Enhance security for share library
Remove rpath link option, Due to it's easy for attacher to construct 'rpath' attacks. Signed-off-by: Weifeng Su <suweifeng1@huawei.com> (cherry picked from commit cf9487b4b3fb7b536afefee1cff5fb92ecddeb9c)
This commit is contained in:
Weifeng Su
openeuler-sync-bot
parent
668f0bc69a
commit
df5baf7c7b
28
0016-Enhance-security-for-share-library.patch
Normal file
28
0016-Enhance-security-for-share-library.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From 56b3831310673beeb0b7d5121cf36b1993ebe322 Mon Sep 17 00:00:00 2001
|
||||
From: Weifeng Su <suweifeng1@huawei.com>
|
||||
Date: Tue, 15 Mar 2022 11:25:02 +0000
|
||||
Subject: [PATCH] Enhance security for share library
|
||||
|
||||
Remove rpath link option, Due to it's easy for attacher to
|
||||
construct 'rpath' attacks.
|
||||
|
||||
Signed-off-by: Weifeng Su <suweifeng1@huawei.com>
|
||||
---
|
||||
mk/spdk.common.mk | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/mk/spdk.common.mk b/mk/spdk.common.mk
|
||||
index f9409c4..8569687 100644
|
||||
--- a/mk/spdk.common.mk
|
||||
+++ b/mk/spdk.common.mk
|
||||
@@ -293,7 +293,6 @@ LINK_CXX=\
|
||||
# Provide function to ease build of a shared lib
|
||||
define spdk_build_realname_shared_lib
|
||||
$(CC) -o $@ -shared $(CPPFLAGS) $(LDFLAGS) \
|
||||
- -Wl,-rpath=$(DESTDIR)/$(libdir) \
|
||||
-Wl,--soname,$(notdir $@) \
|
||||
-Wl,--whole-archive $(1) -Wl,--no-whole-archive \
|
||||
-Wl,--version-script=$(2) \
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
|
||||
Name: spdk
|
||||
Version: 21.01.1
|
||||
Release: 3
|
||||
Release: 4
|
||||
Summary: Set of libraries and utilities for high performance user-mode storage
|
||||
License: BSD and MIT
|
||||
URL: http://spdk.io
|
||||
@ -23,6 +23,7 @@ Patch12: 0012-spdk-use-fstack-protector-strong-instead-of-fstack-p.patch
|
||||
Patch13: 0013-lib-vhost-Fix-compilation-with-dpdk-21.11.patch
|
||||
Patch14: 0014-mk-Fix-debug-build-error-on-ARM-ThunderX2-and-neoverse_N1_platform.patch
|
||||
Patch15: 0015-configure-add-gcc-version-check-for-ARM-Neoverse-N1_platform.patch
|
||||
Patch16: 0016-Enhance-security-for-share-library.patch
|
||||
|
||||
%define package_version %{version}-%{release}
|
||||
|
||||
@ -176,6 +177,10 @@ mv doc/output/html/ %{install_docdir}
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Mar 15 2022 Weifeng Su <suweifeng1@huawei.com> - 21.01.1-4
|
||||
- Remove rpath link option, Due to it's easy for attacher to
|
||||
construct 'rpath' attacks
|
||||
|
||||
* Fri Feb 25 2022 Hongtao Zhang <zhanghongtao22@huawei.com> - 21.01.1-3
|
||||
- Fix build error on ARM ThunderX2 and neoverse N1 platform
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user