Running gcc-3.2.3-r2 w/ hardened-gcc-2.4.4 on gentoo-sources-2.4.20-r7 w/ segmentation-based non-executable pages enabled. Attempts to utilize /usr/bin/orbit-idl-2 without `chpax -s /usr/bin/orbit-idl-2' give undesirable results. For instance, here is an attempted emerge of gnome-base/libbonobo-2.4.2 (not sure if this is the program alone or its interaction with libsandbox): <snip> make[2]: Entering directory `/var/tmp/portage/libbonobo-2.4.2/work/libbonobo-2.4.2/idl' /usr/bin/orbit-idl-2 -I../idl -D__Bonobo_COMPILATION -D__Bonobo_Unknown_COMPILATION -D__Bonobo_GenericFactory_COMPILATION -D__Bonobo_Activation_types_COMPILATION --imodule ../idl/Bonobo.idl /usr/bin/orbit-idl-2: error while loading shared libraries: /lib/libsandbox.so: cannot enable executable stack as shared object requires: Permission denied make[2]: *** [Bonobo.h] Error 127 make[2]: Leaving directory `/var/tmp/portage/libbonobo-2.4.2/work/libbonobo-2.4.2/idl' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/libbonobo-2.4.2/work/libbonobo-2.4.2' make: *** [all] Error 2 !!! ERROR: gnome-base/libbonobo-2.4.2 failed. !!! Function gnome2_src_compile, Line 39, Exitcode 2 !!! compile failure `chpax -s /usr/bin/orbit-idl-2` allows for successful emerge of libbonobo.
Nick, This problem is starting to show up all over the place. Sorry we dont have a solution yet, but as far as we can tell it's a busted toolchain. Your the very first reporter that has had this bug to show up with gcc-3.2.3, so on that note I'd like to ask you to attach the output from emerge info && ld -v Initial guess here at some point you had gcc-3.3.x installed and now you have lingering librarys around that still marking a elf section headers as needing an executable stack when they really dont. If this is not the case then please attach the ldd output of the main exeutable and then a readelf -e output for each shared lib + main executable
solar, Your supposition is correct. I'm running gcc-3.2.3-r2 under your advice. I was in #gentoo-hardened and you told me of some of the problems of gcc-3.3.x, so I downgraded. I'll try and get through a whole emerge -e world and see if that fixes the problem. Here's the output you asked for: Portage 2.0.49-r15 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r8, 2.4.20-gentoo-r7) ================================================================= System uname: 2.4.20-gentoo-r7 i686 Intel(R) Pentium(R) 4 CPU 3.06GHz Gentoo Base System version 1.4.3.11 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-march=pentium4 -O3 -pipe -fforce-addr -foptimize-sibling-calls -fno-inline -finline-limit=1000" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/X11R6/lib/X11/xkb /usr/kde/3.1/share/config /usr/share/config /var/qmail/control /var/qmail/alias" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-march=pentium4 -O3 -pipe -fforce-addr -foptimize-sibling-calls -fno-inline -finline-limit=1000 -fno-default-inline" DISTDIR="/usr/portage/distfiles" FEATURES="ccache autoaddcvs sandbox buildpkg fixpackages userpriv usersandbox" GENTOO_MIRRORS="http://gentoo.oregonstate.edu http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 apm avi crypt cups encode foomaticdb gif gpm jpeg gnome libg++ mad mikmod mpeg ncurses nls pdflib png quicktime spell truetype xml2 xmms xv zlib directfb gtkhtml alsa gdbm slang readline arts bonobo svga tcltk guile ruby mysql X sdl pam libwww ssl perl python esd imlib oggvorbis gtk qt motif opengl mozilla cdr 3dfx acl apache2 dga doc dvd ethereal fbcon flash gd gmttria gphoto2 gps gstreamer imap innodb jikes lirc maildir matrox memlimit moznocompose moznoirc moznomail odbc offensive ofx samba skey sse tiff usb v4l videos wmf xchattext xinerama xml -oss -kde -berkdb -tcpd" GNU ld version 2.14.90.0.7 20031029
this bug is fixed by bug #32960
