hikptool/0003-fix-the-security-compilation-PIE-issue.patch

From bac5c53adcb43f4bbba6f436c98d6451d55c80ad Mon Sep 17 00:00:00 2001
From: veega2022 <zhuweijia@huawei.com>
Date: Wed, 15 Mar 2023 08:28:37 +0000
Subject: [PATCH] fix the security compilation PIE issue

add link options "-fPIE -pie", because the -T link is used, the pie becomes
invalid.Therefore,change the ld file PROVIDE address to 0.

Signed-off-by: veega2022 <zhuweijia@huawei.com>
---
 CMakeLists.txt   | 4 ++--
 hikp_register.ld | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0ba7370..6a396e7 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -11,7 +11,7 @@
 
 project(hikptool C)
 
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 -pie -fPIE -Wall")
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 -fPIC -fPIE -Wall")
 set(CMAKE_SKIP_RPATH TRUE)
 
 macro(get_header_dir_recurse HEADER_DIR_LIST)
@@ -44,6 +44,6 @@ target_include_directories(hikptool PRIVATE ${HIKPTOOL_HEADER_DIR})
 target_link_directories(hikptool PRIVATE ${CMAKE_INSTALL_PREFIX}/lib)
 target_link_libraries(hikptool PRIVATE KPTDEV_SO)
 target_link_options(hikptool PRIVATE
-	-Wl,-z,relro,-z,now -Wl,-z,noexecstack	
+	-Wl,-z,relro,-z,now -Wl,-z,noexecstack -fPIE -pie
 	-g -lpthread -ldl -lm -lrt -T ${CMAKE_CURRENT_SOURCE_DIR}/hikp_register.ld)
 install(TARGETS hikptool RUNTIME DESTINATION bin OPTIONAL)
diff --git a/hikp_register.ld b/hikp_register.ld
index b1bec44..3bd44ff 100644
--- a/hikp_register.ld
+++ b/hikp_register.ld
@@ -11,7 +11,7 @@ SEARCH_DIR("=/usr/aarch64-Huawei-linux/lib64"); SEARCH_DIR("=/usr/lib64"); SEARC
 SECTIONS
 {
   /* Read-only sections, merged into text segment: */
-  PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x400000)); . = SEGMENT_START("text-segment", 0x400000) + SIZEOF_HEADERS;
+  PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x0)); . = SEGMENT_START("text-segment", 0x0) + SIZEOF_HEADERS;
   .interp         : { *(.interp) }
   .note.gnu.build-id : { *(.note.gnu.build-id) }
   .hash           : { *(.hash) }
-- 
2.25.1
fix hikptool security compilation PIE issue add link option -pie and change the link ld file PROVIDE address to 0x0 Signed-off-by: veega2022 <zhuweijia@huawei.com> 2023-03-15 09:34:36 +00:00			`From bac5c53adcb43f4bbba6f436c98d6451d55c80ad Mon Sep 17 00:00:00 2001`
			`From: veega2022 <zhuweijia@huawei.com>`
			`Date: Wed, 15 Mar 2023 08:28:37 +0000`
			`Subject: [PATCH] fix the security compilation PIE issue`

			`add link options "-fPIE -pie", because the -T link is used, the pie becomes`
			`invalid.Therefore,change the ld file PROVIDE address to 0.`

			`Signed-off-by: veega2022 <zhuweijia@huawei.com>`
			`---`
			`CMakeLists.txt \| 4 ++--`
			`hikp_register.ld \| 2 +-`
			`2 files changed, 3 insertions(+), 3 deletions(-)`

			`diff --git a/CMakeLists.txt b/CMakeLists.txt`
			`index 0ba7370..6a396e7 100644`
			`--- a/CMakeLists.txt`
			`+++ b/CMakeLists.txt`
			`@@ -11,7 +11,7 @@`

			`project(hikptool C)`

			`-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 -pie -fPIE -Wall")`
			`+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 -fPIC -fPIE -Wall")`
			`set(CMAKE_SKIP_RPATH TRUE)`

			`macro(get_header_dir_recurse HEADER_DIR_LIST)`
			`@@ -44,6 +44,6 @@ target_include_directories(hikptool PRIVATE ${HIKPTOOL_HEADER_DIR})`
			`target_link_directories(hikptool PRIVATE ${CMAKE_INSTALL_PREFIX}/lib)`
			`target_link_libraries(hikptool PRIVATE KPTDEV_SO)`
			`target_link_options(hikptool PRIVATE`
			`- -Wl,-z,relro,-z,now -Wl,-z,noexecstack`
			`+ -Wl,-z,relro,-z,now -Wl,-z,noexecstack -fPIE -pie`
			`-g -lpthread -ldl -lm -lrt -T ${CMAKE_CURRENT_SOURCE_DIR}/hikp_register.ld)`
			`install(TARGETS hikptool RUNTIME DESTINATION bin OPTIONAL)`
			`diff --git a/hikp_register.ld b/hikp_register.ld`
			`index b1bec44..3bd44ff 100644`
			`--- a/hikp_register.ld`
			`+++ b/hikp_register.ld`
			`@@ -11,7 +11,7 @@ SEARCH_DIR("=/usr/aarch64-Huawei-linux/lib64"); SEARCH_DIR("=/usr/lib64"); SEARC`
			`SECTIONS`
			`{`
			`/* Read-only sections, merged into text segment: */`
			`- PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x400000)); . = SEGMENT_START("text-segment", 0x400000) + SIZEOF_HEADERS;`
			`+ PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x0)); . = SEGMENT_START("text-segment", 0x0) + SIZEOF_HEADERS;`
			`.interp : { *(.interp) }`
			`.note.gnu.build-id : { *(.note.gnu.build-id) }`
			`.hash : { *(.hash) }`
			`--`
			`2.25.1`