lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3667e585-ecaa-4664-9e6e-75dc9de928e8@linuxfoundation.org>
Date: Mon, 12 Aug 2024 17:03:45 -0600
From: Shuah Khan <skhan@...uxfoundation.org>
To: Eugene Syromiatnikov <esyr@...hat.com>, linux-kselftest@...r.kernel.org
Cc: Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.com>,
 Mark Brown <broonie@...nel.org>, Shuah Khan <shuah@...nel.org>,
 Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>,
 Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau
 <martin.lau@...ux.dev>, Eduard Zingerman <eddyz87@...il.com>,
 Song Liu <song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>,
 John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>,
 Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>,
 Jiri Olsa <jolsa@...nel.org>, Mykola Lysenko <mykolal@...com>,
 Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
 Peter Zijlstra <peterz@...radead.org>, "Paul E. McKenney"
 <paulmck@...nel.org>, Boqun Feng <boqun.feng@...il.com>,
 linux-sound@...r.kernel.org, linux-kernel@...r.kernel.org,
 bpf@...r.kernel.org, Shuah Khan <skhan@...uxfoundation.org>
Subject: Re: [PATCH v2] selftests: fix relative rpath usage

On 8/12/24 10:56, Eugene Syromiatnikov wrote:
> The relative RPATH ("./") supplied to linker options in CFLAGS is resolved
> relative to current working directory and not the executable directory,
> which will lead in incorrect resolution when the test executables are run
> from elsewhere.  Changing it to $ORIGIN makes it resolve relative
> to the directory in which the executables reside, which is supposedly
> the desired behaviour.  This patch also moves these CFLAGS to lib.mk,
> so the RPATH is provided for all selftest binaries, which is arguably
> a useful default.

Can you elaborate on the erros you would see if this isn't fixed? I understand
that check-rpaths tool - howebver I would like to know how it manifests and
how would you reproduce this problem while running selftests?


> Discovered by the check-rpaths script[1][2] that checks for insecure
> RPATH/RUNPATH[3], such as relative directories, during an attempt
> to package BPF selftests for later use in CI:
> 
>      ERROR   0004: file '/usr/libexec/kselftests/bpf/urandom_read' contains an insecure runpath '.' in [.]
> 
> [1] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpaths
> [2] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpaths-worker
> [3] https://cwe.mitre.org/data/definitions/426.html
> 
> Signed-off-by: Eugene Syromiatnikov <esyr@...hat.com>
> ---
> v2:
>    - Consolidated the updated -L/-Wl,-rpath setting into lib.mk
>    - Described the testing done in the commit message
> v1: https://lore.kernel.org/lkml/20240808145639.GA20510@asgard.redhat.com/
>      https://lore.kernel.org/lkml/20240808151335.GA5495@asgard.redhat.com/
>      https://lore.kernel.org/lkml/20240808151621.GA10025@asgard.redhat.com/
>      https://lore.kernel.org/lkml/20240808151621.GA10025@asgard.redhat.com/
> ---
>   tools/testing/selftests/alsa/Makefile  | 1 -
>   tools/testing/selftests/bpf/Makefile   | 5 ++---
>   tools/testing/selftests/lib.mk         | 3 +++
>   tools/testing/selftests/rseq/Makefile  | 2 +-
>   tools/testing/selftests/sched/Makefile | 3 +--
>   5 files changed, 7 insertions(+), 7 deletions(-)

thanks,
-- Shuah


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ