Re: [dev] Bifrost/Linux - statically linked distro

From: Paul Onyschuk <blink_AT_bojary.koba.pl>
Date: Tue, 6 Dec 2011 21:10:55 +0100

On Thu, 24 Nov 2011 08:59:32 +0100
pancake wrote:

>
> Why --disable-pie? I think this is main security issue here. And its
> even more dangerous because its used on static bins.
>

I played a bit with build system of Bifrost. Shell script (mostly grep)
"B-configure-1" is used to pass building options and so on. It first
checks "./configure --help" for supported options and then depending
what is available specific options are passed.

So if "--disable-pie" isn't found in "./configure --help" this option
isn't passed. I'm not sure which tools support "--disable-pie", but I
won't be surprised if number is pretty low. AFAIK "--disable-pie" is
used for Quagga, which have problems with static linking otherwise.

>
> Looks like an interesting project. I would like to see support for
> other static libcs. In fact you should be able to use bins against
> bionic or againsg uclibc in the same system.
>

Some tools are linked against dietlibc, for example check
"all/ipmask-1" in bifrost-build system (I provided link to github page
earlier).

Currently Bifrost build system in using chroot images provides by
uClibc project, which are based on old version (year 2009) of Aboriginal
Linux [1] I think. It seems that newer chroot images provides by
Aboriginal can be used also - at least I created some "packages" (some
required adding flag "--allow-multiple-definition" to LDFLAGS, because
there is a bug in static version of pthread provided by uClibc).

Using chroot image make sense, because you don't wanna mess up
production version with libraries and headers. Other solution would be
probably cross-compiling, but with GCC it's a hell.

I think that Aboriginal Linux could be modified to use bionic or
musl libc instead of uClibc. This would provide good solution for
building binaries against bionic/musl. There are even chroot images
provided by Gentoo-Bionic [2] project, but I didn't play with them yet.

As for other informations regarding Bifrost Linux, wiki [3] was created.


[1] http://www.landley.net/aboriginal/
[2] http://code.google.com/p/gentoo-bionic/
[3] https://wiki.ict.kth.se/bifrost/
Received on Tue Dec 06 2011 - 21:10:55 CET

This archive was generated by hypermail 2.3.0 : Tue Dec 06 2011 - 21:12:04 CET