Closed leycec closed 3 years ago
Relatedly, the LIEF_INSTALL_PYTHON
CMake option declared by cmake/LIEFOptions.cmake
silently reduces to a noop. It isn't actually used anywhere, but should be; ideally, enabling that option should instruct the api/python/CMakeLists.txt
file to install the generated pyLIEF C extension into the site-packages/
subdirectory of the target Python interpreter.
Of course, setup.py
exists – but that's really just a thin wrapper around cmake
and ninja
lacking most of the configurability of the top-level CMakeLists.txt
file. Gentoo currently ignores LIEF's setup.py
in lieu of directly invoking cmake
and ninja
, because patching setup.py
to respect our CMake toolchain mostly seems like an exercise in futility. </sigh>
Hello @leycec,
Thanks for having taken time to write this ~tale~ issue!
I slowly received the uncontrollable urge to break keyboards
Sorry to hear that and if it can help, I can send you a LIEF's sticker to put on you keyboard (It was helpful for me :blush:)
Actually (and I take the point), there is no documentation on these options and I'll address this problem. For the (missing) context, DEX, ART, OAT and VDEX are formats related to Android and they depend each other. This is why disabling DEX fails but disabling DEX, OAT and VDEX works.
And thanks for your tireless attention, LEIF developers
My pleasure!
Maintaining a code behemoth of this magnitude cannot be easy. I salute your bravery and integrity in the face of ongoing development pain.
I return the compliment for being a package manager for Gentoo, sincerely!
Sorry to hear that and if it can help, I can send you a LIEF's sticker to put on you keyboard (It was helpful for me :blush:)
Yes! Yes! Smiling LIEF stickers plastered all over my keyboard is exactly what I've been missing all this time – only I never knew it!
But... seriously. Thanks for accommodating my obvious frustration with genuinely funny humour. As a fellow package maintainer, this is the way you convert grumpy gripers into satisfied smilers.
You win @leycec's Gold Star for Customer Service today, Romain. :star2:
Yikes. Gentoo is issuing an automated QA notice concerning an insecure RUNPATH
in LIEF's api/python/lief.so
shared library:
* QA Notice: The following files contain insecure RUNPATHs
* Please file a bug about this at https://bugs.gentoo.org/
* with the maintainer of the package.
* /var/tmp/portage/dev-libs/lief-0.11.5/image/usr/lib/python3.9/site-packages/lief.so
* RPATH: /var/tmp/portage/dev-libs/lief-0.11.5/work/lief-0.11.5_build
That's a potential CVE in the making. Insecure RPATHS like this enable malicious black hats to inject arbitrary code at LIEF runtime by adding arbitrary shared libraries to that RPATH.
Of course, this assumes black hats have write permissions to that RPATH. That isn't likely in Gentoo's case, as /var/tmp/portage
isn't world-writeable. All bets are off on other platforms – especially platforms that build CMake-based packages in /tmp
, which typically is world-writeable.
The underlying issue is that LIEF makefiles are erroneously passing -rpath
when generating this library: e.g.,
... -Wl,-rpath,/var/tmp/portage/dev-libs/lief-0.11.5/work/lief-0.11.5_build libLIEF.so
I've traced this to line 5559 (on my machine, of course – YMMV) of the generated build.ninja
makefile, which resembles:
LINK_LIBRARIES = -Wl,-rpath,/var/tmp/portage/dev-libs/lief-0.11.5/work/lief-0.11.5_build libLIEF.so
I'm not as conversant in cmake
and ninja
as I'd like, so I'm afraid that's as far down the black hat rabbit hole as my expertise goes. But... yeah. This is super-bad, especially because LIEF is often leveraged by security consultants. It doesn't look good, you know? This would probably be a great time to define a project-wide security policy.
I'd escalate resolving that insecurity with all haste before the other shoe drops. You really do not want that shoe to drop, Romain. :warning: :skull: :skull_and_crossbones: :radioactive:
Fascinating. Because this is so horrible, I couldn't help but dig deeper. It's like an abscessed molar. You just want to keep poking it.
The scary insecurity detailed by my prior comment shouldn't be happening. ninja install
already strips insecure RPATHS from installed libraries – which should also include the the api/python/lief.so
shared library.
ninja install
isn't doing that, though. Why? Because api/python/CMakeLists.txt
isn't actually installing the library it generates. It obviously should be, because not doing that gives you this scary insecurity. That's the real underlying issue here and the ultimate cause of this insanity.
Fortunately, fixing this should be trivial. You just need to respect rather than ignore the LIEF_INSTALL_PYTHON
CMake option declared by cmake/LIEFOptions.cmake
. Specifically, you need to add something resembling the following to the end of api/python/CMakeLists.txt
:
IF(LIEF_INSTALL_PYTHON)
INSTALL(
FILES ${PROJECT_BINARY_DIR}/api/python/lief.so
DESTINATION ${CMAKE_INSTALL_LIBDIR}
COMPONENT Application
)
ENDIF()
Untested, of course, but probably not too far from the mark. Phew! I can finally rest in peace knowing that LIEF might actually be packageable after several nightmarish days of mud-wrestling with LIEF's "unique" build system.
Phew! I can finally rest in peace knowing that LIEF might actually be packageable
Well done! You passed the first challenge!
The next step is to learn cmake (you can start with: RPATH handling) :kissing_heart:
...wut? None of these breaking installation issues were resolved, so this shouldn't have been closed. Denial is not a river in Egypt.
I'm getting the firm impression here that LIEF has a troubled development history, questionable goals, and toxic management – which means I'm outta here. Ain't nobody got scarce volunteer time for shenanigans.
On Gentoo's side, we'll sanitize LIEF's broken build process by (A) not disabling CMake options enabled by default and (B) manually patching api/python/CMakeLists.txt
to properly install RPATH-less Python bindings.
Have a good dev cycle, I guess? </sigh>
@leycec I'm curious, did they fix it?
@blshkv which ones?
Hi! I'm @leycec, the stalwart volunteer currently packaging the most recent stable release of LIEF (...so, LIEF 0.11.5) for Gentoo Linux. LIEF is a mandatory build-time dependency for CadQuery, which is what I'm really trying to package and which imports LIEF's Python API to dump symbols for Open Cascade.
Who cares! On with the ugly parade of bugs.
A Tale of Two Terrible Bugs
Okay. Let's admit that packaging LIEF hasn't gone well.
LIEF's CMake-based build system is surprisingly fragile, constantly falling down and refusing to get up in common use scenarios. Various options described by
cmake/LIEFOptions.cmake
appear to mostly be untested, as disabling those options induces fatal compilation errors – but only after ten to twenty minutes of successful compilation, which only complicates an already overcomplicated build system.The most egregious of these is the
-DLIEF_DEX
option governing DEX instrumentation. This option is thankfully enabled by default, because disabling this option destroys everything. What's mystifying is that the exact compilation error raised by disabling this option contextually changes based on which other CMake options are concurrently enabled or disabled.I'll list the two prominent errors I hit here, but there are likely more.
DEX Must Die
Let's first disable DEX and only DEX by passing
-DLIEF_DEX=OFF
. Okay, we technically also disableccache
, becauseccache
is ostensibly insane and we're trying to maximize sanity here:That's... not great. On the bright side, this failure erupts after only a minute or so of compilation; on the dark side, the endless litany of non-human-readable errors is somewhat less than ideal.
DEX, OAT, and VDEX Must Also Die
Let's next disable DEX, OAT, and VDEX altogether to circumvent the above error by passing
-DLIEF_DEX=OFF -DLIEF_OAT=OFF -DLIEF_VDEX=OFF
.And... that actually works! The raccoons currently eating all of the tomatoes on our front deck rejoice. :raccoon: :tomato: :raccoon:
PE, ART, DEX, OAT, and VDEX Must All Die
Great. So, let's just go ahead and disable all format-specific instrumentation except for the two most popular POSIX-friendly formats (i.e., ELF and Macho-O) by passing
-DLIEF_PE=OFF -DLIEF_ART=OFF -DLIEF_DEX=OFF -DLIEF_OAT=OFF -DLIEF_VDEX=OFF
.Because bugs breed like flies in the muggy Canadian heat, we now receive a completely different compilation error on a completely different compilation unit:
That's even worse. On the bright side, there's only a single prominent error; on the dark side, that error only erupts after ten to twenty minutes of compilation and (much more importantly) has no obvious relation to the underlying CMake options causing this error.
The superficial
"error: aggregate ‘std::ostringstream stream’ has incomplete type and cannot be defined"
message just means there's a missing#include <sstring>
inpyBinary.cpp
, presumably due to some perfidious nesting of conditional includes. Debugging that error back to its root cause, however, took me the better part of several days.In reflection, that wasn't necessarily time well-spent.
Another Rotten Leaf Falls
Gentoo's LIEF package currently circumvents everything above by unconditionally enabling all format-specific CMake options (e.g., by internally forcing
-DLIEF_ELF=ON -DLIEF_PE=ON -DLIEF_MACHO=ON -DLIEF_ART=ON -DLIEF_DEX=ON -DLIEF_OAT=ON -DLIEF_VDEX=ON
). That's really non-ideal for us, because the whole point of using Gentoo in the first place is fine-grained control over compilation. Still, working but non-configurable >>>>>>>> non-working but configurable.While debugging everything above, I slowly received the uncontrollable urge to break keyboards. It'd be great if these issues could be resolved to prevent any future hardship to keyboards.
As scarce volunteer time permits, it'd also be great if LIEF's continuous integration suite could be updated to test these problematic permutations of CMake options. Since I'll be packaging LIEF for the foreseeable future on Gentoo, I'm really hoping to avoid painful regressions in the future. Please help me help you.
And thanks for your tireless attention, LEIF developers. Maintaining a code behemoth of this magnitude cannot be easy. I salute your bravery and integrity in the face of ongoing development pain.