[OE-core] [PATCH] tclibc: For newlib and baremetal disable some security features
Khem Raj
raj.khem at gmail.com
Mon Sep 10 16:15:48 UTC 2018
On Mon, Sep 10, 2018 at 5:44 AM Nathan Rossi <nathan at nathanrossi.com> wrote:
>
> With GCCPIE being enabled by default with security_flags.inc the
> compiler will by default attempt to compile and link programs as PIE.
> The targets that use newlib and baremetal in general do not support PIE
> or are otherwise unable to use it due to how embedded targets are
> compiled and executed. As such it makes sense to disable PIE by default
> for these libc's in order to prevent build failures.
>
> For baremetal tclibc there are no libc features or implementation as
> such there is no implementation for the strong stack protector by
> default.
>
LGTM.
> Signed-off-by: Nathan Rossi <nathan at nathanrossi.com>
> ---
> meta/conf/distro/include/tclibc-baremetal.inc | 6 ++++++
> meta/conf/distro/include/tclibc-newlib.inc | 4 ++++
> 2 files changed, 10 insertions(+)
>
> diff --git a/meta/conf/distro/include/tclibc-baremetal.inc b/meta/conf/distro/include/tclibc-baremetal.inc
> index 1bf44c8591..b00917913f 100644
> --- a/meta/conf/distro/include/tclibc-baremetal.inc
> +++ b/meta/conf/distro/include/tclibc-baremetal.inc
> @@ -28,3 +28,9 @@ TOOLCHAIN_HOST_TASK ?= "packagegroup-cross-canadian-${MACHINE}"
> TOOLCHAIN_HOST_TASK_ATTEMPTONLY ?= ""
> TOOLCHAIN_TARGET_TASK ?= "libgcc-dev"
> TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "virtual/${MLPREFIX}libc zlib ncurses"
> +
> +# disable stack protector by default (no-libc, no protector implementation)
> +SECURITY_STACK_PROTECTOR_libc-baremetal = ""
> +# disable pie security flags by default
> +SECURITY_CFLAGS_libc-baremetal = "${SECURITY_NOPIE_CFLAGS}"
> +SECURITY_LDFLAGS_libc-baremetal = ""
> diff --git a/meta/conf/distro/include/tclibc-newlib.inc b/meta/conf/distro/include/tclibc-newlib.inc
> index dc631d8ada..896c0b16d7 100644
> --- a/meta/conf/distro/include/tclibc-newlib.inc
> +++ b/meta/conf/distro/include/tclibc-newlib.inc
> @@ -42,3 +42,7 @@ TARGET_OS_arm = "eabi"
> TOOLCHAIN_HOST_TASK ?= "packagegroup-cross-canadian-${MACHINE}"
> TOOLCHAIN_TARGET_TASK ?= "${LIBC_DEPENDENCIES}"
> TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "zlib ncurses"
> +
> +# disable pie security flags by default
> +SECURITY_CFLAGS_libc-newlib = "${SECURITY_NOPIE_CFLAGS}"
> +SECURITY_LDFLAGS_libc-newlib = ""
> ---
> 2.18.0
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list