1From 4d8705ddb55897e8a74b617ab95736d520d9e1ea Mon Sep 17 00:00:00 2001 2From: Romain Naour <romain.naour@gmail.com> 3Date: Fri, 25 Dec 2015 11:45:38 +0100 4Subject: [PATCH] poison-system-directories 5 6Patch adapted to binutils 2.23.2 and extended to use 7BR_COMPILER_PARANOID_UNSAFE_PATH by Thomas Petazzoni. 8 9[Waldemar: rebase on top of 2.39] 10Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> 11[Romain: rebase on top of 2.33.1] 12Signed-off-by: Romain Naour <romain.naour@gmail.com> 13[Gustavo: adapt to binutils 2.25] 14Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 15Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> 16 17Upstream-Status: Inappropriate [distribution: codesourcery] 18 19Patch originally created by Mark Hatle, forward-ported to 20binutils 2.21 by Scott Garman. 21 22purpose: warn for uses of system directories when cross linking 23 24Code Merged from Sourcery G++ binutils 2.19 - 4.4-277 25 262008-07-02 Joseph Myers <joseph@codesourcery.com> 27 28 ld/ 29 * ld.h (args_type): Add error_poison_system_directories. 30 * ld.texinfo (--error-poison-system-directories): Document. 31 * ldfile.c (ldfile_add_library_path): Check 32 command_line.error_poison_system_directories. 33 * ldmain.c (main): Initialize 34 command_line.error_poison_system_directories. 35 * lexsup.c (enum option_values): Add 36 OPTION_ERROR_POISON_SYSTEM_DIRECTORIES. 37 (ld_options): Add --error-poison-system-directories. 38 (parse_args): Handle new option. 39 402007-06-13 Joseph Myers <joseph@codesourcery.com> 41 42 ld/ 43 * config.in: Regenerate. 44 * ld.h (args_type): Add poison_system_directories. 45 * ld.texinfo (--no-poison-system-directories): Document. 46 * ldfile.c (ldfile_add_library_path): Check 47 command_line.poison_system_directories. 48 * ldmain.c (main): Initialize 49 command_line.poison_system_directories. 50 * lexsup.c (enum option_values): Add 51 OPTION_NO_POISON_SYSTEM_DIRECTORIES. 52 (ld_options): Add --no-poison-system-directories. 53 (parse_args): Handle new option. 54 552007-04-20 Joseph Myers <joseph@codesourcery.com> 56 57 Merge from Sourcery G++ binutils 2.17: 58 59 2007-03-20 Joseph Myers <joseph@codesourcery.com> 60 Based on patch by Mark Hatle <mark.hatle@windriver.com>. 61 ld/ 62 * configure.ac (--enable-poison-system-directories): New option. 63 * configure, config.in: Regenerate. 64 * ldfile.c (ldfile_add_library_path): If 65 ENABLE_POISON_SYSTEM_DIRECTORIES defined, warn for use of /lib, 66 /usr/lib, /usr/local/lib or /usr/X11R6/lib. 67 68Signed-off-by: Mark Hatle <mark.hatle@windriver.com> 69Signed-off-by: Scott Garman <scott.a.garman@intel.com> 70--- 71 ld/config.in | 3 +++ 72 ld/configure | 14 ++++++++++++++ 73 ld/configure.ac | 10 ++++++++++ 74 ld/ld.h | 8 ++++++++ 75 ld/ld.texi | 12 ++++++++++++ 76 ld/ldfile.c | 17 +++++++++++++++++ 77 ld/ldlex.h | 2 ++ 78 ld/ldmain.c | 2 ++ 79 ld/lexsup.c | 21 +++++++++++++++++++++ 80 9 files changed, 89 insertions(+) 81 82diff -Nur binutils-2.39.orig/ld/config.in binutils-2.39/ld/config.in 83--- binutils-2.39.orig/ld/config.in 2022-08-05 11:56:56.000000000 +0200 84+++ binutils-2.39/ld/config.in 2022-08-11 13:00:55.310472243 +0200 85@@ -55,6 +55,9 @@ 86 language is requested. */ 87 #undef ENABLE_NLS 88 89+/* Define to warn for use of native system library directories */ 90+#undef ENABLE_POISON_SYSTEM_DIRECTORIES 91+ 92 /* Additional extension a shared object might have. */ 93 #undef EXTRA_SHLIB_EXTENSION 94 95diff -Nur binutils-2.39.orig/ld/configure binutils-2.39/ld/configure 96--- binutils-2.39.orig/ld/configure 2022-08-05 11:56:54.000000000 +0200 97+++ binutils-2.39/ld/configure 2022-08-11 13:00:55.370470806 +0200 98@@ -836,6 +836,7 @@ 99 enable_targets 100 enable_64_bit_bfd 101 with_sysroot 102+enable_poison_system_directories 103 enable_gold 104 enable_got 105 enable_compressed_debug_sections 106@@ -1514,6 +1515,8 @@ 107 --enable-checking enable run-time checks 108 --enable-targets alternative target configurations 109 --enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes) 110+ --enable-poison-system-directories 111+ warn for use of native system library directories 112 --enable-gold[=ARG] build gold [ARG={default,yes,no}] 113 --enable-got=<type> GOT handling scheme (target, single, negative, 114 multigot) 115@@ -15370,7 +15373,18 @@ 116 fi 117 118 119+# Check whether --enable-poison-system-directories was given. 120+if test "${enable_poison_system_directories+set}" = set; then : 121+ enableval=$enable_poison_system_directories; 122+else 123+ enable_poison_system_directories=no 124+fi 125+ 126+if test "x${enable_poison_system_directories}" = "xyes"; then 127 128+$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h 129+ 130+fi 131 132 # Check whether --enable-got was given. 133 if test "${enable_got+set}" = set; then : 134diff -Nur binutils-2.39.orig/ld/configure.ac binutils-2.39/ld/configure.ac 135--- binutils-2.39.orig/ld/configure.ac 2022-07-08 11:46:48.000000000 +0200 136+++ binutils-2.39/ld/configure.ac 2022-08-11 13:00:55.370470806 +0200 137@@ -102,6 +102,16 @@ 138 AC_SUBST(TARGET_SYSTEM_ROOT) 139 AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE) 140 141+AC_ARG_ENABLE([poison-system-directories], 142+ AS_HELP_STRING([--enable-poison-system-directories], 143+ [warn for use of native system library directories]),, 144+ [enable_poison_system_directories=no]) 145+if test "x${enable_poison_system_directories}" = "xyes"; then 146+ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES], 147+ [1], 148+ [Define to warn for use of native system library directories]) 149+fi 150+ 151 dnl Use --enable-gold to decide if this linker should be the default. 152 dnl "install_as_default" is set to false if gold is the default linker. 153 dnl "installed_linker" is the installed BFD linker name. 154diff -Nur binutils-2.39.orig/ld/ldfile.c binutils-2.39/ld/ldfile.c 155--- binutils-2.39.orig/ld/ldfile.c 2022-07-08 11:46:48.000000000 +0200 156+++ binutils-2.39/ld/ldfile.c 2022-08-11 13:00:55.394470231 +0200 157@@ -117,6 +117,23 @@ 158 new_dirs->name = concat (ld_sysroot, name + strlen ("$SYSROOT"), (const char *) NULL); 159 else 160 new_dirs->name = xstrdup (name); 161+ 162+#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES 163+ if (command_line.poison_system_directories 164+ && ((!strncmp (name, "/lib", 4)) 165+ || (!strncmp (name, "/usr/lib", 8)) 166+ || (!strncmp (name, "/usr/local/lib", 14)) 167+ || (!strncmp (name, "/usr/X11R6/lib", 14)))) 168+ { 169+ if (command_line.error_poison_system_directories) 170+ einfo (_("%X%P: error: library search path \"%s\" is unsafe for " 171+ "cross-compilation\n"), name); 172+ else 173+ einfo (_("%P: warning: library search path \"%s\" is unsafe for " 174+ "cross-compilation\n"), name); 175+ } 176+#endif 177+ 178 } 179 180 /* Try to open a BFD for a lang_input_statement. */ 181diff -Nur binutils-2.39.orig/ld/ld.h binutils-2.39/ld/ld.h 182--- binutils-2.39.orig/ld/ld.h 2022-07-08 11:46:48.000000000 +0200 183+++ binutils-2.39/ld/ld.h 2022-08-11 13:00:55.382470519 +0200 184@@ -162,6 +162,14 @@ 185 in the linker script. */ 186 bool force_group_allocation; 187 188+ /* If TRUE (the default) warn for uses of system directories when 189+ cross linking. */ 190+ bool poison_system_directories; 191+ 192+ /* If TRUE (default FALSE) give an error for uses of system 193+ directories when cross linking instead of a warning. */ 194+ bool error_poison_system_directories; 195+ 196 /* Big or little endian as set on command line. */ 197 enum endian_enum endian; 198 199diff -Nur binutils-2.39.orig/ld/ldlex.h binutils-2.39/ld/ldlex.h 200--- binutils-2.39.orig/ld/ldlex.h 2022-07-08 11:46:48.000000000 +0200 201+++ binutils-2.39/ld/ldlex.h 2022-08-11 13:03:35.462636396 +0200 202@@ -164,6 +164,8 @@ 203 OPTION_CTF_VARIABLES, 204 OPTION_NO_CTF_VARIABLES, 205 OPTION_CTF_SHARE_TYPES, 206+ OPTION_NO_POISON_SYSTEM_DIRECTORIES, 207+ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES, 208 OPTION_WARN_EXECSTACK, 209 OPTION_NO_WARN_EXECSTACK, 210 OPTION_WARN_RWX_SEGMENTS, 211diff -Nur binutils-2.39.orig/ld/ldmain.c binutils-2.39/ld/ldmain.c 212--- binutils-2.39.orig/ld/ldmain.c 2022-07-08 11:46:48.000000000 +0200 213+++ binutils-2.39/ld/ldmain.c 2022-08-11 13:00:55.402470040 +0200 214@@ -321,6 +321,8 @@ 215 command_line.warn_mismatch = true; 216 command_line.warn_search_mismatch = true; 217 command_line.check_section_addresses = -1; 218+ command_line.poison_system_directories = true; 219+ command_line.error_poison_system_directories = false; 220 221 /* We initialize DEMANGLING based on the environment variable 222 COLLECT_NO_DEMANGLE. The gcc collect2 program will demangle the 223diff -Nur binutils-2.39.orig/ld/ld.texi binutils-2.39/ld/ld.texi 224--- binutils-2.39.orig/ld/ld.texi 2022-07-08 11:46:48.000000000 +0200 225+++ binutils-2.39/ld/ld.texi 2022-08-11 13:02:44.627853889 +0200 226@@ -2936,6 +2936,18 @@ 227 Passing @code{none} for @var{style} disables the setting from any 228 @code{--build-id} options earlier on the command line. 229 230+@kindex --no-poison-system-directories 231+@item --no-poison-system-directories 232+Do not warn for @option{-L} options using system directories such as 233+@file{/usr/lib} when cross linking. This option is intended for use 234+in chroot environments when such directories contain the correct 235+libraries for the target system rather than the host. 236+ 237+@kindex --error-poison-system-directories 238+@item --error-poison-system-directories 239+Give an error instead of a warning for @option{-L} options using 240+system directories when cross linking. 241+ 242 @kindex --package-metadata=@var{JSON} 243 @item --package-metadata=@var{JSON} 244 Request the creation of a @code{.note.package} ELF note section. The 245diff -Nur binutils-2.39.orig/ld/lexsup.c binutils-2.39/ld/lexsup.c 246--- binutils-2.39.orig/ld/lexsup.c 2022-07-08 11:46:48.000000000 +0200 247+++ binutils-2.39/ld/lexsup.c 2022-08-11 13:00:55.434469274 +0200 248@@ -608,6 +608,14 @@ 249 " <method> is: share-unconflicted (default),\n" 250 " share-duplicated"), 251 TWO_DASHES }, 252+ { {"no-poison-system-directories", no_argument, NULL, 253+ OPTION_NO_POISON_SYSTEM_DIRECTORIES}, 254+ '\0', NULL, N_("Do not warn for -L options using system directories"), 255+ TWO_DASHES }, 256+ { {"error-poison-system-directories", no_argument, NULL, 257+ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES}, 258+ '\0', NULL, N_("Give an error for -L options using system directories"), 259+ TWO_DASHES }, 260 }; 261 262 #define OPTION_COUNT ARRAY_SIZE (ld_options) 263@@ -620,6 +628,7 @@ 264 int ingroup = 0; 265 char *default_dirlist = NULL; 266 char *shortopts; 267+ char *BR_paranoid_env; 268 struct option *longopts; 269 struct option *really_longopts; 270 int last_optind; 271@@ -1679,6 +1688,14 @@ 272 } 273 break; 274 275+ case OPTION_NO_POISON_SYSTEM_DIRECTORIES: 276+ command_line.poison_system_directories = false; 277+ break; 278+ 279+ case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES: 280+ command_line.error_poison_system_directories = true; 281+ break; 282+ 283 case OPTION_PUSH_STATE: 284 input_flags.pushed = xmemdup (&input_flags, 285 sizeof (input_flags), 286@@ -1824,6 +1841,10 @@ 287 command_line.soname = NULL; 288 } 289 290+ BR_paranoid_env = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH"); 291+ if (BR_paranoid_env && strlen(BR_paranoid_env) > 0) 292+ command_line.error_poison_system_directories = true; 293+ 294 while (ingroup) 295 { 296 einfo (_("%P: missing --end-group; added as last command line option\n")); 297-- 2982.31.1 299