From 040f8d30f60d9e5529c0b737d8b1f38a43942f52 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Wed, 19 Dec 2012 21:03:39 +0000 Subject: Clean up compiler flag handling w/fix from upstream, and add dedicated user/group for tlsdate to use when dropping root #447018 by Maxim Kammerer. (Portage version: 2.2.0_alpha144/cvs/Linux x86_64, signed Manifest commit with key FB7C4156) --- .../files/tlsdate-0.0.4-compiler-flags.patch | 72 ++++++++++++++++++++++ .../files/tlsdate-0.0.4-configure-user-group.patch | 66 ++++++++++++++++++++ 2 files changed, 138 insertions(+) create mode 100644 net-misc/tlsdate/files/tlsdate-0.0.4-compiler-flags.patch create mode 100644 net-misc/tlsdate/files/tlsdate-0.0.4-configure-user-group.patch (limited to 'net-misc/tlsdate/files') diff --git a/net-misc/tlsdate/files/tlsdate-0.0.4-compiler-flags.patch b/net-misc/tlsdate/files/tlsdate-0.0.4-compiler-flags.patch new file mode 100644 index 000000000000..dbccaabe597f --- /dev/null +++ b/net-misc/tlsdate/files/tlsdate-0.0.4-compiler-flags.patch @@ -0,0 +1,72 @@ +fix in upstream now + +From 8b94e111e58fc5d8a2cf47effaaf410a6e4eca46 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Tue, 18 Dec 2012 15:38:51 -0500 +Subject: [PATCH] make hardened compiler flags optional + +First note: the default behavior is unchanged. + +For people building tlsdate themselves with a known toolchain env, the +checked flags can be redundant, or even harmful. A compile/link check +for PIE behavior for example might not catch the full supported status +for some architectures/C libraries. + +Further, the current code starts by throwing away the user's compiler +settings which can also be harmful. Those often times include settings +related to ABI or target cpu selection and ignoring them can produce an +unusable binary. + +So add a flag that people (including distros) can leverage to bypass +all of the checks. + +Signed-off-by: Mike Frysinger +--- + configure.ac | 27 ++++++++++++++++++--------- + 1 file changed, 18 insertions(+), 9 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 555ae28..f6efb0b 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -67,19 +67,28 @@ AC_SUBST(RT_LIB) + + # Debug and hardening flags all in one shot + # Alwas do this at the end, otherwise you end up filtering system/other libraries ++AC_ARG_ENABLE([hardened-checks], ++ [AS_HELP_STRING([--disable-hardened-checks], ++ [Disable automatically enabling hardened toolchain options])]) + AC_DEFUN([LOCAL_CHECK_FLAGS],[ + AC_REQUIRE([AX_CHECK_LINK_FLAG]) + AC_REQUIRE([AX_APPEND_COMPILE_FLAGS]) + AC_LANG_PUSH([C]) +- CFLAGS= +- LIBS= +- AX_APPEND_COMPILE_FLAGS([-g -O1 -Wall]) +- AX_APPEND_COMPILE_FLAGS([-fno-strict-aliasing]) +- AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2 -fstack-protector-all]) +- AX_APPEND_COMPILE_FLAGS([-fwrapv -fPIE -Wstack-protector]) +- AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1]) +- AX_CHECK_LINK_FLAG([-z relro -z now]) +- AX_CHECK_LINK_FLAG([-pie]) ++ AS_IF([test "x$enable_hardened_checks" != xno], [ ++ CFLAGS= ++ LIBS= ++ AX_APPEND_COMPILE_FLAGS([-g -O1]) ++ ], [ ++ AC_MSG_WARN([using hardened flags is HIGHLY RECOMMENDED and disabling them is a BAD IDEA]) ++ ]) ++ AX_APPEND_COMPILE_FLAGS([-Wall -fno-strict-aliasing]) ++ AS_IF([test "x$enable_hardened_checks" != xno], [ ++ AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2 -fstack-protector-all]) ++ AX_APPEND_COMPILE_FLAGS([-fwrapv -fPIE -Wstack-protector]) ++ AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1]) ++ AX_CHECK_LINK_FLAG([-z relro -z now]) ++ AX_CHECK_LINK_FLAG([-pie]) ++ ]) + AC_LANG_POP + ]) + LOCAL_CHECK_FLAGS +-- +1.8.0 + diff --git a/net-misc/tlsdate/files/tlsdate-0.0.4-configure-user-group.patch b/net-misc/tlsdate/files/tlsdate-0.0.4-configure-user-group.patch new file mode 100644 index 000000000000..8cd2472cf44e --- /dev/null +++ b/net-misc/tlsdate/files/tlsdate-0.0.4-configure-user-group.patch @@ -0,0 +1,66 @@ +From e6edd1f581b59dffbc1e21d2221af049a5f0b38a Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Wed, 19 Dec 2012 15:48:22 -0500 +Subject: [PATCH] add configure flags for setting droppriv user/group + +In order to override the default user/group, you have to append your +CPPFLAGS before compiling. Since you also have to pass along double +quotes, it can get ugly/messy fast in shell (due to the escaping). +Plus, the existing code always defines UNPRIV_USER to "nobody" which +leads to compile time warnings. + +Add dedicated configure flags to make the interface simple for people +to control. + +Signed-off-by: Mike Frysinger +--- + configure.ac | 20 ++++++++++++++++++++ + src/tlsdate.h | 1 - + 2 files changed, 20 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index f6efb0b..c95090e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -57,6 +57,26 @@ AC_CHECK_HEADERS([unistd.h], ,[AC_MSG_ERROR([Required headers missing; compilati + AC_CHECK_FUNCS([setresuid]) + AC_CHECK_FUNCS([gettimeofday]) + ++AC_MSG_CHECKING([user/group to drop privs to]) ++ ++AC_ARG_WITH([unpriv-user], ++ [AS_HELP_STRING([--with-unpriv-user=], ++ [User to drop privs to @<:@default: nobody@:>@])]) ++AS_CASE([$with_unpriv_user], ++ [""|yes|no], [UNPRIV_USER="nobody"], ++ [*], [UNPRIV_USER=$with_unpriv_user]) ++AC_DEFINE_UNQUOTED([UNPRIV_USER], ["${UNPRIV_USER}"], [Unprivileged user]) ++ ++AC_ARG_WITH([unpriv-group], ++ [AS_HELP_STRING([--with-unpriv-group=], ++ [Group to drop privs to @<:@default: nogroup@:>@])]) ++AS_CASE([$with_unpriv_group], ++ [""|yes|no], [UNPRIV_GROUP="nogroup"], ++ [*], [UNPRIV_GROUP=$with_unpriv_group]) ++AC_DEFINE_UNQUOTED([UNPRIV_GROUP], ["${UNPRIV_GROUP}"], [Unprivileged group]) ++ ++AC_MSG_RESULT(${UNPRIV_USER}:${UNPRIV_GROUP}) ++ + # Check for -lrt + AC_CHECK_LIB([rt], [clock_gettime], [ + RT_LIB="-lrt" +diff --git a/src/tlsdate.h b/src/tlsdate.h +index 4db56c1..4c918cd 100644 +--- a/src/tlsdate.h ++++ b/src/tlsdate.h +@@ -18,7 +18,6 @@ + #include + #include + +-#define UNPRIV_USER "nobody" + #define DEFAULT_HOST "www.ptb.de" + #define DEFAULT_PORT "443" + #define DEFAULT_PROTOCOL "tlsv1" +-- +1.8.0 + -- cgit v1.2.3-65-gdbad