1. 前言
在linux嵌入式软件开发的过程中,我们有可能会遇到一些机构检测出的BUGS,在这里介绍一款软件:vigiles。利用它你可以进行漏洞扫描,找出你有可能未修复的漏洞。
2.环境设置
这款软件是伴随着Yocto环境使用的,其实就是在yocto 编译的时候扫一下现在code中的漏洞。
2.1 Yocto环境编译的要预装一些一些软件,可以参考一下链接:
https://www.yoctoproject.org/docs/2.6/ref-manual/ref-manual.html#ref-manual-system-requirements
2.2 下载软件代码
RELEASE=thud
git clone git://git.yoctoproject.org/poky.git -b $RELEASE //如果原来就设置好yocto编译环境的请忽略此步
git clone https://github.com/TimesysGit/meta-timesys.git -b $RELEASE
2.3 设置Yocto编译环境
如果原来就设置好yocto编译环境的请忽略此步
source poky/oe-init-build-env
3. 设置Vigiles
在 conf/bblayers.conf文件中加入meta-timesys
BBLAYERS += "${TOPDIR}/../meta-timesys"
在文件 conf/local.conf中加入
INHERIT += "vigiles"
Yocto 编译,可以用命令如下:
bitbake core-image-minimal
相应的CVEs bugs 会在目录vigiles// 中,例如:
xxxxx/vigiles$ ls -l
core-image-minimal
core-image-minimal-report.txt
linux-imx-4.14.98.config
core-image-minimal-cve.json
kconfig
u-boot-imx-2018.03.config
xxxxx/vigiles$ vim core-image-minimal-report.txt
enerated (UTC) --
-- Vigiles CVE Scanner --
https://www.timesys.com/security/vulnerability-patch-notification/
-- Date Generated (UTC) --
2020-07-09T10:09:25.480832
-- Vigiles CVE Report --
View detailed online report at:
https://linuxlink.timesys.com/cves/reports/MjgzNTI.Xwbs2A.0WFzY3k2kNa275wiP1-TaCQ5W0A
NOTE: Running in Demo Mode will cause this URL to expire after one day.
-- Vigiles CVE Overview --
Unfixed: 143
Unfixed, Patch Available: 26
Fixed: 9
CPU: 0
-- Vigiles CVE Whitelist --
(Nothing is Whitelisted)
-- Vigiles Footnotes --
* "CPU" CVEs are filed against the hardware.
They may be fixed or mitigated in other components such as the kernel or compiler.
* "Patch Available" CVEs have a fix available in the meta-timesys-security layer.
If the layer is already included, then you may need to update your copy.
* "Whitelist" Recipes and CVEs are listed in the "VIGILES_WHITELIST" variable.
They are NOT included in the report.
更详细的报告可以在以下网站查看:
https://linuxlink.timesys.com/cves/reports/MjgzNTI.Xwbs2A.0WFzY3k2kNa275wiP1-TaCQ5W0A
我们可以注册一个限时免费的账号,查看一下详细的报告。好了,就先讲到这里吧,更高级的用法请参考以下链接:
https://github.com/TimesysGit/meta-timesys/tree/thud