Using a gcc version 3.4.6 (Gentoo Hardened 3.4.6-r2, ssp-3.4.6-1.0, pie-8.7.10) to compile nonstatic executables with glibc-2.5-r3 results in the __guard not being properly set up. When compiling and debugging static executables, the __guard is properly set up. Reproducible: Always Steps to Reproduce: 1.emerge -pv sys-libs/glibc-2.5-r3 2.compile a test program with gcc -fstack-protector-all (SSP setup unsuccessful) 3.compile a test program with gcc -static -fstack-protector-all (SSP setup successful) Actual Results: __guard = 0x0 when nonstatic executables run Expected Results: __guard = randomized value hardened chroot falcon ~ # cat ssp_entropy.c #include <stdio.h> extern unsigned long int __guard; int main(void) { printf("__guard: [[0x%x]]\n", __guard); while(1) { ; } return(0); } hardened chroot falcon ~ # cat Makefile all: gcc -nopie -g -ggdb -fstack-protector-all -o ssp_entropy ssp_entropy.c ./ssp_entropy hardened chroot falcon ~ # gdb -quiet ./ssp_entropy Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) break main Breakpoint 1 at 0x8048494: file ssp_entropy.c, line 5. (gdb) run Starting program: /root/ssp_entropy Breakpoint 1, main () at ssp_entropy.c:5 5 int main(void) { (gdb) disassemble main Dump of assembler code for function main: 0x08048478 <main+0>: push %ebp 0x08048479 <main+1>: mov %esp,%ebp 0x0804847b <main+3>: sub $0x28,%esp 0x0804847e <main+6>: and $0xfffffff0,%esp 0x08048481 <main+9>: mov $0x0,%eax 0x08048486 <main+14>: add $0xf,%eax 0x08048489 <main+17>: add $0xf,%eax 0x0804848c <main+20>: shr $0x4,%eax 0x0804848f <main+23>: shl $0x4,%eax 0x08048492 <main+26>: sub %eax,%esp 0x08048494 <main+28>: mov 0x804a00c,%eax 0x08048499 <main+33>: mov %eax,0xffffffe8(%ebp) 0x0804849c <main+36>: mov 0x804a00c,%eax 0x080484a1 <main+41>: mov %eax,0x4(%esp) 0x080484a5 <main+45>: movl $0x8048594,(%esp) 0x080484ac <main+52>: call 0x8048370 <printf@plt> 0x080484b1 <main+57>: jmp 0x80484b1 <main+57> End of assembler dump. interesting parts: 0x08048494 <main+28>: mov 0x804a00c,%eax 0x08048499 <main+33>: mov %eax,0xffffffe8(%ebp) (gdb) x/x 0x804a00c 0x804a00c <__guard@@GLIBC_2.3.2>: 0x00000000 this shows that the __guard is not setup the following test case resembles the static behaviour: hardened chroot falcon ~ # od -x /proc/self/auxv | grep dead && make 0000040 0011 0000 0064 0000 0018 0000 beef dead gcc -static -nopie -g -ggdb -fstack-protector-all -o ssp_entropy ssp_entropy.c ./ssp_entropy __guard: [[0xdeadbeef]] hardened chroot falcon ~ # gdb ./ssp_entropy GNU gdb 6.6 Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu"... Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) break main Breakpoint 1 at 0x8048288: file ssp_entropy.c, line 5. (gdb) run Starting program: /root/ssp_entropy Breakpoint 1, main () at ssp_entropy.c:5 5 int main(void) { (gdb) disassemble main Dump of assembler code for function main: 0x0804826c <main+0>: push %ebp 0x0804826d <main+1>: mov %esp,%ebp 0x0804826f <main+3>: sub $0x28,%esp 0x08048272 <main+6>: and $0xfffffff0,%esp 0x08048275 <main+9>: mov $0x0,%eax 0x0804827a <main+14>: add $0xf,%eax 0x0804827d <main+17>: add $0xf,%eax 0x08048280 <main+20>: shr $0x4,%eax 0x08048283 <main+23>: shl $0x4,%eax 0x08048286 <main+26>: sub %eax,%esp 0x08048288 <main+28>: mov 0x80bcf10,%eax 0x0804828d <main+33>: mov %eax,0xffffffe8(%ebp) 0x08048290 <main+36>: mov 0x80bcf10,%eax 0x08048295 <main+41>: mov %eax,0x4(%esp) 0x08048299 <main+45>: movl $0x80a4ea8,(%esp) 0x080482a0 <main+52>: call 0x8048e40 <printf> 0x080482a5 <main+57>: jmp 0x80482a5 <main+57> End of assembler dump. (gdb) x/x 0x80bcf10 0x80bcf10 <__guard_local>: 0xdeadbeef (0xdeadbeef is a test value due to AT_ENTROPY testing) the same on amd64 without AT_ENTROPY: hardened32 chroot miranda ~ # emerge -pv glibc && rm ssp_entropy && CFLAGS="-static" make ssp_entropy && ./ssp_entropy These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] sys-libs/glibc-2.5-r3 USE="hardened nls nptl -build -debug -glibc-compat20 -glibc-omitfp -multilib -nptlonly -profile (-selinux)" 0 kB Total: 1 package (1 reinstall), Size of downloads: 0 kB cc -static ssp_entropy.c -o ssp_entropy __guard: [[0x595545d4]] hardened32 chroot miranda ~ # emerge -pv glibc && rm ssp_entropy && CFLAGS="" make ssp_entropy && ./ssp_entropy These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] sys-libs/glibc-2.5-r3 USE="hardened nls nptl -build -debug -glibc-compat20 -glibc-omitfp -multilib -nptlonly -profile (-selinux)" 0 kB Total: 1 package (1 reinstall), Size of downloads: 0 kB cc ssp_entropy.c -o ssp_entropy __guard: [[0x0]]
Created attachment 153477 [details, diff] glibc-2.6.1-glocal.patch patch to address this from psm
ive applied said fix to glibc-2.8
thanx
(In reply to comment #2) > ive applied said fix to glibc-2.8 can u applie it to glibc-2.7 to?
