[PATCH v3] Hexagon: implement machine flag check
Matheus Tavares Bernardino
quic_mathbern@quicinc.com
Fri Apr 5 17:26:34 GMT 2024
On Fri, 05 Apr 2024 16:45:40 +0200 Mark Wielaard <mark@klomp.org> wrote:
>
> Hi Matheus,
>
> On Thu, 2024-04-04 at 16:56 -0300, Matheus Tavares Bernardino wrote:
> > BTW, just out of curiosity, since the last incident with xz's backdoor
> > (which apparently involved malicious code disguised as a test binary),
> > has the elfutils community already considered using something like
> > Dockerfiles to generate the tests/*.ko.bz2 binaries instead of checking
> > than in the git repo? Just something that crossed my mind while I was
> > developing these patches.
>
> [...]
> In the xz-backdoor case it was actually hidden in a test binary which
> wasn't actually used in the testsuite. So that is certainly something
> to watch out for. Does someone add a binary file for no good reason?
> Also this seems to be a somewhat sophisticated hack and the would
> probably found some other way to hide something.
Good point :)
> Another would be what you suggest. Create containers for all arches
> supported and (re)generate all test binaries in that container. But
> that would be a lot of containers and for some arches you like to have
> different versions of the tools to generate them. And can that be done
> for all arches? e.g. Does hexagon have qemu support?
It does :) But I was actually thinking about using the containers to
cross-build the binaries, like we do for the QEMU tests. E.g.
https://github.com/qemu/qemu/blob/master/tests/docker/dockerfiles/debian-hexagon-cross.docker
Nonetheless, yeah, that will be a lot of containers, and a significant ammount
of work.
More information about the Elfutils-devel
mailing list