1642,14 @@ parse_args (unsigned argc, char **argv) } break; + case OPTION_NO_POISON_SYSTEM_DIRECTORIES: + command_line.poison_system_directories = FALSE; + break; + + case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES: + command_line.error_poison_system_directories = TRUE; + break; + case OPTION_PUSH_STATE: input_flags.pushed = xmemdup (&input_flags, sizeof (input_flags), @@ -1778,6 +1795,10 @@ parse_args (unsigned argc, char **argv) command_line.soname = NULL; } + BR_paranoid_env = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH"); + if (BR_paranoid_env && strlen(BR_paranoid_env) > 0) + command_line.error_poison_system_directories = TRUE; + while (ingroup) { einfo (_("%P: missing --end-group; added as last command line option\n")); -- 2.29.2