Help needed in disabling busybox configuration for linux hardening requirement.

Denys Vlasenko vda.linux at googlemail.com
Thu Oct 15 10:17:21 UTC 2015


On Thu, Oct 15, 2015 at 11:31 AM, purushi1 . <purushi1 at gmail.com> wrote:
> Isaac and wh,
>
> Thanks for your comments.
>
> Want to understand a few more things.
>
> My objective here is to disable, the following config options?
>
>> CONFIG_BRCTL=y
>> CONFIG_FEATURE_BRCTL_FANCY=y
>> CONFIG_FEATURE_BRCTL_SHOW=y
>
> They are used in Brctl.c (uclinux-rootfs\user\busybox\networking), and on
> disabling them, its resulting in Link error.
> If the above three options are enabled then the build goes through fine.
> Is there any other dependency to it,
> ####################
> --> making all in user/busybox
> make[4]: Entering directory
> '/projects/cc-ban-vwstg4/purush/KERNEL/3.3-3.4/Trial3/uclinux-rootfs/user/busybox'
> /tools/oss/packages/x86_64-rhel5/make/default/bin/make -f Makefile
> make[5]: Entering directory
> '/projects/cc-ban-vwstg4/purush/KERNEL/3.3-3.4/Trial3/uclinux-rootfs/user/busybox'
>   SPLIT   include/autoconf.h -> include/config/*
>   GEN     include/bbconfigopts.h
>   HOSTCC  applets/usage
>   GEN     include/usage_compressed.h
>   HOSTCC  applets/applet_tables
>   GEN     include/applet_tables.h
>   CC      applets/applets.o
>   LD      applets/built-in.o
>   HOSTCC  applets/usage_pod
>   CC      libbb/appletlib.o
>   AR      libbb/lib.a
>   AR      networking/lib.a
>   CC      shell/ash.o
>   AR      shell/lib.a
>   LINK    busybox_unstripped
> Trying libraries: crypt m
> Failed: -Wl,--start-group -lcrypt -lm -Wl,--end-group
> Output of:
> mipsel-linux-gcc -Os -fno-strict-aliasing -Wall -Wshadow -Wwrite-strings
> -Wundef -Wstrict-prototypes -Wunused -Wunused-parameter - Wunused-function
> -Wunused-value -Wmissing-prototypes -Wmissing-declarations
> -Wno-format-security -Wdeclaration-after-statement -Wo
> ld-style-definition -fno-builtin-strlen -finline-limit=0
> -fomit-frame-pointer -ffunction-sections -fdata-sections -fno-guess-branc
> h-probability -funsigned-char -static-libgcc -falign-functions=1
> -falign-jumps=1 -falign-labels=1 -falign-loops=1 -fno-unwind-tabl
> es -fno-asynchronous-unwind-tables -Os
> --sysroot=/projects/cc-ban-vwstg4/purush/TOOLCHAIN/stbgcc-4.5.4-2.9/bin/../mipsel-linux-ucl
> ibc/sys-root -Os -Dlinux -D__linux__ -Dunix -DEMBED -fno-builtin -Os
> -fno-strict-aliasing -o busybox_unstripped -Wl,--sort-common
> -Wl,--sort-section,alignment -Wl,--gc-sections -Wl,--start-group
> applets/built-in.o archival/lib.a archival/libarchive/lib.a conso
> le-tools/lib.a coreutils/lib.a coreutils/libcoreutils/lib.a
> debianutils/lib.a e2fsprogs/lib.a editors/lib.a findutils/lib.a init/l
> ib.a libbb/lib.a libpwdgrp/lib.a loginutils/lib.a mailutils/lib.a
> miscutils/lib.a modutils/lib.a networking/lib.a networking/libip
> route/lib.a networking/udhcp/lib.a printutils/lib.a procps/lib.a runit/lib.a
> selinux/lib.a shell/lib.a sysklogd/lib.a util-linux/l
> ib.a util-linux/volume_id/lib.a archival/built-in.o
> archival/libarchive/built-in.o console-tools/built-in.o coreutils/built-in.o
> c
> oreutils/libcoreutils/built-in.o debianutils/built-in.o e2fsprogs/built-in.o
> editors/built-in.o findutils/built-in.o init/built-in
> .o libbb/built-in.o libpwdgrp/built-in.o loginutils/built-in.o
> mailutils/built-in.o miscutils/built-in.o modutils/built-in.o netwo
> rking/built-in.o networking/libiproute/built-in.o
> networking/udhcp/built-in.o printutils/built-in.o procps/built-in.o
> runit/built-
> in.o selinux/built-in.o shell/built-in.o sysklogd/built-in.o
> util-linux/built-in.o util-linux/volume_id/built-in.o -Wl,--end-group
> -Wl,--start-group -lcrypt -lm -Wl,--end-group
> ==========
> /projects/cc-ban-vwstg4/purush/TOOLCHAIN/stbgcc-4.5.4-2.9/bin/../lib/gcc/mipsel-linux-uclibc/4.5.4/../../../../mipsel-linux-uclibc
> /bin/ld:
> can not make stub section: File format not recognized
> /projects/cc-ban-vwstg4/purush/TOOLCHAIN/stbgcc-4.5.4-2.9/bin/../lib/gcc/mipsel-linux-uclibc/4.5.4/../../../../mipsel-linux-uclibc
> /bin/ld:
> failed to set dynamic section sizes: File format not recognized
> collect2: ld returned 1 exit status

This error has nothing to do with brctl.c

Looks like your linker is buggy.

Googling for "cannot make stub section: File format not recognized"
found this:
https://github.com/bigroma73/openembedded/blob/master/recipes/dbus/dbus.inc

do_configure_prepend_mipsel() {
    #this fixes error like "cannot make stub section: File format not
recognized" with gcc 4.4.3
    sed -i -e 's/-Wl,--gc-sections/--gc-sections/' configure.in
}

which suggests that some versions of ld are byggy for mipsel with that option.

What is your ld -V?

I suggest you to find this part of busybox/scripts/trylink:

GC_SECTIONS=`(
. ./.config
if test x"$CONFIG_STATIC" = x"y"; then
    check_libc_is_glibc "" "-Wl,--gc-sections"
else
    echo "-Wl,--gc-sections"
fi
)`

# The --gc-sections option is not supported by older versions of ld
if test -n "$GC_SECTIONS"; then
    GC_SECTIONS=`check_cc "$GC_SECTIONS" ""`
fi


and just replace it with

GC_SECTIONS=""


More information about the busybox mailing list