www-client/icecat-4.0 won't start on hardened system +++ killed by SIGKILL +++ Reproducible: Always Steps to Reproduce: 1. eix-sync & emerge -uDN world OR emerge icecat 2. 3. Actual Results: +++ killed by SIGKILL +++ see strace app-shells/bash: 4.2_p8 dev-lang/python: 2.6.6-r2, 3.1.3-r1 dev-util/ccache: 3.1.4 dev-util/cmake: 2.8.4 sys-apps/baselayout: 2.0.2 sys-apps/openrc: 0.8.1 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.1-r1 sys-devel/binutils: 2.20.1-r1, 2.21 sys-devel/gcc: 4.4.5, 4.5.2 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82 sys-kernel/linux-headers: 2.6.38 virtual/os-headers: 0 Repositories: gentoo location: /usr/portage sync: rsync://portage.org.ua/gentoo-portage priority: -1000 sunrise location: /var/lib/layman/sunrise masters: gentoo priority: 0 hardened-dev location: /var/lib/layman/hardened-development masters: gentoo priority: 1 zugaina location: /var/lib/layman/zugaina masters: gentoo priority: 2 taaroa location: /var/lib/layman/taaroa masters: gentoo priority: 3 Installed sets: @gd, @qt ABI="amd64" ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA" ACCEPT_PROPERTIES="*" ALSA_CARDS="intel8x0 hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ARCH="amd64" ASFLAGS_x86="--32" AUTOCLEAN="yes" CAMERAS="ptp2" CBUILD="x86_64-pc-linux-gnu" CCACHE_DIR="/var/tmp/ccache" CCACHE_SIZE="3G" CFLAGS="-march=native -O2 -pipe -msse4a -mfpmath=sse -g0 -Wno-all" CFLAGS_x86="-m32" CHOST="x86_64-pc-linux-gnu" CHOST_amd64="x86_64-pc-linux-gnu" CHOST_x86="i686-pc-linux-gnu" CLEAN_DELAY="7" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" COLLISION_IGNORE="/lib/modules" CONFIG_PROTECT="/etc /usr/share/openvpn/easy-rsa" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/skel /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CUSTOM_PROFILE="yes" CVS_RSH="ssh" CXXFLAGS="-march=native -O2 -pipe -msse4a -mfpmath=sse -g0 -Wno-all" DBUS_SESSION_BUS_ADDRESS="unix:abstract=/tmp/dbus-KaINIAgehw,guid=9bf5944e4635395f9a73f668000006ee" DEFAULT_ABI="amd64" DESKTOP_AUTOSTART_ID="10d4489ece52aebd5813026873982785000000073590003" DESKTOP_SESSION="openbox-gnome" DISPLAY=":0" DISTDIR="/usr/portage/distfiles" EDITOR="/bin/nano" ELIBC="glibc" EMERGE_DEFAULT_OPTS="--ask --ask-enter-invalid --backtrack=40 --binpkg-respect-use=y --complete-graph --jobs=3 --keep-going --quiet-build --tree --use-ebuild-visibility=y --unordered-display --verbose --with-bdeps=y" EMERGE_WARNING_DELAY="10" EPREFIX="" EROOT="/" FCFLAGS="" FEATURES="assume-digests binpkg-logs buildpkg collision-protect distlocks fakeroot fixlafiles fixpackages metadata-transfer multilib-strict news parallel-fetch preserve-libs protect-owned sandbox severe sfperms strict suidctl unknown-features-warn unmerge-logs unmerge-orphans userfetch usersandbox usersync" FETCHCOMMAND="/usr/bin/wget -t 3 -T 60 --passive-ftp -O "${DISTDIR}/${FILE}" "${URI}"" FETCHCOMMAND_RSYNC="rsync -avP "${URI}" "${DISTDIR}/${FILE}"" FETCHCOMMAND_SFTP="bash -c "x=\${2#sftp://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port=22 ; exec sftp -P \${port} \"\${host}:/\${x#*/}\" \"\$1\"" sftp "${DISTDIR}/${FILE}" "${URI}"" FETCHCOMMAND_SSH="bash -c "x=\${2#ssh://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port=22 ; exec rsync --rsh=\"ssh -p\${port}\" -avP \"\${host}:/\${x#*/}\" \"\$1\"" rsync "${DISTDIR}/${FILE}" "${URI}"" FFLAGS="" GCC_SPECS="" GDK_USE_XFT="1" GDMSESSION="openbox-gnome" GDM_LANG="ru_RU.UTF-8" GDM_XSERVER_LOCATION="local" GENTOO_MIRRORS="http://ftp.kspu.ru/gentoo-distfiles/ http://mirror.yandex.ru/gentoo-distfiles/ http://mirror.opteamax.de/gentoo/distfiles/" GNOME_DESKTOP_SESSION_ID="this-is-deprecated" GNOME_KEYRING_CONTROL="/tmp/.private/ra/keyring-7FF3l5" GNOME_KEYRING_PID="7350" GPG_AGENT_INFO="/tmp/.private/ra/keyring-7FF3l5/gpg:0:1" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" GSETTINGS_BACKEND="gconf" GUILE_LOAD_PATH="/usr/share/guile/1.8" HG="/usr/bin/hg" HOME="/home/ra" INFOPATH="/usr/share/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.21/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.2/info" INPUT_DEVICES="evdev keyboard mouse" I_PROMISE_TO_SUPPLY_PATCHES_WITH_BUGS="1" KERNEL="linux" LANG="en_US.UTF-8" LANGUAGE="ru_RU.UTF-8" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LC_ALL="" LDFLAGS="-Wl,--as-needed -Wl,-O1 -Wl,--sort-common -Wl,--warn-once -Wl,--hash-style=gnu" LDFLAGS_x86="-m elf_i386" LESS="-R -M --shift 5" LESSOPEN="|lesspipe.sh %s" LIBDIR_amd64="lib64" LIBDIR_amd64_fbsd="lib64" LIBDIR_ppc="lib32" LIBDIR_ppc64="lib64" LIBDIR_s390="lib32" LIBDIR_s390x="lib64" LIBDIR_sparc32="lib32" LIBDIR_sparc64="lib64" LIBDIR_x86="lib32" LIBDIR_x86_fbsd="lib32" LINGUAS="ru" LOCAL_LAYMAN="/usr/local/portage/layman" LOGNAME="ra" MAKEOPTS="-s -j5 -l5" MANPATH="/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.21/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.2/man" MULTILIB_ABIS="amd64" MULTILIB_STRICT_DENY="64-bit.*shared object" MULTILIB_STRICT_DIRS="/lib32 /lib /usr/lib32 /usr/lib /usr/kde/*/lib32 /usr/kde/*/lib /usr/qt/*/lib32 /usr/qt/*/lib /usr/X11R6/lib32 /usr/X11R6/lib" MULTILIB_STRICT_EXEMPT="(perl5|gcc|gcc-lib|binutils|eclipse-3|debug|portage)" NETBEANS="apisupport cnd groovy gsf harness ide identity j2ee java mobility nb php profiler soa visualweb webcommon websvccommon xml" NGINX_MODULES_HTTP="access addition auth_basic autoindex browser charset empty_gif fastcgi geo gzip limit_req limit_zone map memcached perl proxy random_index referer rewrite scgi split_clients ssi secure_link stub_status sub upstream_ip_hash userid uwsgi" NGINX_MODULES_MAIL="imap" NOCOLOR="true" OLDPWD="/home/ra" OPENGL_PROFILE="xorg-x11" ORBIT_SOCKETDIR="/tmp/.private/ra/orbit-ra" PAGER="/usr/bin/less" PATH="/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.5.2:/usr/games/bin" PHP_TARGETS="php5-3" PKGDIR="/usr/portage/packages" PORTAGE_ARCHLIST="ppc sparc64-freebsd ppc-openbsd x86-openbsd ppc64 x86-winnt x86-fbsd ppc-aix alpha arm x86-freebsd s390 amd64 arm-linux x86-macos x64-openbsd ia64-hpux hppa x86-netbsd x86-cygwin amd64-linux ia64-linux x86 sparc-solaris x64-freebsd sparc64-solaris x86-linux x64-macos sparc m68k-mint ia64 mips ppc-macos x86-interix hppa-hpux amd64-fbsd x64-solaris mips-irix m68k sh x86-solaris sparc-fbsd" PORTAGE_BINHOST_CHUNKSIZE="3000" PORTAGE_BIN_PATH="/usr/lib64/portage/bin" PORTAGE_COMPRESS_EXCLUDE_SUFFIXES="css gif htm[l]? jp[e]?g js pdf png" PORTAGE_CONFIGROOT="/" PORTAGE_DEBUG="0" PORTAGE_DEPCACHEDIR="/var/cache/edb/dep" PORTAGE_ECLASS_WARNING_ENABLE="1" PORTAGE_ELOG_CLASSES="warn error info log qa" PORTAGE_ELOG_MAILFROM="portage@localhost" PORTAGE_ELOG_MAILSUBJECT="[portage] ebuild log for ${PACKAGE} on ${HOST}" PORTAGE_ELOG_MAILURI="root" PORTAGE_ELOG_SYSTEM="echo save" PORTAGE_FETCH_CHECKSUM_TRY_MIRRORS="5" PORTAGE_FETCH_RESUME_MIN_SIZE="350K" PORTAGE_GID="250" PORTAGE_GPG_SIGNING_COMMAND="gpg --sign --clearsign --yes --default-key "${PORTAGE_GPG_KEY}" --homedir "${PORTAGE_GPG_DIR}" "${FILE}"" PORTAGE_INST_GID="0" PORTAGE_INST_UID="0" PORTAGE_IONICE_COMMAND="ionice -c 3 -p ${PID}" PORTAGE_NICENESS="10" PORTAGE_PATCHDIR="/etc/portage/patches" PORTAGE_PYM_PATH="/usr/lib64/portage/pym" PORTAGE_QUIET="1" PORTAGE_RSYNC_EXTRA_OPTS="-6" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_RSYNC_RETRIES="-1" PORTAGE_SANDBOX_COMPAT_LEVEL="22" PORTAGE_SYNC_STALE="30" PORTAGE_TMPDIR="/var/tmp" PORTAGE_VERBOSE="1" PORTAGE_WORKDIR_MODE="0700" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/sunrise /var/lib/layman/hardened-development /var/lib/layman/zugaina /var/lib/layman/taaroa" PORT_LOGDIR="/var/lib/portage/logs" PRELINK_PATH_MASK="/usr/lib64/libfreebl3.so:/usr/lib64/libnssdbm3.so:/usr/lib64/libsoftokn3.so" PROFILE_ONLY_VARIABLES="ARCH ELIBC KERNEL USERLAND" PWD="/home/ra" PYTHONDONTWRITEBYTECODE="1" RESUMECOMMAND="/usr/bin/wget -c -t 3 -T 60 --passive-ftp -O "${DISTDIR}/${FILE}" "${URI}"" RESUMECOMMAND_RSYNC="rsync -avP "${URI}" "${DISTDIR}/${FILE}"" RESUMECOMMAND_SSH="bash -c "x=\${2#ssh://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port=22 ; exec rsync --rsh=\"ssh -p\${port}\" -avP \"\${host}:/\${x#*/}\" \"\$1\"" rsync "${DISTDIR}/${FILE}" "${URI}"" ROOT="/" ROOTPATH="/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.5.2" RPMDIR="/usr/portage/rpm" RUBY_TARGETS="ruby18" SESSION_MANAGER="local/taaroa:@/tmp/.ICE-unix/7359,unix/taaroa:/tmp/.ICE-unix/7359" SHELL="/bin/zsh" SHLVL="1" SSH_AGENT_PID="5185" SSH_AUTH_SOCK="/tmp/.private/ra/keyring-7FF3l5/ssh" STAGE1_USE="hardened nptl nptlonly pic" SYMLINK_LIB="yes" SYNC="rsync://portage.org.ua/gentoo-portage" SYSFONT="ter-u20n" TERM="xterm" TMP="/tmp/.private/ra" TMPDIR="/tmp/.private/ra" USER="ra" USERLAND="GNU" USERNAME="ra" USE_EXPAND="ALSA_CARDS ALSA_PCM_PLUGINS APACHE2_MODULES APACHE2_MPMS CAMERAS COLLECTD_PLUGINS CROSSCOMPILE_OPTS DRACUT_MODULES DVB_CARDS ELIBC FCDSL_CARDS FOO2ZJS_DEVICES FRITZCAPI_CARDS GPSD_PROTOCOLS INPUT_DEVICES KERNEL LCD_DEVICES LINGUAS LIRC_DEVICES MISDN_CARDS NETBEANS_MODULES NGINX_MODULES_HTTP NGINX_MODULES_MAIL PHP_TARGETS QEMU_SOFTMMU_TARGETS QEMU_USER_TARGETS RUBY_TARGETS SANE_BACKENDS USERLAND VIDEO_CARDS XFCE_PLUGINS XTABLES_ADDONS" USE_EXPAND_HIDDEN="CROSSCOMPILE_OPTS ELIBC KERNEL USERLAND" USE_ORDER="env:pkg:conf:defaults:pkginternal:env.d" VIDEO_CARDS="nouveau" WINDOWPATH="7:7" XAUTHORITY="/home/ra/.Xauthority" XDG_CONFIG_DIRS="/etc/xdg" XDG_DATA_DIRS="/usr/local/share:/usr/share:/usr/share/gdm" XDG_MENU_PREFIX="gnome-" XDG_SESSION_COOKIE="dbd4edbd3e8770a5684225a14ad6ba32-1302687397.837623-1221912706" XTABLES_ADDONS="account chaos condition delude dhcpmac fuzzy geoip gradm iface ipmark ipp2p ipset ipv4options length2 logmark lscan pknock psd quota2 rawnat steal tarpit tee" _="/usr/bin/emerge" Portage 2.2.0_alpha30 (hardened/linux/amd64/no-multilib, gcc-4.5.2, glibc-2.13-r2, 2.6.38-hardened x86_64) ================================================================= System Settings ================================================================= System uname: Linux-2.6.38-hardened-x86_64-AMD_Phenom-tm-_II_X4_925_Processor-with-gentoo-2.0.2 Timestamp of tree: Thu, 14 Apr 2011 13:45:01 +0000 ccache version 3.1.4 [disabled] USE="3dnow 3dnowext X acl alsa amd64 berkdb bzip2 caps cleartype cli cracklib crypt cxx directfb dlv dri drm fbcon fbdev gallium gdbm gmp gpm hardened iconv idn ipv6 justify lzma mmx mmxext modules mudflap ncurses nls nouveau nptl nptlonly nsec3 opengl openmp pam pcre perl pppd readline session smp sse sse2 sse3 sse4 ssl sysfs tcpd threads truetype udev unicode urandom xattr xorg zlib zsh-completion" ALSA_CARDS="intel8x0 hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ru" NGINX_MODULES_HTTP="access addition auth_basic autoindex browser charset empty_gif fastcgi geo gzip limit_req limit_zone map memcached perl proxy random_index referer rewrite scgi split_clients ssi secure_link stub_status sub upstream_ip_hash userid uwsgi" NGINX_MODULES_MAIL="imap" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nouveau" XTABLES_ADDONS="account chaos condition delude dhcpmac fuzzy geoip gradm iface ipmark ipp2p ipset ipv4options length2 logmark lscan pknock psd quota2 rawnat steal tarpit tee" ================================================================= Package Settings ================================================================= USE="alsa custom-optimization dbus ipc startup-notification system-sqlite webm -debug -libnotify -wifi" LINGUAS="ru -af -ak -ar -ast -be -bg -bn -bn_BD -bn_IN -br -bs -ca -cs -cy -da -de -el -en -en_US -eo -es -es_ES -et -eu -fa -fi -fr -fy -fy_NL -ga -ga_IE -gd -gl -gu -gu_IN -he -hi -hi_IN -hr -hu -hy -hy_AM -id -is -it -ja -kk -kn -ko -ku -lg -lt -lv -mai -mk -ml -mr -nb -nb_NO -nl -nn -nn_NO -nso -or -pa -pa_IN -pl -pt -pt_PT -rm -ro -si -sk -sl -son -sq -sr -sv -sv_SE -ta -ta_LK -te -th -tr -uk -vi -zu" www-client/icecat-4.0 was built with the following: CFLAGS="-march=native -pipe -g0 -Wno-all -Wno-return-type -w" CXXFLAGS="-march=native -pipe -g0 -Wno-all -Wno-return-type -w"
Created attachment 270003 [details] strace icecet
Created attachment 270005 [details] /var/log/pax.log
You are being killed by a plugin or extension, if you can reproduce with -safe-mode please reopen bug and list all installed extensions and plugins.
ok. test. mv .gnuzilla/ .mozilla/ tmp/ strace icecat 2> tmp/icecattrace2 +++ killed by SIGKILL +++
Created attachment 270089 [details] /var/log/pax.log #2
Created attachment 270093 [details] strace icecat #2
Created attachment 270107 [details] strace icecat -safe-mode 2> tmp/icecattrace3
Created attachment 270109 [details] /var/log/pax.log #3 after remove .gnuzilla/ .mozilla/ & icecat -safe-mode the result is the same.
ok. on new x86 system (Linux-2.6.38-hardened-i686-AMD_Phenom-tm-_II_X4_925_Processor-with-gentoo-2.0.2 ). Apr 22 11:35:46 localhost kernel: [757722.871794] PAX: execution attempt in: (null), 00000000-00000000 00000000 Apr 22 11:35:46 localhost kernel: [757722.871799] PAX: terminating task: /usr/lib/icecat/icecat(icecat):1136, uid/euid: 1000/1000, PC: (nil), SP: 00000000fd2a8cec Apr 22 11:35:46 localhost kernel: [757722.871803] PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? Apr 22 11:35:46 localhost kernel: [757722.871815] PAX: bytes at SP-8: fd2a8dc800a00000 00000017e78f0f9b 0000000000008000 00000000009f8000 fd2a8d38e7982d68 e95fb1a2fd2a8dc8 00108000e7982d68 0000001700000000 e7982d68fd2a8d4c 00000f1002359318 00a0000000000000
Created attachment 270847 [details] emerge --info icecat
Created attachment 270849 [details] strace icecat 2> tmp/icecattrace
Created attachment 270851 [details] zegrep 'GRK|PAX' /proc/config.gz > tmp/config
Not sure what's going on here, I had no problems with icecast on a fully hardened x86 box. A slightly different emerge --info: hard-thirtytwo icecast2 # emerge --info icecast Portage 2.1.9.42 (hardened/linux/x86, gcc-4.5.2, libc-0-r0, 2.6.36-hardened-r9 i686) ================================================================= System Settings ================================================================= System uname: Linux-2.6.36-hardened-r9-i686-Intel-R-_Core-TM-_i7_CPU_920_@_2.67GHz-with-gentoo-2.0.2 Timestamp of tree: Fri, 22 Apr 2011 07:00:01 +0000 app-shells/bash: 4.1_p9 dev-lang/python: 2.7.1-r1, 3.1.3-r1 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 2.0.2 sys-apps/openrc: 0.8.2 sys-apps/sandbox: 2.4 sys-devel/autoconf: 2.65-r1 sys-devel/automake: 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.5, 4.5.2 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.10 sys-devel/make: 3.81-r2 sys-kernel/linux-headers: 2.6.36.1 virtual/os-headers: 0 ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="* -@EULA" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -march=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="" GENTOO_MIRRORS="ftp://192.168.100.9/pub/gentoo" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/blueness /var/lib/layman/hardened-development" SYNC="rsync://192.168.100.7/portage" USE="acl berkdb bzip2 cli cracklib crypt cups cxx dri gdbm gpm hardened iconv modules mudflap ncurses nls nptl nptlonly openmp pam pcre perl pic pppd python readline session ssl sysfs tcpd urandom x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 intel mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa via vmware nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS ================================================================= Package Settings ================================================================= net-misc/icecast-2.3.2 was built with the following: USE="speex ssl theora yp"
(In reply to comment #13) > Not sure what's going on here, I had no problems with icecast on a fully > hardened x86 box. > net-misc/icecast-2.3.2 was built with the following: www-client/icecat-4.0 Homepage: http://www.gnu.org/software/gnuzilla/ Description: GNU project's edition of Mozilla Firefox but www-client/icecat-3.6.16 works fine.
(In reply to comment #14) > (In reply to comment #13) > > Not sure what's going on here, I had no problems with icecast on a fully > > hardened x86 box. > > net-misc/icecast-2.3.2 was built with the following: > www-client/icecat-4.0 > Homepage: http://www.gnu.org/software/gnuzilla/ > Description: GNU project's edition of Mozilla Firefox > > but www-client/icecat-3.6.16 works fine. Sorry missed that. So its icecast-4.0 which is not in the tree yet. This bug is a bit premature since the problem may be cleaned up by the time 4.0 hits the tree. BTW the maintainer is listed as sound@gentoo.org. Jory should this be going to mozilla?
(In reply to comment #15) > (In reply to comment #14) > > (In reply to comment #13) > > > Not sure what's going on here, I had no problems with icecast on a fully > > > hardened x86 box. > > > net-misc/icecast-2.3.2 was built with the following: > > www-client/icecat-4.0 > > Homepage: http://www.gnu.org/software/gnuzilla/ > > Description: GNU project's edition of Mozilla Firefox > > > > but www-client/icecat-3.6.16 works fine. > > Sorry missed that. So its icecast-4.0 which is not in the tree yet. > > This bug is a bit premature since the problem may be cleaned up by the time 4.0 > hits the tree. > > BTW the maintainer is listed as sound@gentoo.org. Jory should this be going to > mozilla? 4.0 is in the tree. And it belongs to mozilla LOL. I will try to dig into it tonight to see if I can reproduce on my hardened setup.
Build platform target x86_64-pc-linux-gnu Build tools Compiler Version Compiler flags x86_64-pc-linux-gnu-gcc gcc version 4.6.0 (Gentoo Hardened 4.6.0 p1.2, pie-0.4.5) -Wall -W -Wno-unused -Wpointer-arith -Wcast-align -W -march=core2 -pipe -Wimplicit-function-declaration -Wno-return-type -w -fno-strict-aliasing -pthread -pipe -DNDEBUG -DTRIMMED -O2 x86_64-pc-linux-gnu-g++ gcc version 4.6.0 (Gentoo Hardened 4.6.0 p1.2, pie-0.4.5) -fno-rtti -fno-exceptions -Wall -Wpointer-arith -Woverloaded-virtual -Wsynth -Wno-ctor-dtor-privacy -Wno-non-virtual-dtor -Wcast-align -Wno-invalid-offsetof -Wno-variadic-macros -Werror=return-type -march=core2 -pipe -Wenum-compare -Wno-return-type -w -fno-strict-aliasing -fshort-wchar -pthread -pipe -DNDEBUG -DTRIMMED -O2 Configure arguments --enable-application=xulrunner --enable-optimize=-O2 --with-system-jpeg --with-system-zlib --enable-pango --enable-svg --enable-system-cairo --disable-installer --disable-pedantic --disable-updater --disable-strip --disable-strip-libs --disable-install-strip --enable-single-profile --disable-profilesharing --disable-profilelocking --enable-default-toolkit=cairo-gtk2 --enable-ogg --enable-wave --enable-dbus --disable-debug --disable-tests --disable-debugger-info-modeules --enable-libnotify --disable-startup-notification --disable-system-sqlite --enable-necko-wifi --enable-shared-js --enable-webm --with-system-libvpx --enable-tracejit --with-system-nspr --with-nspr-prefix=/usr --with-system-nss --with-nss-prefix=/usr --x-includes=/usr/include --x-libraries=/usr/lib64 --with-system-libevent=/usr --enable-system-hunspell --disable-gnomevfs --disable-gnomeui --enable-gio --enable-storage --enable-places --enable-places_bookmarks --enable-oji --enable-mathml --disable-mochitest --with-default-mozilla-five-home=/usr/lib64/xulrunner-2.0 --disable-mailnews --enable-canvas --enable-safe-browsing --with-system-png --disable-system-sqlite --disable-gconf --enable-extensions=default --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --libdir=/usr/lib64 As you can see this is clearly not a hardened issue as I am posting from icecat right now.
Okay I have egg on my face. Its icecat not icecast! Please ignore my above remarks as they were about icecast.
Created attachment 270975 [details] strace icecat 2> tmp/icecatGcc4.6 * Switching native-compiler to x86_64-pc-linux-gnu-4.6.0 ... Couldn't load XPCOM. revdep-rebuld, emerge -1 nss & lafilefixer --justfixit does not solve the problem. and this is not a PaX problem.
(In reply to comment #19) > Created attachment 270975 [details] > strace icecat 2> tmp/icecatGcc4.6 > > * Switching native-compiler to x86_64-pc-linux-gnu-4.6.0 ... > > Couldn't load XPCOM. > > > revdep-rebuld, emerge -1 nss & lafilefixer --justfixit does not solve the > problem. > and this is not a PaX problem. rebuild xulrunner :)
(In reply to comment #20) > rebuild xulrunner :) heh. this is a very unstable program. Build platform target x86_64-pc-linux-gnu Build tools Compiler Version Compiler flags x86_64-pc-linux-gnu-gcc gcc version 4.6.0 (Gentoo Hardened 4.6.0 p0.9.2, pie-0.4.8) -Wall -W -Wno-unused -Wpointer-arith -Wcast-align -W -march=native -pipe -g0 -Wno-all -Wno-return-type -w -fno-strict-aliasing -pthread -pipe -DNDEBUG -DTRIMMED -O2 x86_64-pc-linux-gnu-g++ gcc version 4.6.0 (Gentoo Hardened 4.6.0 p0.9.2, pie-0.4.8) -fno-rtti -fno-exceptions -Wall -Wpointer-arith -Woverloaded-virtual -Wsynth -Wno-ctor-dtor-privacy -Wno-non-virtual-dtor -Wcast-align -Wno-invalid-offsetof -Wno-variadic-macros -Werror=return-type -march=native -pipe -g0 -Wno-all -Wno-return-type -w -fno-strict-aliasing -fshort-wchar -pthread -pipe -DNDEBUG -DTRIMMED -O2 Configure arguments --enable-application=xulrunner --enable-optimize=-O2 --with-system-jpeg --with-system-zlib --enable-pango --enable-svg --enable-system-cairo --disable-installer --disable-pedantic --disable-updater --disable-strip --disable-strip-libs --disable-install-strip --enable-single-profile --disable-profilesharing --disable-profilelocking --enable-default-toolkit=cairo-gtk2 --enable-ogg --enable-wave --disable-dbus --disable-debug --disable-tests --disable-debugger-info-modeules --disable-libnotify --enable-startup-notification --enable-system-sqlite --with-sqlite-prefix=/usr --disable-necko-wifi --enable-shared-js --enable-webm --with-system-libvpx --enable-tracejit --with-system-nspr --with-nspr-prefix=/usr --with-system-nss --with-nss-prefix=/usr --x-includes=/usr/include --x-libraries=/usr/lib64 --with-system-libevent=/usr --enable-system-hunspell --disable-gnomevfs --disable-gnomeui --enable-gio --enable-storage --enable-places --enable-places_bookmarks --enable-oji --enable-mathml --disable-mochitest --with-default-mozilla-five-home=/usr/lib64/xulrunner-2.0 --disable-mailnews --enable-canvas --enable-safe-browsing --enable-system-sqlite --disable-gconf --enable-extensions=default --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --libdir=/usr/lib64
If you can not reproduce this with icecat-5.0 please close bug, if no comment in next 7 days we will close as needinfo.
requested info has not been supplied.
