[oe-commits] [openembedded-core] 15/19: tclibc: For newlib and baremetal disable some security features

git at git.openembedded.org git at git.openembedded.org
Tue Sep 11 08:06:22 UTC 2018 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch master
in repository openembedded-core.

commit dfe434b793c156a87b5ead5cb85fe60d920d69d3
Author: Nathan Rossi <nathan at nathanrossi.com>
AuthorDate: Mon Sep 10 12:44:13 2018 +0000

    tclibc: For newlib and baremetal disable some security features
    
    With GCCPIE being enabled by default with security_flags.inc the
    compiler will by default attempt to compile and link programs as PIE.
    The targets that use newlib and baremetal in general do not support PIE
    or are otherwise unable to use it due to how embedded targets are
    compiled and executed. As such it makes sense to disable PIE by default
    for these libc's in order to prevent build failures.
    
    For baremetal tclibc there are no libc features or implementation as
    such there is no implementation for the strong stack protector by
    default.
    
    Signed-off-by: Nathan Rossi <nathan at nathanrossi.com>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
---
 meta/conf/distro/include/tclibc-baremetal.inc | 6 ++++++
 meta/conf/distro/include/tclibc-newlib.inc    | 4 ++++
 2 files changed, 10 insertions(+)

diff --git a/meta/conf/distro/include/tclibc-baremetal.inc b/meta/conf/distro/include/tclibc-baremetal.inc
index 1bf44c8..b009179 100644
--- a/meta/conf/distro/include/tclibc-baremetal.inc
+++ b/meta/conf/distro/include/tclibc-baremetal.inc
@@ -28,3 +28,9 @@ TOOLCHAIN_HOST_TASK ?= "packagegroup-cross-canadian-${MACHINE}"
 TOOLCHAIN_HOST_TASK_ATTEMPTONLY ?= ""
 TOOLCHAIN_TARGET_TASK ?= "libgcc-dev"
 TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "virtual/${MLPREFIX}libc zlib ncurses"
+
+# disable stack protector by default (no-libc, no protector implementation)
+SECURITY_STACK_PROTECTOR_libc-baremetal = ""
+# disable pie security flags by default
+SECURITY_CFLAGS_libc-baremetal = "${SECURITY_NOPIE_CFLAGS}"
+SECURITY_LDFLAGS_libc-baremetal = ""
diff --git a/meta/conf/distro/include/tclibc-newlib.inc b/meta/conf/distro/include/tclibc-newlib.inc
index dc631d8..896c0b1 100644
--- a/meta/conf/distro/include/tclibc-newlib.inc
+++ b/meta/conf/distro/include/tclibc-newlib.inc
@@ -42,3 +42,7 @@ TARGET_OS_arm = "eabi"
 TOOLCHAIN_HOST_TASK ?= "packagegroup-cross-canadian-${MACHINE}"
 TOOLCHAIN_TARGET_TASK ?= "${LIBC_DEPENDENCIES}"
 TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "zlib ncurses"
+
+# disable pie security flags by default
+SECURITY_CFLAGS_libc-newlib = "${SECURITY_NOPIE_CFLAGS}"
+SECURITY_LDFLAGS_libc-newlib = ""

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list