After installing app-admin/syslog-ng-2.1.4, emerge says: * QA Notice: The following files contain runtime text relocations * Text relocations force the dynamic linker to perform extra * work at startup, waste system resources, and may pose a security * risk. On some architectures, the code may not even function * properly, if at all. * For more information, see http://hardened.gentoo.org/pic-fix-guide.xml * Please include the following list of files in your report: * TEXTREL usr/sbin/syslog-ng And syslog-ng crashes on launch (with hardened kernel). app-admin/syslog-ng-2.1.3 compiles and runs ok. Reproducible: Always Steps to Reproduce: 1. Get a hardened gentoo install 2. emerge =app-admin/syslog-ng-2.1.4 3. /etc/init.d/syslog-ng start Actual Results: syslog-ng crashes with message: syslog-ng: error while loading shared libraries: cannot make segment writable for relocation: Permission denied Expected Results: syslog-ng should just run Portage 2.2_rc28 (hardened/x86, gcc-4.3.3, glibc-2.9_p20081201-r2, 2.6.28-hardened-r7 i686) ================================================================= System uname: Linux-2.6.28-hardened-r7-i686-AMD_Sempron-tm-_Processor_2800+-with-glibc2.1.3 Timestamp of tree: Mon, 30 Mar 2009 22:45:01 +0000 distcc 3.1 i686-pc-linux-gnu [disabled] ccache version 2.4 [enabled] app-shells/bash: 4.0_p10-r1 dev-java/java-config: 2.1.7 dev-lang/python: 2.4.4-r15, 2.5.4-r2 dev-util/ccache: 2.4-r8 sys-apps/baselayout: 2.0.0 sys-apps/openrc: 0.4.3-r1 sys-apps/sandbox: 1.6 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.5, 1.7.9-r1, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.19.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.28-r1 ACCEPT_KEYWORDS="x86 ~x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=k8 -msse3 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -march=k8 -msse3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="ccache distlocks fixpackages parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://mirror.yandex.ru/gentoo-distfiles ftp://distfiles.gentoo.org" LANG="en_US.UTF-8" LC_ALL="" LDFLAGS="" LINGUAS="en ru" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="acpi alsa apache2 apm bash-completion berkdb cracklib crypt fbcon hardened imap ipv6 java ldap midi mp3 mysql ncurses nls nptl nptlonly ogg pam php pic pop readline samba sasl smtp sse sse2 sse3 ssl tcpd truetype unicode utf8 vhosts vim-syntax vorbis x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_http rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="mouse keyboard evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en ru" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt intel mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
miranda:hardened syslog-ng # scanelf -a /var/tmp/portage/app-admin/syslog-ng-2.1.4/work/syslog-ng-2.1.4/src/syslog-ng TYPE PAX PERM ENDIAN STK/REL/PTL TEXTREL RPATH BIND FILE ET_DYN ---xe- 0755 LE RW- R-- RW- - - NOW /var/tmp/portage/app-admin/syslog-ng-2.1.4/work/syslog-ng-2.1.4/src/syslog-ng no textrels, rwe stacks or qa problems otherwise. This pkg looks to remain clean when using the proper toolchain.
My syslog-ng binary contains TEXTRELs, and I'm using i686-pc-linux-gnu-4.3.3 from portage, so I don't know why it is improper. Maybe it's a bug in the 4.3.3 toolchain. himserv src # scanelf -a syslog-ng TYPE PAX PERM ENDIAN STK/REL/PTL TEXTREL RPATH BIND FILE ET_DYN ---xe- 0755 LE RW- R-- RW- TEXTREL - NOW syslog-ng
I have been unable to reproduce this on hardened/x86 using gcc 3.4.6-r2, gcc-4.3.2-r2, gcc-4.3.2-r3 or gcc-4.3.3-r2 - different boxen. Nor has anyone CCed themselves to this bug or confirmed the issue. Going to have to find the source of the TEXTREL. Closing as WORKSFORME.
No, he is not alone ;) Same issue here while upgrading from very old 2.6.23 to 2.6.28. I pointed that out because in 2.6.23 TEXTREL was not disabled in gentoo hardened grsec profile. Please reopen it. emerge --info Portage 2.1.6.13 (hardened/linux/x86, gcc-3.4.6, glibc-2.8_p20080602-r1, 2.6.28-hardened-r9 i686) ================================================================= System uname: Linux-2.6.28-hardened-r9-i686-Intel-R-_Celeron-R-_CPU_2.00GHz-with-glibc2.3.2 Timestamp of tree: Tue, 23 Jun 2009 21:45:02 +0000 distcc 3.1 i686-pc-linux-gnu [disabled] ccache version 2.4 [enabled] app-shells/bash: 3.2_p39 dev-lang/python: 2.4.4-r14, 2.5.4-r2 dev-python/pycrypto: 2.0.1-r8 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium4 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -march=pentium4 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="buildpkg ccache distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://mirror.yandex.ru/gentoo-distfiles ftp://ftp.chg.ru/pub/Linux/gentoo http://distro.ibiblio.org/pub/Linux/distributions/gentoo" LANG="ru_RU.UTF-8" LDFLAGS="-Wl,-O1" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/verlihub /usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="bash-completion berkdb bzip2 cli cracklib crypt dri hardened iconv isdnlog ldap midi mmx mudflap ncurses nls nptl nptlonly pam pcre perl pic pppd python readline reflection sasl session spl sse sse2 ssl tcpd threads unicode urandom x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt intel mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
No. The issue is that syslog-ng should not contain TEXTRELs and I cannot reproduce the issue with TEXTRELs in syslog-ng. Find the source of the TEXTRELs on your system.
any suggestion how to do that?
to be more constructive scanelf -qT syslog-ng syslog-ng: (memory/data?) [0x4F195] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F1BE] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F1E3] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F22A] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F264] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F29B] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F2BA] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F2DF] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F31E] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F362] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F3B5] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F3D6] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F3F5] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F42E] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F44D] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F495] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F504] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F514] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F52E] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F539] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F55A] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F582] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4F58C] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FBE9] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FC04] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FC53] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FC88] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FCA9] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FCCC] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FCF5] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FD21] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FE25] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FE37] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FE3E] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FEA0] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FEB0] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FF07] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FF18] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FF29] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FFED] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x4FFFD] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x50004] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x50052] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x50062] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x50069] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x505E4] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x50607] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x5063B] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x50681] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x50691] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x506AB] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x506B6] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x506E1] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x506EC] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x506F5] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: (memory/data?) [0x506FF] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: strcmp [0x4F520] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: strcmp [0x5069D] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: time [0x4FBAC] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: strftime [0x4FBF9] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: strftime [0x4FC9E] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: localtime [0x4FC80] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: localtime [0x4FD66] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: getpid [0x4FCEE] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: malloc [0x4FD81] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: calloc [0x4FDC7] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: fopen [0x4FE43] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: fgets [0x4FE67] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: fgets [0x4FF51] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: feof [0x4FE73] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: feof [0x4FF5D] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: strtok [0x4FEA8] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: strtok [0x4FEBE] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: strncpy [0x4FF8F] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: strtoul [0x4FFBE] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: __assert_fail [0x50009] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: __assert_fail [0x5006E] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: free [0x50030] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: free [0x50044] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: free [0x50621] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: syslog_opts [0x50619] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: syslog_opts [0x50648] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng: syslog_opts [0x50658] in (optimized out: previous g_int_hash) [0x4774E] syslog-ng
rebuilding of the glib doesn't help
more bisecting: i686-pc-linux-gnu-gcc -O2 -march=pentium4 -pipe -Wall -Wl,-O1 -o syslog-ng main.o libsyslog-ng.a -lnsl -lrt -Wl,-Bstatic -lfl -lglib-2.0 -levtlog -lwrap -Wl,-Bdynamic -ldl /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/../../../../i686-pc-linux-gnu/bin/ld: warning: creating a DT_TEXTREL in object.
ok i rebuilded all libraries in static section: glib-2 flex eventlog tcp-wrappers and than rebuilded syslog-ng. Finally TEXTREL's dissappear.
Good show. Interested in becoming a hardened developer? We (me) could certainly use the help...
