| Message ID | 20240808151335.GA5495@asgard.redhat.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | selftests/rseq/Makefile: fix relative rpath usage | expand |
On 8/8/24 09:13, Eugene Syromiatnikov wrote: > The relative RPATH ("./") supplied to linker options in CFLAGS is resolved > relative to current working directory and not the executable directory, > which will lead in incorrect resolution when the test executables are run > from elsewhere. Changing it to $ORIGIN makes it resolve relative > to the directory in which the executables reside, which is supposedly > the desired behaviour. > > Discovered by the /usr/lib/rpm/check-rpaths script[1][2] that checks > for insecure RPATH/RUNPATH[3], such as containing relative directories, > during an attempt to package BPF selftests for later use in CI: > > ERROR 0004: file '/usr/libexec/kselftests/bpf/urandom_read' contains an insecure runpath '.' in [.] > > [1] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpaths > [2] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpaths-worker > [3] https://cwe.mitre.org/data/definitions/426.html > > Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com> > --- > tools/testing/selftests/rseq/Makefile | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tools/testing/selftests/rseq/Makefile b/tools/testing/selftests/rseq/Makefile > index 5a3432fceb58..27544a67d6f0 100644 > --- a/tools/testing/selftests/rseq/Makefile > +++ b/tools/testing/selftests/rseq/Makefile > @@ -6,7 +6,7 @@ endif > > top_srcdir = ../../../.. > > -CFLAGS += -O2 -Wall -g -I./ $(KHDR_INCLUDES) -L$(OUTPUT) -Wl,-rpath=./ \ > +CFLAGS += -O2 -Wall -g -I./ $(KHDR_INCLUDES) -L$(OUTPUT) -Wl,-rpath=\$$ORIGIN/ \ > $(CLANG_FLAGS) -I$(top_srcdir)/tools/include > LDLIBS += -lpthread -ldl > Wouldn't make sense to fix fix this in selftests main Makefile instead of changing the all the test makefiles Same comment on all other files. It would be easier to send these as series - please mentioned the tests run as well after this change. thanks, -- Shuah
diff --git a/tools/testing/selftests/rseq/Makefile b/tools/testing/selftests/rseq/Makefile index 5a3432fceb58..27544a67d6f0 100644 --- a/tools/testing/selftests/rseq/Makefile +++ b/tools/testing/selftests/rseq/Makefile @@ -6,7 +6,7 @@ endif top_srcdir = ../../../.. -CFLAGS += -O2 -Wall -g -I./ $(KHDR_INCLUDES) -L$(OUTPUT) -Wl,-rpath=./ \ +CFLAGS += -O2 -Wall -g -I./ $(KHDR_INCLUDES) -L$(OUTPUT) -Wl,-rpath=\$$ORIGIN/ \ $(CLANG_FLAGS) -I$(top_srcdir)/tools/include LDLIBS += -lpthread -ldl
The relative RPATH ("./") supplied to linker options in CFLAGS is resolved relative to current working directory and not the executable directory, which will lead in incorrect resolution when the test executables are run from elsewhere. Changing it to $ORIGIN makes it resolve relative to the directory in which the executables reside, which is supposedly the desired behaviour. Discovered by the /usr/lib/rpm/check-rpaths script[1][2] that checks for insecure RPATH/RUNPATH[3], such as containing relative directories, during an attempt to package BPF selftests for later use in CI: ERROR 0004: file '/usr/libexec/kselftests/bpf/urandom_read' contains an insecure runpath '.' in [.] [1] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpaths [2] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpaths-worker [3] https://cwe.mitre.org/data/definitions/426.html Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com> --- tools/testing/selftests/rseq/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)