Summary: | sys-libs/glibc compile fails with -fstack-protector and -fstack-protector-all | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | George Prowse <cokehabit> |
Component: | Current packages | Assignee: | The Gentoo Linux Hardened Team <hardened> |
Status: | RESOLVED WORKSFORME | ||
Severity: | normal | CC: | bircoph, gentoo.bugzilla, lamusicc |
Priority: | High | ||
Version: | 2008.0 | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
URL: | http://sources.redhat.com/bugzilla/show_bug.cgi?id=7065 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
George Prowse
2010-07-02 22:07:02 UTC
if you want SSP support, use the hardened toolchain+profile. randomly dropping SSP into CFLAGS is otherwise not currently supported. i believe building glibc with a hardened toolchain works just fine. *** Bug 326675 has been marked as a duplicate of this bug. *** I understand why you say I should use the hardened toolchain but why is this a problem with glibc and glibc only? If this is fixed for glibc then I have no need to use the hardened toolchain. (In reply to comment #4) > I understand why you say I should use the hardened toolchain but why is this a > problem with glibc and glibc only? If this is fixed for glibc then I have no > need to use the hardened toolchain. > We disable -fstack-protector and -fstack-protector-all on the hardened toolchain when building glibc for it is not supported upstream. See the bug in the URL. (In reply to comment #5) > We disable -fstack-protector and -fstack-protector-all on the hardened > toolchain when building glibc for it is not supported upstream. See the bug in > the URL. Then why not to filter -fstack-protector* in the ebuild itself for any toolschain? This will save a lot of time and health for many people. (In reply to comment #6) > Then why not to filter -fstack-protector* in the ebuild itself for any > toolschain? This will save a lot of time and health for many people. > Well we filter in the ebuild, or rather in the file the ebuild uses, line 173 in the following file: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-libs/glibc/files/eblits/common.eblit?view=markup We do however only filter it for hardened since adding -fno-stack-protector for all builds would be unnecessary as the only benefit that would give is for unsupported usages of SSP, and have some disadvantages as bigger build.logs when stuff goes wrong and so on. is there a way to warn users of this so they dont have to look for a bug? *** Bug 330571 has been marked as a duplicate of this bug. *** |