fwbuilder does not compile my firewall fwbuilder is compiled with a hardened gcc, now I can edit my firewall configuration, but I can not compile it. the fwb_ipt (firewall-compiler) crashes with the message fwb_ipt: stack smashing attack in function libfwbuilder::Interface* fwcompiler::Compiler::findInterfaceFor(const libfwbuilder::Address*, const libfwbuilder::Address*)() Reproducible: Always Steps to Reproduce: 1. fwb_ipt -f firewall.fwb -d ./ arrakis Actual Results: fwb_ipt crashes Expected Results: it should create my firewall-script
emerge info etc.
(In reply to comment #1) > emerge info etc. gcc-3.3.5.20050130-r1 (-altivec) -bootstrap -boundschecking -build +fortran +gcj +gtk +hardened -ip28 (-multilib) -multislot (-n32) (-n64) +nls -nocxx -nopie -nossp -objc -static libfwbuilder +snmp +ssl fwbuilder +nls i have tried the (lib)fwbuilder with ~x86 (2.08) and without (2.06)
Please paste _all_ the output of the command 'emerge info'.
(In reply to comment #3) > Please paste _all_ the output of the command 'emerge info'. Ahhh, ... OK. Here we go: ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium3 -mcpu=i686 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/splash /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=pentium3 -mcpu=i686 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" LANG="de_DE.UTF-8" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="x86 X a52 aac aalib aim alsa apache2 apm arts audiofile avi bash-completion bcmath berkdb bitmap-fonts bonobo bzip2 cdparanoia cdr cjk crypt ctype cups curl db2 dga dio directfb divx4linux doc dv dvb dvd dvdr dvdread eds emacs emacs-w3 emboss encode esd examples exif expat fam fastcgi fbcon ffmpeg fftw flac foomaticdb fortran ftp gb gcj gd gdbm gif ginac glut gmp gnome gphoto2 gpm gps gstreamer gtk gtk2 gtkhtml hardened hardenedphp icq imagemagick imap imlib ipv6 java javascript jpeg junit kde kerberos krb4 lcms leim libg++ libwww mad maildir mailwrapper mbox memlimit mikmod mime mmap mmx mng mono motif mozilla mp3 mpeg msn mule mysql nas ncurses nis nls nptl ogg oggvorbis opengl oscar oss pam pcmcia pcre pdflib perl php plotutils png posix postgres python qt quicktime readline ruby samba sasl scanner sdl skey slang snmp sockets socks5 sox speex spell spl sqlite sse ssl svg svga symlink tcltk tcpd test tetex threads tidy tiff tokenizer truetype truetype-fonts type1-fonts unicode usb v4l vcd vhosts vorbis win32codecs wxwindows xface xine xml xml2 xmlrpc xmms xpm xsl xv xvid yahoo zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTDIR_OVERLAY
ok; I've confirmed it fails with ssp switched on, but not with ssp switched off. It's quite probable that it's a bug in ssp, but more investigation needed. I'll comment again later, if I figure anything out.
Hmm; just built no-pie but _with_ ssp and it doesn't crash - however I'm using gcc 3.4.4 and I get a segfault with ssp+pie not a stack smash - I would guess I'm not seeing the same problem originally reported, To summarise so far; for me: pie+ssp -> segfault pie -> no segfault (-fno-stack-protector) ssp -> no segfault (-fno-pie) Tobias - could you attach the firewall.fwb file you're using (if it's not a secret)? Or alternatively try to craft something else that results in the same crash and attach it here.
Created attachment 65726 [details] This is the firewall configuration, which causes the error
Is this still even remotely relevant with current ebuilds, such as 2.1.10?
Guys, what do you want to do with this bug? I can't test it but the bug is really _OLD_...
(In reply to comment #9) > Guys, what do you want to do with this bug? I can't test it but the bug is > really _OLD_... Yes, and it is fixed right now, after rebuilding QT.
