When compiling OpenSSL 0.9.7c with gcc 3.3.1, I see the following error: /var/tmp/portage/openssl-0.9.7c/image//usr/bin/openssl: error while loading shared libraries: libcrypto.so.0.9.7: cannot enable executable stack as shared object requires: Permission denied ICE-CA.pem => .0 /var/tmp/portage/openssl-0.9.7c/image//usr/bin/openssl: error while loading shared libraries: libcrypto.so.0.9.7: cannot enable executable stack as shared object requires: Permission denied WARNING: Skipping duplicate certificate ICE-root.pem Reproducible: Always Steps to Reproduce: 1. 2. 3.
Oh, I should probably mention that I am running the hardened-sources kernel with PaX enabled. I don't see any PaX error message with this failure, though, so I presume it's not related. I also get the same error no matter whether hardened-gcc is enabled or not.
OK, I've had exactly the same problem, I've disabled Address Space Protection > Enforce non-executable pages and it works... but I hope this problem will be fixed, enforce non-executable is a very good thing... I've also tried use chpax on the libcrypto to disable some flags.. but nothing works... why?
I have the same problem, but not only on openssl, but on libpcre.so as well for example. And I do not really want to disable PAX on my server.
In no way shape or form would I ever disable Address Space Protection > Enforce non-executable pages in favor of building with gcc-3.3.x. gcc-3.3.x is a very buggy compiler at this time. Can you try with the stable gcc-3.2.3-r2
Using gcc version 3.2.3 20030422 (Gentoo Linux 1.4 3.2.3-r2, propolice) and having rebuilt openssl and the app depending on libcrypto stuff seems to work again. I'll leave gcc >= 3.3 masked locally for now.
Note that i've run into this problem again, using gcc 3.2. (different lib tho, can't remember which) I haven't had any time to look into this, so I shorthandly removed "Enforce non-executable pages". Yuck. Is there maybe a connection with the updated glibc from a while ago?
yes there is a connection to the ~arch glibc -r8 myself, azarah, pappy and the PaX Team have tracked this bug down to be apart of a recent glibc bra-update that the redhat guys did for exec-shield(another less secure non-exec implementation. Anyway azarah has put together a patch for glibc which needs some testing before we put it in mainline portage as the fix, if anybody is feeling brave please give this a try http://bugs.gentoo.org/attachment.cgi?id=20445&action=view After recompiling glibc if all goes well you will then want to emerge elfkickers gentoolkit then wget http://dev.gentoo.org/~solar/misc/elf-rebuild.sh.txt then sh elf-rebuild.sh.txt > outfile ; emerge -pv 'cat outfile | sort | uniq' This will give a list of what was broken from before and what might need to be rebuilt. After all these steps it should be fairly safe to use ~arch gcc-3.3.x again.
this bug is fixed by bug #32960
changing resolution to FIXED (current glibc fixes this).
*** Bug 34115 has been marked as a duplicate of this bug. ***
*** Bug 43589 has been marked as a duplicate of this bug. ***
*** Bug 59260 has been marked as a duplicate of this bug. ***
*** Bug 57804 has been marked as a duplicate of this bug. ***
*** Bug 57001 has been marked as a duplicate of this bug. ***
*** Bug 56962 has been marked as a duplicate of this bug. ***
*** Bug 40783 has been marked as a duplicate of this bug. ***
*** Bug 41634 has been marked as a duplicate of this bug. ***
*** Bug 75153 has been marked as a duplicate of this bug. ***