Bug 73112 - genkernel 3.0.1c fails with uclibc/hardened (due to dietlibc-0.27)
Bug#: 73112 Product:  Gentoo Linux Version: unspecified Platform: All
OS/Version: All Status: RESOLVED Severity: major Priority: P2
Resolution: FIXED Assigned To: genkernel@gentoo.org Reported By: koon@gentoo.org
Component: Development
URL: 
Summary: genkernel 3.0.1c fails with uclibc/hardened (due to dietlibc-0.27)
Keywords:  InCVS
Status Whiteboard: 
Opened: 2004-12-02 01:00 0000
Description:   Opened: 2004-12-02 01:00 0000 
genkernel 3.0.1c makes use of dietlibc-0.27 which doesn't build on uclibc.
Previous versions of genkernel used a patched dietlibc-0.26 which worked well.

Two solutions to solve this regression: keep the patched 0.26 if there is no
reason to switch to 0.27, or try to get 0.27 to work under uclibc...

------- Comment #1 From solar 2004-12-02 01:01:16 0000 ------- 
Koon can you paste the error please?

------- Comment #2 From solar 2004-12-02 01:02:04 0000 ------- 
I swear I made it so... USE=diet (was optional)

------- Comment #3 From Thierry Carrez (RETIRED) 2004-12-02 01:30:13 0000 ------- 
I masked >3.1.0a to move on, but it was the usual guard symbol not found error. 
So it's more an hardened thing than an embedded one, I think :)

I suspect the 0.27 used in genkernel doesn't have the dietlibc-0.26-ssp.patch.
I will try again soon and post the error here if you need it.

------- Comment #4 From Tobias Hunger 2004-12-05 01:25:21 0000 ------- 
This is the error I get when emerging dietlibc:
bin-i386/dietlibc.a(errno_location.o)(.text+0xa): In function `__errno_location':
: undefined reference to `__guard'
bin-i386/dietlibc.a(errno_location.o)(.text+0x21): In function `__errno_location':
: undefined reference to `__stack_smash_handler'
bin-i386/dietlibc.a(execvp.o)(.text+0xb): In function `execvp':
: undefined reference to `__guard'
bin-i386/dietlibc.a(execvp.o)(.text+0x199): In function `execvp':
: undefined reference to `__guard'
bin-i386/dietlibc.a(execvp.o)(.text+0x1ac): In function `execvp':
: undefined reference to `__stack_smash_handler'
bin-i386/dietlibc.a(memmove.o)(.text+0xe): In function `memmove':
: undefined reference to `__guard'
bin-i386/dietlibc.a(memmove.o)(.text+0x55): In function `memmove':
: undefined reference to `__guard'
bin-i386/dietlibc.a(memmove.o)(.text+0x64): In function `memmove':
: undefined reference to `__stack_smash_handler'
bin-i386/dietlibc.a(strstr.o)(.text+0xd): In function `strstr':
: undefined reference to `__guard'
bin-i386/dietlibc.a(strstr.o)(.text+0x7b): In function `strstr':
: undefined reference to `__stack_smash_handler'
bin-i386/dietlibc.a(exec_lib.o)(.text+0xb): In function `__exec_shell':
: undefined reference to `__guard'
bin-i386/dietlibc.a(exec_lib.o)(.text+0x66): In function `__exec_shell':
: undefined reference to `__guard'
bin-i386/dietlibc.a(exec_lib.o)(.text+0x75): In function `__exec_shell':
: undefined reference to `__stack_smash_handler'
collect2: ld returned 1 exit status
make: *** [bin-i386/diet] Error 1

I have the hardened flag set, and get the same error when running genkernel.

------- Comment #5 From Tobias Hunger 2004-12-05 01:36:33 0000 ------- 
Oh, my dietlibc problem shows up on genkernel 3.1.0c. I mixed up the numbers.
Sorry for that. Should I open this in a separate bug?

------- Comment #6 From Thierry Carrez (RETIRED) 2004-12-05 06:15:56 0000 ------- 
No, your error is the same as mine (both on 3.1.0c using dietlibc-0.27), ne
need to open a separate bug.

The workaround for hardened is to add >sys-kernel/genkernel-3.1.0a to your
package.mask file.

------- Comment #7 From Thierry Carrez (RETIRED) 2004-12-05 06:16:39 0000 ------- 
This is not embedded-related but rather hardened-related.

------- Comment #8 From solar 2004-12-05 09:45:39 0000 ------- 
This appears to be the change which broke things.
diff -u dietlibc-0.26-r1.ebuild dietlibc-0.27.ebuild

-       if use x86 ; then
-               # Ok so let's make dietlibc ssp aware (Aug 7 2004) -solar
-               ebegin "Making dietlibc ssp aware"
-               cp ${FILESDIR}/ssp.c ${S}/lib/ || die "Failed to copy ssp.c into lib for compile"
-               eend $?
-
-               # start with sparc/sparc64/x86_64/i386 for now.
-               epatch ${FILESDIR}/dietlibc-0.26-ssp.patch
-               append-flags -D__dietlibc__
-               # end ssp block code
-       fi
+       # ${FILESDIR}/ssp.c is integrated with upstream as of dietlibc-0.26
+       # - robbat2 (Oct 01 2004)
+
+       # start with sparc/sparc64/x86_64/i386 for now.
+       # apply to all arches for crazy cross-compiling - robbat2 (Oct 01 2004)
+       epatch ${FILESDIR}/dietlibc-0.26-ssp.patch
+       append-flags -D__dietlibc__
+       # end ssp block code
+


Adding robbat2@ to CC: list to find out why he thinks " ${FILESDIR}/ssp.c has been integrated with upstream as of dietlibc-0.26"

------- Comment #9 From solar 2004-12-05 11:39:04 0000 ------- 
Created an attachment (id=45338) [details]
dietlibc-0.27-20041205-solar.patch

I confirmed the problem existed with 0.9.27

Commited update to CVS
KEYWORDS="~x86 ~ppc ~sparc ~alpha ~arm ~hppa ~amd64 ~mips"
------------------------------------------------------------------------------
- Fixed misc ssp problems introduced from dietlibc-0.26-r1 -> dietlibc-0.27-r0
which were causing genkernel failures for hardened users. bug #73112
------------------------------------------------------------------------------

Confirmed working.

Glibc:
solar@simple vuln $ cc vuln.c	-o vuln -fstack-protector
solar@simple vuln $ ./vuln
0x155ba8cc main(argc=0x59b395b0, argv=0x59b395b4, envp=0x59b395b8,
auxv=0x59b395bc) __guard=0x27db5364
(Stack) Triggering an overflow by copying [20] of data into [10] of space
vuln: stack smashing attack in function main()
Aborted (core dumped)

Dietlibc:
solar@simple vuln $ diet cc vuln.c   -o vuln -fstack-protector
solar@simple vuln $ ./vuln
0x8048124 main(argc=0x5a81e714, argv=0x5a81e718, envp=0x5a81e71c,
auxv=0x5a81e720) __guard=0x804c064
(Stack) Triggering an overflow by copying [20] of data into [10] of space
dietapp: stack smashing attack in function main()
Aborted (core dumped)

------- Comment #10 From Robin Johnson 2004-12-05 15:59:54 0000 ------- 
tar xvfj dietlibc-0.26.tar.bz2 (see the one bundled with genkernel for eg)
md5sum ./files/ssp.c ./dietlibc-0.26/lib/ssp.c
8dcca4f3b79565a3c205dbb0ef2d20bd  ./files/ssp.c
8dcca4f3b79565a3c205dbb0ef2d20bd  ./dietlibc-0.26/lib/ssp.c

that looks identical to me...
but strangely seeing .27, the file isn't there.

------- Comment #11 From John Richard Moser 2004-12-06 21:53:09 0000 ------- 
bin-i386/dietlibc.a(exec_lib.o)(.text+0x74): In function `__exec_shell':
: undefined reference to `__guard'
bin-i386/dietlibc.a(exec_lib.o)(.text+0x8d): In function `__exec_shell':
: undefined reference to `__stack_smash_handler'
collect2: ld returned 1 exit status
make: *** [bin-i386/diet] Error 1
* Gentoo Linux Genkernel; Version 3.1.0c

* ERROR: Failed to compile the "prefix=/var/tmp/genkernel/diet" target...


Using a portage snapshot built last night, using catalyst to try to make a livecd.  I can snap another when there's a fix (gimme the ebuild and patch to overlay) and try again, though it'll take several hours.  :)

Seems to be the same bug as here.

------- Comment #12 From Thierry Carrez (RETIRED) 2004-12-07 01:23:24 0000 ------- 
Robin:
The dietlibc-0.26 tarball shipped with genkernel-3.1.0a is a patched tarball, that's why the ssp.c file in there is the correct one, that's not because that made it upstream.

genkernel directly uses the included tarball, it does not use the ebuild or add patches. That's why all needed patches must be included in the 0.27 tarball shipped with genkernel to fix it.

------- Comment #13 From solar 2004-12-07 02:39:41 0000 ------- 
Re comment #12 from (Koon) 
Think that's why we still see the problem as listed in comment #11 from (John Moser) ?

------- Comment #14 From Thierry Carrez (RETIRED) 2004-12-07 02:45:49 0000 ------- 
Sure. The only way to test is to roll out a new genkernel tarball with a
fully-patched-dietlibc tarball in it, and bump the ebuild so that it fetches
the right tarball. Using an uptodate portage snapshot won't solve anything :)

I might roll out a patched version later today for everyone to test.

------- Comment #15 From Thierry Carrez (RETIRED) 2004-12-07 07:30:07 0000 ------- 
Created an attachment (id=45438) [details]
genkernel-3.0.1d test ebuild

This ebuild fetches a genkernel tarball which contains a dietlibc-0.27 tarball
repacked with all current patches applied.

------- Comment #16 From Thierry Carrez (RETIRED) 2004-12-07 07:31:13 0000 ------- 
John: could you test it and report back here ?

------- Comment #17 From John Richard Moser 2004-12-07 09:25:14 0000 ------- 
*yawns* *wakes up* *blinks* *12:30pm*  o.o

. . . . hi  o.o

oh, sure, I'll inject that into my portage tree and have my script snapshot and rebuild livecd-stage1/2.  I'll report back when it's done.

------- Comment #18 From John Richard Moser 2004-12-07 20:10:16 0000 ------- 
Created an attachment (id=45491) [details]
genkernel.log from last try

ok what the. . . hum.

The new ebuild let me get . . .FARTHER!  :D

b0rken der pr0grammen teh brake

------- Comment #19 From solar 2004-12-07 20:16:51 0000 ------- 
Now your problem is with udev + klibc. 
Somebody other than myself that actually likes udev/2.6 will probably have to provide a patch to provide the stubs for this. (just hack up the cut down version used for dietlibc)

------- Comment #20 From Thierry Carrez (RETIRED) 2004-12-08 00:44:21 0000 ------- 
Yes, udev+hardened+genkernel do not play nice yet, and never did. You should
disable udev by passing --no-udev as a gk_kernargs.

As far as this bug is concerned (the regression in genkernel-3.1.0c), the
3.1.0d tarball appears to solve it.

plasmaroo: how about putting this one in the tree (masked if you prefer) ? The
only diff is the version in "genkernel" and the patched dietlibc tarball (I
tarred up the current dietlibc-0.27.ebuild src_unpack result directory).

------- Comment #21 From John Richard Moser 2004-12-13 07:32:38 0000 ------- 
re comment #20:
Is there a way to do that in the livecd-stage2 catalyst spec, or should I open a catalyst bug?

------- Comment #22 From Thierry Carrez (RETIRED) 2004-12-13 07:55:34 0000 ------- 
Re comment #21
Passing --no-udev as gk_kernargs in livecd-stage2.spec should do it :

Example :
-----------------------snip------------------------------
boot/kernel/gentoo/gk_kernargs: --no-bootsplash --no-udev
-----------------------snip------------------------------

------- Comment #23 From Tim Yamin (RETIRED) 2004-12-15 14:57:41 0000 ------- 
*** Bug 74527 has been marked as a duplicate of this bug. ***

------- Comment #24 From Tim Yamin (RETIRED) 2004-12-21 05:05:49 0000 ------- 
Fixed in genkernel-3.1.0d; please reopen this bug if you have any problems.
Thanks!