[Buildroot] [PATCH] mmc-utils: Rely on our own _FORTIFY_SOURCE
Matthew Weber
matthew.weber at rockwellcollins.com
Mon Oct 29 13:15:15 UTC 2018
Jan,
On Thu, Oct 25, 2018 at 1:03 PM Jan Kundrát <jan.kundrat at cesnet.cz> wrote:
>
> On pátek 10. srpna 2018 4:56:39 CEST, Matthew Weber wrote:
> > This isn't related to my hardening fixes patchset (ie those patches
> > won't fix this issue). Instead, I'd refactor this patch to move the
> > AM_CFLAGS "-D_FORTIFY_SOURCE=2" into the CFLAGS ?= . That should be
> > an upstream-able change and preserve their intent.
>
> Hi Matthew,
> doing just this change, as you suggested:
>
> -AM_CFLAGS = -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2
> -CFLAGS ?= -g -O2
> +AM_CFLAGS = -D_FILE_OFFSET_BITS=64
> +CFLAGS ?= -g -O2 -D_FORTIFY_SOURCE=2
>
> ...stil results in an error when building this manually out-of-box, outside
> of Buildroot, on a Gentoo Linux with hardened GCC which enforces
> _FORTIFY_SOURCE via compiler spec files. The good news is that it is now
> possible to override the CFLAGS via an env var when invoking make. I guess
> I'll send this upstream, then.
>
> It still doesn't work out-of-box everyhere, but it is no longer a Buildroot
> bug (and it will work in Buildroot).
Good to note.
Wasn't sure if you saw the merge of the updated hardening feature set.
It is now handled in the toolchain wrapper and more packages (without
changes directly in the package to allow flags to be set) should build
with the hardening flags. The wrapper appends them to the compiler
args transparently and doesn't depend on ?=.
Matt
More information about the buildroot
mailing list