[CDRIVER-1688] Test in Evergreen with hardening flags Created: 10/Oct/16  Updated: 20/Jul/17  Resolved: 20/Jul/17

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.8.0

Type: New Feature Priority: Major - P3
Reporter: Hannes Magnusson Assignee: Hannes Magnusson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to CDRIVER-1574 Remove --enable-hardening (which is a... Closed
Epic Link: mongoc-toolchain

 Description   

Compile libbson and libmongoc with hardening flags enabled and run the test suites in Evergreen to catch things like buffer overruns. See for example CDRIVER-1574. We should also enable ASLR and DEP on Windows.



 Comments   
Comment by Githook User [ 20/Jul/17 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-1688 Test in Evergreen with hardening flags
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/78c5058146894c68c936848c5db5f28b9981319d

Comment by A. Jesse Jiryu Davis [ 28/Oct/16 ]

Sounds good to me.

Comment by Hannes Magnusson [ 27/Oct/16 ]

Good question.

Rather then adding this as a configure flags, we should probably just have a evergreen build stuffing the relevant flags into CFLAGS and run the tests.

There is no need to have this as a configure flag, we don't provide binaries, and its up to the binary creators to decide on how to harden it.
We should however test with at least some subset of the normal ones

Comment by A. Jesse Jiryu Davis [ 24/Oct/16 ]

bjori is this a feature in our test suite, or a feature for all users who install the driver?

What version do you want to release this in?

Comment by Hannes Magnusson [ 11/Oct/16 ]

Couple of notes:

  • Solaris failure:
    https://evergreen.mongodb.com/task/mongo_c_driver_solaris_debug_compile_44765ab7caae03efc282eba9a982e2b2568c0b58_16_10_08_19_30_09

    [2016/10/09 10:54:06.303] Undefined			first referenced
    [2016/10/09 10:54:06.303]  symbol  			    in file
    [2016/10/09 10:54:06.303] __stack_chk_fail                    ./.libs/libbson.a(libbson_la-bson-iso8601.o)
    [2016/10/09 10:54:06.303] __stack_chk_guard                   ./.libs/libbson.a(libbson_la-bson-iso8601.o)
    [2016/10/09 10:54:06.303] ld: fatal: symbol referencing errors. No output written to .libs/test-libbson
    [2016/10/09 10:54:06.303] collect2: error: ld returned 1 exit status
    [2016/10/09 10:54:06.305] make: Fatal error: Command failed for target `test-libbson'
    

    Requires linking with

    -fno-stack-protector

    as well.

  • RHEL 7.0
    https://evergreen.mongodb.com/task/mongo_c_driver_gcc48rhel_debug_compile_44765ab7caae03efc282eba9a982e2b2568c0b58_16_10_08_19_30_09

    [2016/10/09 10:48:47.857] In file included from /usr/include/stdio.h:27:0,
    [2016/10/09 10:48:47.857]                  from src/bson/bcon.c:22:
    [2016/10/09 10:48:47.857] /usr/include/features.h:330:4: error: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp]
    [2016/10/09 10:48:47.857]  #  warning _FORTIFY_SOURCE requires compiling with optimization (-O)
    [2016/10/09 10:48:47.857]     ^
    [2016/10/09 10:48:47.887] cc1: all warnings being treated as errors
    [2016/10/09 10:48:47.890] make[1]: *** [src/bson/libbson_la-bcon.lo] Error 1
    

Requires enabling optimizations when built with _FIRTIFY_SOURCE

Generated at Wed Feb 07 21:13:07 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.