When trying to run genkernel on a hardened system, genkernel is not able to compile udev. Reproducible: Always Steps to Reproduce: 1. Install hardened-dev-sources and hardened system 2. Compile a new kernel with genkernel Make sure that genkernel binary cache is empty. Actual Results: The is the end of the message : libgcc/__udivmoddi4.o(.text+0xcc):libgcc/__udivmoddi4.c:32: undefined reference to `__stack_smash_handler' make[2]: *** [libc.so] Error 1 make[2]: Leaving directory `/var/tmp/genkernel/udev-039/klibc/klibc' make[1]: *** [all] Error 2 make[1]: Leaving directory `/var/tmp/genkernel/udev-039/klibc' make: *** [/var/tmp/genkernel/udev-039/klibc/klibc/crt0.o] Error 2 * Gentoo Linux Genkernel; Version 3.1.0d * ERROR: Failed to compile the "KERNEL_DIR=/usr/src/linux-2.6.7-hardened-r17/ USE_KLIBC=true USE_LOG=false DEBUG=false udevdir=/dev all etc/udev/udev.conf" target... Expected Results: udev should be compiled. # emerge info Portage 2.0.51-r3 (hardened/x86/2.6, gcc-3.3.4, glibc-2.3.4.20040808-r1, 2.6.9-gentoo-r1 i686) ================================================================= System uname: 2.6.9-gentoo-r1 i686 Intel(R) Pentium(R) 4 CPU 2.40GHz Gentoo Base System version 1.4.16 Autoconf: sys-devel/autoconf-2.59-r5 Automake: sys-devel/automake-1.8.5-r1 Binutils: sys-devel/binutils-2.15.90.0.1.1-r3 Headers: sys-kernel/linux-headers-2.4.21-r1 Libtools: sys-devel/libtool-1.5.2-r7 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -mcpu=i686 -pipe" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -mcpu=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox" GENTOO_MIRRORS="http://gentoo.mirrored.ca http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage//packages/x86/" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://lxmaster.cesart.local/gentoo-portage" USE="berkdb crypt dlloader hardened ncurses nls pam perl pic pie python readline ssl tcpd x86 zlib"
Created attachment 47166 [details] This is genkernel log This is the genkernel log file.
this sounds like a dupe.
I've investigated this issue a little bit. The problem is due to the fact that klibc does't build on a hardened system. klibc doesn't support ssp __guard and __stack_smash_handler functions. This can be verified by trying to emerge udev with the static use flag set on a hardened system. On the other hand, udev doesn't need to be compiled with ssp for an initrd (which is the case where klibc is needed). So a fix could be to update genkernel to not compile udev with ssp if ssp is enabled. Another fix could be to make klibc compile with ssp. See bug 73112#c19.
yep.. disable it. or add stubs. http://dev.gentoo.org/~solar/ssp/ssp_simple.c
Created attachment 50177 [details, diff] add ssp stub to klibc This is a patch that add a stub to klibc so that udev compiles on a hardened system. You need to apply the patch in the udev tarball. Thanks to this patch, I can compile udev on a hardened system, create an initrd with genkernel, and boot the system with it.
I think your patch might include a little too much. (namely all the *.h files)
The header files are needed for the compilation. Otherwise, the compilation fails due to the lack of some function definitions. I've just copied the header files from /usr/include. May be all the content is not needed.
Created attachment 50280 [details, diff] Update patch for ssp stub This is an updated patch that removes all header files. Udev is compiling and my test servers reboot correctly.
Latest SSP Patch looks good; CCing Greg so he can have a look at it too.
looks ok to me.
I get the same problem with genkernel v3.1.5, is this fixed yet?
sorry make that genkernel v3.1.6.
Reassinging bug. The Hardened is powerless to fix this.
Created attachment 61128 [details, diff] Patch for udev-054.tar.bz2 in genkernel-3.1.6 This is a patch again the unpacked tarball /usr/share/genkernel/pkg/udev-054.tar.bz2 for genkernel 3.1.6 that adds the SSP stub for udev-054/klibc-0.199.
I also tested again genkernel-3.2.0_pre3 (with default settings - initramfs and udev). The same patch as the one I posted for 3.1.6 works.
according to plasmaroo this is in cvs now. You may need to clear you caches in order to make this take effect however.
This is fixed in genkernel_pre10 and up, closing bug as fixed; reopen if you have issues.
