With Hardended GCC installed, I cannot run Mozilla FireFox due to stack smashing attack errors (error printed to terminal, no Firefox windows open). Also, if FireFox does start, then clicking on something casuses the browser to crash and display the aforementioned error. Reproducible: Always Steps to Reproduce: 1.Emerge hardended-gcc 2.Emerge mozilla-firefox 3.Try to run Firefox Actual Results: I added "filter-flags -fstack-protector" in this section of the ebuild: # Crashes on start when compiled with -fomit-frame-pointer filter-flags -fomit-frame-pointer -mpowerpc-gfxopt filter-flags -ffast-math append-flags -s -fforce-addr I then recompiled and FireFoz works fine now. Expected Results: Started and continued to run without errors. Portage 2.0.50-r1 (hardened-x86-2004.0, gcc-3.3.2, glibc-2.3.2-r9, 2.6.3-gentoo-r2) ================================================================= System uname: 2.6.3-gentoo-r2 i686 Intel(R) Pentium(R) 4 CPU 2.40GHz Gentoo Base System version 1.4.3.13 ccache version 2.3 [enabled] Autoconf: sys-devel/autoconf-2.58-r1 Automake: sys-devel/automake-1.7.7 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer -mmmx -msse2 -mfpmath=sse" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/3/share/config /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer -mmmx -msse2 -mfpmath=sse" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache sandbox sfperms strict" GENTOO_MIRRORS="rsync://mirrors.tds.net/gentoo ftp://mirrors.tds.net/gentoo ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo http://adelie.polymtl.ca/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X aalib apache2 avi berkdb cdr crypt directfb dvd dvdr gif gtk gtk2 imap java jpeg kde libwww mmx mpeg nls oggvorbis opengl oss pam pdflib perl pic png python qt quicktime readline spell sse ssl tcpd tetex theora truetype usb x86 xmms zlib"
Adding "filter-flags -fstack-protector" to the ebuild resolves the problem.
fixes it for you but what about everyone else ? ;)
filtering fstack protector fixes the problem? I see no fix here. I see a way to pretend that firefox might not have some fundamental problems in the first place. What I've noticed with fstack-protector thus far is there has never once been a runtime false positive. If a problem comes up with ssp it will be at compile time with inline assembly and mmx instructions, but runtime.. I think it probably is catching something valid here that's probably worth taking a closer look at. In what function does it die? What does the backtrace from the "core" look like? mozilla@g.o please don't filter this flag till we all know why it would/could cause problems in the first place.
No worries, will keep the flag unfiltered until we find that out.
good morning, please remove all optimization CFLAGS and recompile mozilla and mozilla firebird again to emerge a debugging version, use the command FEATURES="debug keeptemp keepwork" and CFLAGS="-g -ggdb" on the ebuild file directly to emerge the package only and remove all optimizer flags from /etc/make.conf:CFLAGS then run the firefox/mozilla binary from the command line with the following command: gdb --quiet --args ../path/to/mozilla/executable this will drop you into a gdb session where you can hit "run" to execute if this application is threaded, try compiling it statically to prevent the invokation of shared libraries executing thread code in parallel. when you hit the point, it will drop you into a traceback where the first command i want is: "where" the "where" command will show you exactly what the path of selfdestruction was thank you for your help, Alex
when you are on a pax kernel you need to chpax the binary with -pemsrv to prevent random loading for debugging otherwise it will not be able to find the frame pointer and entry/starting point. also bear in mind that you must not compile fomit-frame-pointer to have a good copy of the executable for debugging thanks
I haven't looked at the specifics of how ProPolice protects the stack, but when we built Mozilla using previous versions of StackGuard, we had to patch the stack-layout specific assembly language in mozilla/xpcom/reflect/xptcall/src/md/unix/xptcstubs_unixish_x86.cpp.
Re: comment #7 Jesse, interesting.. Could you please locate the xptcstubs_unixish_x86.patch and give it a try with ssp?
after typing my search string in the Quick Search bar firefox crashes. I opened it from a terminal window and tried it again and got the following error: Code: $ firefox firefox-bin: stack smashing attack in function virtual nsresult nsHTMLInputElement::HandleDOMEvent(nsIPresContext*, nsEvent*, nsIDOMEvent**, unsigned int, nsEventStatus*)/usr/lib/MozillaFirefox/run-mozilla.sh: line 451: 19021 Aborted "$prog" ${1+"$@"} /Code: every other thing seems to work fine and it does not crash when pressing enter on google after typing in a search string. i am not running hardened gentoo just a regular install on a laptop. gentoo-dev-sources-2.6.3-r1
do you have -fstack-protector in your CFLAGS?
the reason i am asking is that we had occurrences with early SSP protections that when a library or executable is only partly compiled/protected with SSP, those errors might happen. i will have the chance to test firefox when i finished emerging my new test station with XFree
if there is no update on this bug in the next week and my tests with firefox in a hardened chroot are successful, i gonna post a complete emerge info of my build environment and mark this bug WORKSFORME and remove the blocker status. Sincerely, Alex
no comment on stale bug