From 9a9d48a8af4934e98a0a1496650cd0904602b0ab Mon Sep 17 00:00:00 2001 From: veega2022 Date: Wed, 15 Mar 2023 09:34:36 +0000 Subject: [PATCH] fix hikptool security compilation PIE issue add link option -pie and change the link ld file PROVIDE address to 0x0 Signed-off-by: veega2022 --- ...x-the-security-compilation-PIE-issue.patch | 51 +++++++++++++++++++ hikptool.spec | 6 ++- 2 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 0003-fix-the-security-compilation-PIE-issue.patch diff --git a/0003-fix-the-security-compilation-PIE-issue.patch b/0003-fix-the-security-compilation-PIE-issue.patch new file mode 100644 index 0000000..00e9ec8 --- /dev/null +++ b/0003-fix-the-security-compilation-PIE-issue.patch @@ -0,0 +1,51 @@ +From bac5c53adcb43f4bbba6f436c98d6451d55c80ad Mon Sep 17 00:00:00 2001 +From: veega2022 +Date: Wed, 15 Mar 2023 08:28:37 +0000 +Subject: [PATCH] fix the security compilation PIE issue + +add link options "-fPIE -pie", because the -T link is used, the pie becomes +invalid.Therefore,change the ld file PROVIDE address to 0. + +Signed-off-by: veega2022 +--- + CMakeLists.txt | 4 ++-- + hikp_register.ld | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 0ba7370..6a396e7 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -11,7 +11,7 @@ + + project(hikptool C) + +-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 -pie -fPIE -Wall") ++set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 -fPIC -fPIE -Wall") + set(CMAKE_SKIP_RPATH TRUE) + + macro(get_header_dir_recurse HEADER_DIR_LIST) +@@ -44,6 +44,6 @@ target_include_directories(hikptool PRIVATE ${HIKPTOOL_HEADER_DIR}) + target_link_directories(hikptool PRIVATE ${CMAKE_INSTALL_PREFIX}/lib) + target_link_libraries(hikptool PRIVATE KPTDEV_SO) + target_link_options(hikptool PRIVATE +- -Wl,-z,relro,-z,now -Wl,-z,noexecstack ++ -Wl,-z,relro,-z,now -Wl,-z,noexecstack -fPIE -pie + -g -lpthread -ldl -lm -lrt -T ${CMAKE_CURRENT_SOURCE_DIR}/hikp_register.ld) + install(TARGETS hikptool RUNTIME DESTINATION bin OPTIONAL) +diff --git a/hikp_register.ld b/hikp_register.ld +index b1bec44..3bd44ff 100644 +--- a/hikp_register.ld ++++ b/hikp_register.ld +@@ -11,7 +11,7 @@ SEARCH_DIR("=/usr/aarch64-Huawei-linux/lib64"); SEARCH_DIR("=/usr/lib64"); SEARC + SECTIONS + { + /* Read-only sections, merged into text segment: */ +- PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x400000)); . = SEGMENT_START("text-segment", 0x400000) + SIZEOF_HEADERS; ++ PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x0)); . = SEGMENT_START("text-segment", 0x0) + SIZEOF_HEADERS; + .interp : { *(.interp) } + .note.gnu.build-id : { *(.note.gnu.build-id) } + .hash : { *(.hash) } +-- +2.25.1 + diff --git a/hikptool.spec b/hikptool.spec index 792f5e5..4b038de 100644 --- a/hikptool.spec +++ b/hikptool.spec @@ -1,7 +1,7 @@ Name: hikptool Summary: A userspace tool for Linux providing problem location on Kunpeng chips Version: 1.0.0 -Release: 7 +Release: 8 License: MulanPSL2 Source: %{name}-%{version}.tar.gz ExclusiveOS: linux @@ -16,6 +16,7 @@ ExclusiveArch: aarch64 Patch0001: 0001-socip-Return-EINVAL-when-the-parameter-check-fails.patch Patch0002: 0002-fix-compiler-security-option-problem.patch +Patch0003: 0003-fix-the-security-compilation-PIE-issue.patch %description This package contains the hikptool @@ -68,6 +69,9 @@ fi /sbin/ldconfig %changelog +* Wed Mar 15 2023 veega2022 1.0.0-8 +- fix security compilation PIE issue + * Tue Dec 13 2022 veega2022 1.0.0-7 - fix compiler security option problem -- Gitee