diff --git a/Config.in b/Config.in index d730f2034b..9ad4198d14 100644 --- a/Config.in +++ b/Config.in @@ -741,6 +741,24 @@ config BR2_GLOBAL_PATCH_DIR menu "Advanced" +config BR2_COMPILER_PARANOID_UNSAFE_PATH + bool "paranoid check of library/header paths" + default y + help + By default, when this option is disabled, when the Buildroot + cross-compiler will encounter an unsafe library or header path + (such as /usr/include, or /usr/lib), the compiler will display + a warning. + + By enabling this option, this warning is turned into an error, + which will completely abort the build when such unsafe paths + are encountered. + + Note that this mechanism is available for both the internal + toolchain (through the toolchain wrapper and binutils patches) + and external toolchain backends (through the toolchain + wrapper). + config BR2_FORCE_HOST_BUILD bool "Force the building of host dependencies" help diff --git a/package/Makefile.in b/package/Makefile.in index 829636900b..b2028f9a7c 100644 --- a/package/Makefile.in +++ b/package/Makefile.in @@ -447,8 +447,9 @@ else ifeq ($(BR2_SHARED_STATIC_LIBS),y) SHARED_STATIC_LIBS_OPTS = --enable-static --enable-shared endif -# Used by our binutils patches. +ifeq ($(BR2_COMPILER_PARANOID_UNSAFE_PATH),y) export BR_COMPILER_PARANOID_UNSAFE_PATH=enabled +endif include package/pkg-download.mk include package/pkg-autotools.mk diff --git a/support/config-fragments/minimal.config b/support/config-fragments/minimal.config index 3430fcce11..71344e2c69 100644 --- a/support/config-fragments/minimal.config +++ b/support/config-fragments/minimal.config @@ -4,4 +4,5 @@ BR2_INIT_NONE=y BR2_SYSTEM_BIN_SH_NONE=y # BR2_PACKAGE_BUSYBOX is not set # BR2_TARGET_ROOTFS_TAR is not set +BR2_COMPILER_PARANOID_UNSAFE_PATH=y BR2_PACKAGE_BUSYBOX_SHOW_OTHERS=y diff --git a/toolchain/toolchain-wrapper.c b/toolchain/toolchain-wrapper.c index 8b1fb79dde..6d23b81ef8 100644 --- a/toolchain/toolchain-wrapper.c +++ b/toolchain/toolchain-wrapper.c @@ -157,6 +157,7 @@ static const struct str_len_s unsafe_opts[] = { */ static void check_unsafe_path(const char *arg, const char *path, + int paranoid, int arg_has_path) { const struct str_len_s *p; @@ -165,12 +166,14 @@ static void check_unsafe_path(const char *arg, if (strncmp(path, p->str, p->len)) continue; fprintf(stderr, - "%s: ERROR: unsafe header/library path used in cross-compilation: '%s%s%s'\n", + "%s: %s: unsafe header/library path used in cross-compilation: '%s%s%s'\n", program_invocation_short_name, + paranoid ? "ERROR" : "WARNING", arg, arg_has_path ? "" : "' '", /* close single-quote, space, open single-quote */ arg_has_path ? "" : path); /* so that arg and path are properly quoted. */ - exit(1); + if (paranoid) + exit(1); } } @@ -245,6 +248,8 @@ int main(int argc, char **argv) char *progpath = argv[0]; char *basename; char *env_debug; + char *paranoid_wrapper; + int paranoid; int ret, i, count = 0, debug = 0, found_shared = 0, found_nonoption = 0; /* Debug the wrapper to see arguments it was called with. @@ -475,6 +480,12 @@ int main(int argc, char **argv) #endif } + paranoid_wrapper = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH"); + if (paranoid_wrapper && strlen(paranoid_wrapper) > 0) + paranoid = 1; + else + paranoid = 0; + /* Check for unsafe library and header paths */ for (i = 1; i < argc; i++) { const struct str_len_s *opt; @@ -491,9 +502,9 @@ int main(int argc, char **argv) i++; if (i == argc) break; - check_unsafe_path(argv[i-1], argv[i], 0); + check_unsafe_path(argv[i-1], argv[i], paranoid, 0); } else - check_unsafe_path(argv[i], argv[i] + opt->len, 1); + check_unsafe_path(argv[i], argv[i] + opt->len, paranoid, 1); } }