From /var/log/messages *** stack smashing detected ***: kaserver - terminated kaserver: stack smashing attack in function <unknown> - terminated Report to http://bugs.gentoo.org/ emerge --info Portage 2.2_rc1 (hardened/linux/amd64/2008.0, gcc-4.3.1, glibc-2.7-r2, 2.6.25-gentoo-r4 x86_64) ================================================================= System uname: Linux-2.6.25-gentoo-r4-x86_64-Dual-Core_AMD_Opteron-tm-_Processor_2212-with-glibc2.2.5 Timestamp of tree: Tue, 08 Jul 2008 20:09:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p39 dev-lang/python: 2.4.3-r4, 2.5.2-r5 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 2.0.0 sys-apps/openrc: 0.2.5 sys-apps/sandbox: 1.2.18.1-r3 sys-devel/autoconf: 2.13, 2.62-r1 sys-devel/automake: 1.5, 1.7.9-r1, 1.9.6-r2, 1.10.1-r1 sys-devel/binutils: 2.16.1-r3, 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.25-r4 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -fforce-addr -D_FORTIFY_SOURCE=2 -fstack-protector" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/splash /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -pipe -fforce-addr -D_FORTIFY_SOURCE=2 -fstack-protector" DISTDIR="/usr/portage/distfiles" FEATURES="autoclean ccache distlocks loadpolicy parallel-fetch preserve-libs sandbox sfperms strict unmerge-orphans userfetch userpriv" GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo" LANG="en_US.utf8" LDFLAGS="" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl acpi amd64 animgif apache2 authdaemond bash-completion bashlogger bcmath boundschecking bzip2 calendar caps cgi clamav cli cracklib crypt cups curl curlwrappers daemon dell device-mapper disk-partition diskio dlz dri elf eselect exif extensions fam fbcondecor filter filter-external flexresp flexresp2 follow-xff fpx ftp gd gdbm geos gif gnutls gocr gpg2-experimental gpm graphviz gre gs hardened hardenedphp iconv id3 idea ieee1394 imagemagick imap imlib2 inline iproute2 ipv6 isdnlog jbig jpeg jpeg2k json json-external justify kerberos lcms ldap ldapsam linuxthreads-tls lm_sensors login-watch logrotate loop-aes md5sum mfd-rewrites mhash midi milter mlimit mmx mng mounts-check mpeg mpm-event mudflap multilib multislot multitarget nagios-dns nagios-ntp nagios-ping nagios-ssh ncurses neural nptl nptlonly nss ocrad offensive onaccess openmp pam passwordsave pcre pdf perl php pic pkcs11 png poll pop3d posix postgres pppd prelude procmail proj python react readline reflection resolvconf rle samba sasl sendmail sensord session sguil sharedext sharedmem sieve simplexml smux snmp snortsam soap sockets socks5 spell spl sqlite sqlite3 sse sse2 ssl suhosin suid suidcheck symlink symlinkx sysvipc tesseract threads tidy tiff timestats tokenizer tools truetype underscores unicode ups urandom usb user-homedirs userfiles vhosts web webdav wmf xattr xml xml2 xmldoclet xmlreader xmlrpc xmlwriter xpm xsl zero-penalty-hit zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="auth_digest charset_lite dumpio imagemap log_forensic version actions alias asis auth_basic authn_alias authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http rewrite setenvif speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="fbdev glint i810 mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS Reproducible: Always Steps to Reproduce: 1. Enable -fstack-protector 2. Install net-fs/openafs-1.4.7 3. Install net-fs/openafs-kernel-1.4.7 4. tail -f /var/log/messages 5. See error :) Actual Results: See Description. Expected Results: Allow kaserver to proceed normally.
Hardend gcc 4.x.x is not in toolchain yet and it is masked. dos gcc 3.6.x work?
(In reply to comment #1) > Hardend gcc 4.x.x is not in toolchain yet > and it is masked. > dos gcc 3.6.x work? gcc 3.6.x doesn't appear to exist in portage ( http://www.gentoo-portage.com/sys-devel/gcc ) but I recompiled with 3.4.6-r2 and had the same issues. Portage 2.2_rc1 (hardened/linux/amd64/2008.0, gcc-3.4.6, glibc-2.7-r2, 2.6.25-gentoo-r4 x86_64) CFLAGS="-O2 -pipe -fforce-addr -D_FORTIFY_SOURCE=2 -fstack-protector" However, we now know which function was terminated, initialize_database. *** stack smashing detected ***: kaserver - terminated kaserver: stack smashing attack in function initialize_database - terminated I also tried this with CFLAGS="-O2 -pipe" with the same results.
(In reply to comment #2) > (In reply to comment #1) > > Hardend gcc 4.x.x is not in toolchain yet > > and it is masked. > > dos gcc 3.6.x work? > > gcc 3.6.x doesn't appear to exist in portage ( > http://www.gentoo-portage.com/sys-devel/gcc ) but I recompiled with 3.4.6-r2 > and had the same issues. Try getting rid of all optimization (-O0) and removing -fforce-addr from the CFLAGS. Also, glibc-2.7-r2 appears to be unstable (don't downgrade your system glibc, though!!). If you are willing, it might also be helpful to compile this package with debugging symbols (-g) and to try to run it with gdb. You can "attach" to a process with the gdb command "attach [pid]" Hope this helps! > > Portage 2.2_rc1 (hardened/linux/amd64/2008.0, gcc-3.4.6, glibc-2.7-r2, > 2.6.25-gentoo-r4 x86_64) > CFLAGS="-O2 -pipe -fforce-addr -D_FORTIFY_SOURCE=2 -fstack-protector" > > However, we now know which function was terminated, initialize_database. > > *** stack smashing detected ***: kaserver - terminated > kaserver: stack smashing attack in function initialize_database - terminated > > I also tried this with CFLAGS="-O2 -pipe" with the same results. >
this is an old bug with old versions of tools. please refresh with at least: - glibc-2.11.x - gcc-4.4.x - openafs-1.4.12.x