| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3667e585-ecaa-4664-9e6e-75dc9de928e8@linuxfoundation.org>
Date: Mon, 12 Aug 2024 17:03:45 -0600
From: Shuah Khan <skhan@...uxfoundation.org>
To: Eugene Syromiatnikov <esyr@...hat.com>, linux-kselftest@...r.kernel.org
Cc: Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.com>,
Mark Brown <broonie@...nel.org>, Shuah Khan <shuah@...nel.org>,
Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau
<martin.lau@...ux.dev>, Eduard Zingerman <eddyz87@...il.com>,
Song Liu <song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>,
John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>,
Jiri Olsa <jolsa@...nel.org>, Mykola Lysenko <mykolal@...com>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Peter Zijlstra <peterz@...radead.org>, "Paul E. McKenney"
<paulmck@...nel.org>, Boqun Feng <boqun.feng@...il.com>,
linux-sound@...r.kernel.org, linux-kernel@...r.kernel.org,
bpf@...r.kernel.org, Shuah Khan <skhan@...uxfoundation.org>
Subject: Re: [PATCH v2] selftests: fix relative rpath usage
On 8/12/24 10:56, Eugene Syromiatnikov wrote:
> The relative RPATH ("./") supplied to linker options in CFLAGS is resolved
> relative to current working directory and not the executable directory,
> which will lead in incorrect resolution when the test executables are run
> from elsewhere. Changing it to $ORIGIN makes it resolve relative
> to the directory in which the executables reside, which is supposedly
> the desired behaviour. This patch also moves these CFLAGS to lib.mk,
> so the RPATH is provided for all selftest binaries, which is arguably
> a useful default.
Can you elaborate on the erros you would see if this isn't fixed? I understand
that check-rpaths tool - howebver I would like to know how it manifests and
how would you reproduce this problem while running selftests?
> Discovered by the check-rpaths script[1][2] that checks for insecure
> RPATH/RUNPATH[3], such as relative directories, during an attempt
> to package BPF selftests for later use in CI:
>
> ERROR 0004: file '/usr/libexec/kselftests/bpf/urandom_read' contains an insecure runpath '.' in [.]
>
> [1] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpaths
> [2] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpaths-worker
> [3] https://cwe.mitre.org/data/definitions/426.html
>
> Signed-off-by: Eugene Syromiatnikov <esyr@...hat.com>
> ---
> v2:
> - Consolidated the updated -L/-Wl,-rpath setting into lib.mk
> - Described the testing done in the commit message
> v1: https://lore.kernel.org/lkml/20240808145639.GA20510@asgard.redhat.com/
> https://lore.kernel.org/lkml/20240808151335.GA5495@asgard.redhat.com/
> https://lore.kernel.org/lkml/20240808151621.GA10025@asgard.redhat.com/
> https://lore.kernel.org/lkml/20240808151621.GA10025@asgard.redhat.com/
> ---
> tools/testing/selftests/alsa/Makefile | 1 -
> tools/testing/selftests/bpf/Makefile | 5 ++---
> tools/testing/selftests/lib.mk | 3 +++
> tools/testing/selftests/rseq/Makefile | 2 +-
> tools/testing/selftests/sched/Makefile | 3 +--
> 5 files changed, 7 insertions(+), 7 deletions(-)
thanks,
-- Shuah
Powered by blists - more mailing lists