Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 43602 - Starting Firefox gives a "stack smashing attack" error
Summary: Starting Firefox gives a "stack smashing attack" error
Status: RESOLVED WORKSFORME
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: x86 Linux
: High blocker (vote)
Assignee: Alexander Gabert (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-03-03 06:21 UTC by ketanrp
Modified: 2004-09-23 18:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description ketanrp 2004-03-03 06:21:41 UTC
With Hardended GCC installed, I cannot run Mozilla FireFox due to stack smashing attack errors (error printed to terminal, no Firefox windows open).  Also, if FireFox does start, then clicking on something casuses the browser to crash and display the aforementioned error.

Reproducible: Always
Steps to Reproduce:
1.Emerge hardended-gcc
2.Emerge mozilla-firefox
3.Try to run Firefox
Actual Results:  
I added "filter-flags -fstack-protector" in this section of the ebuild:

    # Crashes on start when compiled with -fomit-frame-pointer
    filter-flags -fomit-frame-pointer -mpowerpc-gfxopt
    filter-flags -ffast-math
    append-flags -s -fforce-addr

I then recompiled and FireFoz works fine now.

Expected Results:  
Started and continued to run without errors.

Portage 2.0.50-r1 (hardened-x86-2004.0, gcc-3.3.2, glibc-2.3.2-r9, 2.6.3-gentoo-r2)
=================================================================
System uname: 2.6.3-gentoo-r2 i686 Intel(R) Pentium(R) 4 CPU 2.40GHz
Gentoo Base System version 1.4.3.13
ccache version 2.3 [enabled]
Autoconf: sys-devel/autoconf-2.58-r1
Automake: sys-devel/automake-1.7.7
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer -mmmx -msse2 -mfpmath=sse"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3.2/share/config /usr/kde/3/share/config /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer -mmmx -msse2 -mfpmath=sse"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox sfperms strict"
GENTOO_MIRRORS="rsync://mirrors.tds.net/gentoo ftp://mirrors.tds.net/gentoo
ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo http://adelie.polymtl.ca/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X aalib apache2 avi berkdb cdr crypt directfb dvd dvdr gif gtk gtk2 imap
java jpeg kde libwww mmx mpeg nls oggvorbis opengl oss pam pdflib perl pic png
python qt quicktime readline spell sse ssl tcpd tetex theora truetype usb x86
xmms zlib"
Comment 1 ketanrp 2004-03-03 06:42:47 UTC
Adding "filter-flags -fstack-protector" to the ebuild resolves the problem.
Comment 2 SpanKY gentoo-dev 2004-03-04 03:30:27 UTC
fixes it for you but what about everyone else ? ;)
Comment 3 solar (RETIRED) gentoo-dev 2004-03-04 08:48:41 UTC
filtering fstack protector fixes the problem? I see no fix here. I see a 
way to pretend that firefox might not have some fundamental problems in
the first place. What I've noticed with fstack-protector thus far is 
there has never once been a runtime false positive. If a problem comes  
up with ssp it will be at compile time with inline assembly and mmx
instructions, but runtime.. I think it probably is catching 
something valid here that's probably worth taking a closer look at.

In what function does it die? What does the backtrace from the "core" 
look like?

mozilla@g.o please don't filter this flag till we all know why it 
would/could cause problems in the first place.
Comment 4 Brad Laue (RETIRED) gentoo-dev 2004-03-04 09:53:51 UTC
No worries, will keep the flag unfiltered until we find that out.
Comment 5 Alexander Gabert (RETIRED) gentoo-dev 2004-03-04 10:44:21 UTC
good morning,

please remove all optimization CFLAGS and recompile mozilla and mozilla firebird again

to emerge a debugging version, use the command FEATURES="debug keeptemp keepwork" and CFLAGS="-g -ggdb" on the ebuild file directly to emerge the package only and remove all optimizer flags from /etc/make.conf:CFLAGS

then run the firefox/mozilla binary from the command line with the following command: gdb --quiet --args ../path/to/mozilla/executable

this will drop you into a gdb session where you can hit "run" to execute

if this application is threaded, try compiling it statically to prevent the invokation of shared libraries executing thread code in parallel.

when you hit the point, it will drop you into a traceback where the first command i want is:
"where"

the "where" command will show you exactly what the path of selfdestruction was

thank you for your help,

Alex
Comment 6 Alexander Gabert (RETIRED) gentoo-dev 2004-03-04 10:45:58 UTC
when you are on a pax kernel you need to chpax the binary with -pemsrv to prevent random loading for debugging otherwise it will not be able to find the frame pointer and entry/starting point.

also bear in mind that you must not compile fomit-frame-pointer to have a good copy of the executable for debugging

thanks
Comment 7 Jesse Michael 2004-03-29 14:18:24 UTC
I haven't looked at the specifics of how ProPolice protects the stack, but when we built Mozilla using previous versions of StackGuard, we had to patch the stack-layout specific assembly language in  mozilla/xpcom/reflect/xptcall/src/md/unix/xptcstubs_unixish_x86.cpp.
Comment 8 solar (RETIRED) gentoo-dev 2004-03-29 14:41:28 UTC

Re: comment #7
Jesse,
interesting..
Could you please locate the xptcstubs_unixish_x86.patch 
and give it a try with ssp?
Comment 9 cpdsa 2004-04-05 13:43:03 UTC
after typing my search string in the Quick Search bar firefox crashes. I opened it from a terminal window and tried it again and got the following error:

Code:
$ firefox
firefox-bin: stack smashing attack in function virtual nsresult nsHTMLInputElement::HandleDOMEvent(nsIPresContext*, nsEvent*, nsIDOMEvent**, unsigned int, nsEventStatus*)/usr/lib/MozillaFirefox/run-mozilla.sh: line 451: 19021 Aborted           "$prog" ${1+"$@"}
/Code:
every other thing seems to work fine and it does not crash when pressing enter on google after typing in a search string.

i am not running hardened gentoo just a regular install on a laptop. gentoo-dev-sources-2.6.3-r1
Comment 10 Alexander Gabert (RETIRED) gentoo-dev 2004-06-16 01:54:13 UTC
do you have -fstack-protector in your CFLAGS?
Comment 11 Alexander Gabert (RETIRED) gentoo-dev 2004-07-06 09:20:36 UTC
the reason i am asking is that we had occurrences with early SSP protections that when a library or executable is only partly compiled/protected with SSP, those errors might happen.

i will have the chance to test firefox when i finished emerging my new test station with XFree
Comment 12 Alexander Gabert (RETIRED) gentoo-dev 2004-07-08 12:49:45 UTC
if there is no update on this bug in the next week and my tests with firefox in a hardened chroot are successful, i gonna post a complete emerge info of my build environment and mark this bug WORKSFORME and remove the blocker status.

Sincerely,

Alex
Comment 13 Alexander Gabert (RETIRED) gentoo-dev 2004-09-23 18:08:25 UTC
no comment on stale bug