Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix hardened-binaries test for .NET 9 #360

Merged
merged 1 commit into from
Jul 4, 2024
Merged

Fix hardened-binaries test for .NET 9 #360

merged 1 commit into from
Jul 4, 2024

Conversation

omajid
Copy link
Member

@omajid omajid commented Jul 4, 2024

With .NET 9, the NativeAOT feature results in the inclusion of a few .o (object) files in the SDK. The file reports those as:

/usr/lib64/dotnet/.../libbootstrapper.o: ELF 64-bit LSB...

Which means the test then tries to check if it was linked with BIND_NOW and GNU_RELRO. That doesn't make any sense, because this isn't a shared library or an executable that the linker has run over.

Fix that by skipping testing any .o files.

@omajid omajid requested a review from tmds July 4, 2024 12:19
@tmds
Copy link
Member

tmds commented Jul 4, 2024

Thanks for looking into this @omajid!

It would be nice if this test would be explicit about what expectation isn't met for a certain file. Currently, the output is the matches (passes), which makes it unclear what the failing condition is.

This was the output for the failure:

: Executing /tmp/tmp.32WkuZAAK7/dotnet-regular-tests/hardened-binaries/test.sh with arguments 9.0.0-preview.7.24352.15 in working directory /tmp/tmp.32WkuZAAK7/dotnet-regular-tests/hardened-binaries
.NET Core base directory: /tmp/tmp.32WkuZAAK7/.dotnet
/tmp/tmp.32WkuZAAK7/.dotnet/dotnet
GNU_RELRO      0x0000000000011a00 0x0000000000012a00 0x0000000000012a00
0x000000000000001e (FLAGS)              BIND_NOW
/tmp/tmp.32WkuZAAK7/.dotnet/host/fxr/9.0.0-preview.7.24352.15/libhostfxr.so
GNU_RELRO      0x0000000000048760 0x0000000000048760 0x0000000000048760
0x000000000000001e (FLAGS)              SYMBOLIC BIND_NOW
/tmp/tmp.32WkuZAAK7/.dotnet/packs/Microsoft.NETCore.App.Host.fedora.39-x64/9.0.0-preview.7.24352.15/runtimes/fedora.39-x64/native/apphost
GNU_RELRO      0x00000000000119f0 0x00000000000129f0 0x00000000000129f0
0x000000000000001e (FLAGS)              BIND_NOW
/tmp/tmp.32WkuZAAK7/.dotnet/packs/Microsoft.NETCore.App.Host.fedora.39-x64/9.0.0-preview.7.24352.15/runtimes/fedora.39-x64/native/libnethost.so
GNU_RELRO      0x00000000000109e0 0x00000000000109e0 0x00000000000109e0
0x000000000000001e (FLAGS)              SYMBOLIC BIND_NOW
/tmp/tmp.32WkuZAAK7/.dotnet/packs/Microsoft.NETCore.App.Host.fedora.39-x64/9.0.0-preview.7.24352.15/runtimes/fedora.39-x64/native/singlefilehost
GNU_RELRO      0x0000000000aaf7f0 0x0000000000ab07f0 0x0000000000ab07f0
0x000000000000001e (FLAGS)              BIND_NOW
/tmp/tmp.32WkuZAAK7/.dotnet/packs/runtime.fedora.39-x64.Microsoft.DotNet.ILCompiler/9.0.0-preview.7.24352.15/framework/libSystem.Globalization.Native.so
GNU_RELRO      0x000000000000ed28 0x000000000000fd28 0x000000000000fd28
0x000000000000001e (FLAGS)              BIND_NOW
/tmp/tmp.32WkuZAAK7/.dotnet/packs/runtime.fedora.39-x64.Microsoft.DotNet.ILCompiler/9.0.0-preview.7.24352.15/framework/libSystem.IO.Compression.Native.so
GNU_RELRO      0x00000000000d5ab0 0x00000000000d6ab0 0x00000000000d6ab0
0x000000000000001e (FLAGS)              BIND_NOW
/tmp/tmp.32WkuZAAK7/.dotnet/packs/runtime.fedora.39-x64.Microsoft.DotNet.ILCompiler/9.0.0-preview.7.24352.15/framework/libSystem.Native.so
GNU_RELRO      0x00000000000167d0 0x00000000000177d0 0x00000000000177d0
0x000000000000001e (FLAGS)              BIND_NOW
/tmp/tmp.32WkuZAAK7/.dotnet/packs/runtime.fedora.39-x64.Microsoft.DotNet.ILCompiler/9.0.0-preview.7.24352.15/framework/libSystem.Net.Security.Native.so
GNU_RELRO      0x0000000000002d48 0x0000000000003d48 0x0000000000003d48
0x000000000000001e (FLAGS)              BIND_NOW
/tmp/tmp.32WkuZAAK7/.dotnet/packs/runtime.fedora.39-x64.Microsoft.DotNet.ILCompiler/9.0.0-preview.7.24352.15/framework/libSystem.Security.Cryptography.Native.OpenSsl.so
GNU_RELRO      0x000000000001de18 0x000000000001ee18 0x000000000001ee18
0x000000000000001e (FLAGS)              BIND_NOW
/tmp/tmp.32WkuZAAK7/.dotnet/packs/runtime.fedora.39-x64.Microsoft.DotNet.ILCompiler/9.0.0-preview.7.24352.15/sdk/libbootstrapperdll.o

@tmds
Copy link
Member

tmds commented Jul 4, 2024

It would be nice if this test would be explicit about what expectation isn't met for a certain file. Currently, the output is the matches (passes), which makes it unclear what the failing condition is.

We could just add set -x to do this.

@omajid
Fix hardened-binaries test for .NET 9
2508b87 
With .NET 9, the NativeAOT feature results in the inclusion of a few .o
(object) files in the SDK. The `file` reports those as:

    /usr/lib64/dotnet/.../libbootstrapper.o: ELF 64-bit LSB...

Which means the test then tries to check if it was linked with BIND_NOW
and GNU_RELRO. That doesn't make any sense, because this isn't a shared
library or an executable that the linker has run over.

Fix that by skipping testing any `.o` files.
@omajid omajid force-pushed the fix-hardened-binary-test-dotnet-9 branch from 327e04a to 2508b87 Compare July 4, 2024 13:44
@omajid omajid merged commit 487a333 into redhat-developer:main Jul 4, 2024
13 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tmds tmds Awaiting requested review from tmds

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@omajid @tmds