The package sys-fs/e2fsprogs-1.35 does not cooperate with the filter-flags logic. Adding the flag-o-matic call to filter-flags "-fstack-protector" normally emits "-fno-stack-protector" to the CFLAGS properly and this value prevents a hardened gcc to introduce SSP protection to an executable or library. As seen, a transparent wrapper approach has been declined by the -dev team. Now the maintainers should also make this package CFLAGS- aware as soon as possible. The following command will show whether the library is still affected by guard symbols referring the GLIBC: # find / -type f -name "*ext2fs*so*" -exec readelf -s {} \; 2>/dev/null | grep guard 301: 00000000 32 OBJECT GLOBAL DEFAULT UND __guard@GLIBC_2.3.2 (5) If this continues to be the case, building silo on sparc with hardened gcc will fail even if the proper CFLAGS="-fstack-protector" are given to silo. The reason for this can be seen when building silo fails with the following error message: gcc -fno-pic -fno-stack-protector -fno-stack-protector-all -m32 -Os -Wall -I. -I../include -fomit-frame-pointer -fno-stric t-aliasing -DSMALL_RELOC=0x280000 -DLARGE_RELOC=0x380000 -DTFTP -DVERSION='"1.4.4"' -c -o decompnet.o decomp.c gcc -fno-pic -fno-stack-protector -fno-stack-protector-all -m32 -Os -Wall -I. -I../include -fomit-frame-pointer -fno-stric t-aliasing -DSMALL_RELOC=0x280000 -DLARGE_RELOC=0x380000 -DTFTP -c -o mainnet.o main.c rm -f fs/libfs.a ar rc fs/libfs.a fs/iom.o fs/ext2.o fs/isofs.o fs/romfs.o fs/ufs.o ld -N -Ttext 0x280000 -Bstatic -o second crt0.o decomp.o ../common/console.o ../common/printf.o malloc.o ../common/jmp.o . ./common/prom.o ../common/tree.o ../common/urem.o ../common/udiv.o ../common/stringops1.o ../common/ffs.o bmark.o main.o c mdline.o disk.o file.o misc.o cfg.o strtol.o ranges.o timer.o memory.o fs/libfs.a divdi3.o mul.o ../common/rem.o ../common /sdiv.o umul.o ../common/stringops2.o ls.o muldi3.o -lext2fs mark.o /usr/lib/libext2fs.a(namei.o)(.text+0x24): In function `follow_link': : undefined reference to `__guard' /usr/lib/libext2fs.a(namei.o)(.text+0x3c): In function `follow_link': : undefined reference to `__guard' /usr/lib/libext2fs.a(namei.o)(.text+0x6c): In function `follow_link': : undefined reference to `__guard' /usr/lib/libext2fs.a(namei.o)(.text+0x90): In function `follow_link': : undefined reference to `__guard' /usr/lib/libext2fs.a(namei.o)(.text+0xb8): In function `follow_link': : undefined reference to `__stack_smash_handler' As one can clearly see, the libext2fs contains the broken references to the GUARD and STACK SMASH HANDLER in glibc. This can be prevented when e2fsprogs would honour the CFLAGS and the filter-flags "-fstack-protector" would actually work. Reproducible: Always Steps to Reproduce: 1. USE=hardened emerge gcc-3.3.3-r5 on sparc (still masked) 2. emerge e2fsprogs (with adding filter-flags -fstack-protector) 3. emerge silo (with adding filter-flags -fstack-protector) Actual Results: e2fsprogs did not honour CFLAGS silo did not honour CFLAGS and died because of e2fsprogs library containing guard references to glibc Expected Results: e2fsprogs must filter-flags "-fstack-protector" # emerge info Portage 2.0.50-r6 (default-sparc64-2004.0, gcc-3.3.3, glibc-2.3.3_pre20040420- r0, 2.6.6) ================================================================= System uname: 2.6.6 sparc64 sun4u Gentoo Base System version 1.4.14 Autoconf: sys-devel/autoconf-2.59-r3 Automake: sys-devel/automake-1.8.3 ACCEPT_KEYWORDS="sparc ~sparc" AUTOCLEAN="yes" CFLAGS="-O2 -mcpu=ultrasparc" CHOST="sparc-unknown-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/ config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -mcpu=ultrasparc" DISTDIR="/usr/portage/distfiles" FEATURES="ccache sandbox" GENTOO_MIRRORS="http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X arts avi berkdb crypt cups encode esd fbcon foomaticdb gdbm gif gnome gtk hardened imlib jpeg kde libwww mad mikmod motif mpeg ncurses nls oggvorbis opengl oss pam pdflib perl png python qt readline sdl slang sparc spell ssl tcpd truetype xml2 xmms xv zlib" # gcc -v Reading specs from /usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/specs Configured with: /var/tmp/portage/gcc-3.3.3-r5/work/gcc-3.3.3/configure -- prefix=/usr --bindir=/usr/sparc-unknown-linux-gnu/gcc-bin/3.3 -- includedir=/usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/include -- datadir=/usr/share/gcc-data/sparc-unknown-linux-gnu/3.3 --mandir=/usr/share/gcc- data/sparc-unknown-linux-gnu/3.3/man --infodir=/usr/share/gcc-data/sparc- unknown-linux-gnu/3.3/info --enable-shared --host=sparc-unknown-linux-gnu -- target=sparc-unknown-linux-gnu --with-system-zlib --enable-languages=c,c++ -- enable-threads=posix --enable-long-long --disable-checking --disable-libunwind- exceptions --enable-cstdio=stdio --enable-version-specific-runtime-libs --with- gxx-include-dir=/usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/include/g++-v3 -- with-local-prefix=/usr/local --enable-shared --enable-nls --without-included- gettext --disable-multilib --enable-__cxa_atexit --enable-clocale=generic Thread model: posix gcc version 3.3.3 20040412 (Gentoo Hardened Linux 3.3.3-r5, ssp-3.3-7, pie- 8.7.5) This gcc version is experimental and prereleased. However, the problem is critical and prevents us from rolling sparc stages. Thanks for your cooperation.
Correction: the proper CFLAGS to silo would be "-fno-stack-protector" of course. Or filter-flags "-fstack-protector", which then adds CFLAGS "-fno-stack-protector" in the eclass. Thanks, Alex
Created attachment 31940 [details, diff] silo-1.4.5.ebuild.diff Try this.
I am currently testing if e2fsprogs can be compiled without SSP symbols. However, this program belongs to the base profile, so in the long run we got to get it going with SSP and re-invent a -lssp method for adding the symbols to binaries and libraries without a dependency to glibc. however, the question remains how the application behaves when a binary depends on glibc, a dynamically linked library of it not and thus contains a reference to the "wrong" __guard in the libssp library. Then the problems with the libgcc and the new libssp would be interchangeable again and we could run into the same apache+php problem with double __guard trouble in binary and linked libraries. And maybe it just works til something big breaks. src_compile() { local myconf use static \ && myconf="${myconf} --with-ldopts=-static" \ || myconf="${myconf} --enable-dynamic-e2fsck --enable-elf-shlibs" econf \ `use_enable nls` \ ${myconf} || die # brute force the SSP exclusion flags into the Makefiles use sparc && has_ssp && \ find ${WORKDIR} -type f -name "Makefile" -exec sed -i "s/CFLAGS =/CFLAGS = -fno-stack-protector/g" {} \; # Parallel make sometimes fails emake -j1 || die }
If this bug gets assigned to us, i can also still fix it myself. Thank you so much.
even the CFLAGS are not fully used, the emerged library still contained guard references, currently trying with changed CC variable.
Created attachment 31947 [details, diff] libssp.diff Untested patch for glibc to give you -lssp per our chat.
Comment on attachment 31947 [details, diff] libssp.diff patch was missing ssp.c
Created attachment 31948 [details, diff] libssp.diff libssp.diff that adds ${FILESDIR}/2.3.3/ssp.c
# readelf -s /usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/libgcc_s.so.1 | grep guard 110: 00000000 32 OBJECT GLOBAL DEFAULT UND __guard@GLIBC_2.3.2 (9) 274: 00000000 32 OBJECT GLOBAL DEFAULT UND __guard@@GLIBC_2.3.2 this current gcc contains guard references i dont know how much that plays into the creation of the libraries, but i doubt it is okay and i also think the guard symbols come into the library because gcc in the linking run fetches it from libgcc, even if -fno-stack-protector is set: 11:40:13 [/space/pappy/chroots/chroot003:4485.pts-31.evildrop]evildrop /var/tmp/portage/e2fsprogs-1.35/work/e2fsprogs-1.35/lib/ext2fs/elfshared # gcc -fno-stack-protector --shared -o libext2fs.so.2.4 -Wl,-soname,libext2fs.so.2 bb_compat.o cmp_bitmaps.o fileio.o inode_io.o namei.o write_bb_file.o rs_bitmap.o dupfs.o test_io.o imager.o ext2_err.o alloc.o alloc_sb.o alloc_stats.o alloc_tables.o badblocks.o bb_inode.o bitmaps.o bitops.o block.o bmap.o check_desc.o closefs.o dblist.o dblist_dir.o dirblock.o dirhash.o dir_iterate.o expanddir.o ext_attr.o finddev.o flushb.o freefs.o gen_bitmap.o get_pathname.o getsize.o getsectsize.o icount.o initialize.o inline.o inode.o ismounted.o link.o llseek.o lookup.o mkdir.o mkjournal.o native.o newdir.o openfs.o read_bb.o read_bb_file.o rw_bitmaps.o swapfs.o unix_io.o unlink.o valid_blk.o version.o -L../.. -lcom_err -fno-stack-protector-all -fno-stack-protector -v Reading specs from /usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/specs Configured with: /var/tmp/portage/gcc-3.3.3-r5/work/gcc-3.3.3/configure --prefix=/usr --bindir=/usr/sparc-unknown-linux-gnu/gcc-bin/3.3 --includedir=/usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/include --datadir=/usr/share/gcc-data/sparc-unknown-linux-gnu/3.3 --mandir=/usr/share/gcc-data/sparc-unknown-linux-gnu/3.3/man --infodir=/usr/share/gcc-data/sparc-unknown-linux-gnu/3.3/info --enable-shared --host=sparc-unknown-linux-gnu --target=sparc-unknown-linux-gnu --with-system-zlib --enable-languages=c,c++ --enable-threads=posix --enable-long-long --disable-checking --disable-libunwind-exceptions --enable-cstdio=stdio --enable-version-specific-runtime-libs --with-gxx-include-dir=/usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/include/g++-v3 --with-local-prefix=/usr/local --enable-shared --enable-nls --without-included-gettext --disable-multilib --enable-__cxa_atexit --enable-clocale=generic Thread model: posix gcc version 3.3.3 20040412 (Gentoo Hardened Linux 3.3.3-r5, ssp-3.3-7, pie-8.7.6) /usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/collect2 --eh-frame-hdr -m elf32_sparc -Y P,/usr/lib -shared -relax -z relro -z now -o libext2fs.so.2.4 /usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/../../../crti.o /usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/crtbeginS.o -L../.. -L/usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3 -L/usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/../../../../sparc-unknown-linux-gnu/lib -L/usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/../../.. -soname libext2fs.so.2 bb_compat.o cmp_bitmaps.o fileio.o inode_io.o namei.o write_bb_file.o rs_bitmap.o dupfs.o test_io.o imager.o ext2_err.o alloc.o alloc_sb.o alloc_stats.o alloc_tables.o badblocks.o bb_inode.o bitmaps.o bitops.o block.o bmap.o check_desc.o closefs.o dblist.o dblist_dir.o dirblock.o dirhash.o dir_iterate.o expanddir.o ext_attr.o finddev.o flushb.o freefs.o gen_bitmap.o get_pathname.o getsize.o getsectsize.o icount.o initialize.o inline.o inode.o ismounted.o link.o llseek.o lookup.o mkdir.o mkjournal.o native.o newdir.o openfs.o read_bb.o read_bb_file.o rw_bitmaps.o swapfs.o unix_io.o unlink.o valid_blk.o version.o -lcom_err -lgcc -lc -lgcc /usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/crtendS.o /usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/../../../crtn.o 11:40:14 [/space/pappy/chroots/chroot003:4485.pts-31.evildrop]evildrop /var/tmp/portage/e2fsprogs-1.35/work/e2fsprogs-1.35/lib/ext2fs/elfshared
Anyway if you want the libssp stuff pappy please let me know. I'd make a few small changes to this .diff/.patch but don't want to keep attaching unless you are sure we need it. flags="${flags} -D__LIBSSP__ -Wl,-soname,libssp.so.${MY_PV}"
13:02:57 [/space/pappy/chroots/chroot004:2330.pts-3.evildrop]evildrop /usr/portage/sys-fs # readelf -s /lib/libext2fs.so.2.4 | grep guard 13:02:59 [/space/pappy/chroots/chroot004:2330.pts-3.evildrop]evildrop /usr/portage/sys-fs # gcc -v Reading specs from /usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/specs Configured with: /var/tmp/portage/gcc-3.3.3-r6/work/gcc-3.3.3/configure --prefix=/usr --bindir=/usr/sparc-unknown-linux-gnu/gcc-bin/3.3 --includedir=/usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/include --datadir=/usr/share/gcc-data/sparc-unknown-linux-gnu/3.3 --mandir=/usr/share/gcc-data/sparc-unknown-linux-gnu/3.3/man --infodir=/usr/share/gcc-data/sparc-unknown-linux-gnu/3.3/info --enable-shared --host=sparc-unknown-linux-gnu --target=sparc-unknown-linux-gnu --with-system-zlib --enable-languages=c,c++ --enable-threads=posix --enable-long-long --disable-checking --disable-libunwind-exceptions --enable-cstdio=stdio --enable-version-specific-runtime-libs --with-gxx-include-dir=/usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/include/g++-v3 --with-local-prefix=/usr/local --enable-shared --enable-nls --without-included-gettext --disable-multilib --enable-__cxa_atexit --enable-clocale=generic Thread model: posix gcc version 3.3.3 20040412 (Gentoo Hardened Linux 3.3.3-r6, ssp-3.3.2-2, pie-8.7.6) 13:03:02 [/space/pappy/chroots/chroot004:2330.pts-3.evildrop]evildrop /usr/portage/sys-fs with the e2fsprogs manipulated to insert -fno-stack-protector into the Makefiles and the -r6 version of gcc with the libgcc fixes from me, it works from e2fsprogs ebuild: src_compile() { local myconf use static \ && myconf="${myconf} --with-ldopts=-static" \ || myconf="${myconf} --enable-dynamic-e2fsck --enable-elf-shlibs" econf \ `use_enable nls` \ ${myconf} || die # massage the appropriate SSP suppression flags into the Makefiles # see bug 51386 find ${WORKDIR} -type f -name "Makefile" -exec sed -i "s/CC = gcc/CC = gcc -fno-stack-protector/g" {} \; # Parallel make sometimes fails emake -j1 || die } from gcc-3.3.3-r6 ebuild: ... # we apply only the needed parts of protectonly.dif sed -e 's|^CRTSTUFF_CFLAGS = |CRTSTUFF_CFLAGS = -fno-stack-protector -fno-stack-protector-all |' \ -i gcc/Makefile.in || die "Failed to update crtstuff!" sed -e 's|^\(LIBGCC2_CFLAGS.*\)$|\1 -fno-stack-protector -fno-stack-protector-all|' \ -i ${S}/gcc/Makefile.in || die "Failed to update libgcc!" release_version="${release_version}, ssp-${PP_FVER}" update_gcc_for_libc_ssp ... 13:05:00 [/space/pappy/chroots/chroot004:2330.pts-3.evildrop]evildrop /usr/portage/sys-fs # readelf -s /usr/lib/gcc-lib/sparc-unknown-linux-gnu/3.3.3/libgcc_s.so.1 | grep guard 13:05:13 [/space/pappy/chroots/chroot004:2330.pts-3.evildrop]evildrop /usr/portage/sys-fs # et voila! # emerge -v silo with the modification for the Makefiles: src_compile() { make CC="${CC} -fno-stack-protector" ${MAKEOPTS} || die } src_install() { make CC="${CC} -fno-stack-protector" DESTDIR=${D} install || die dodoc COPYING ChangeLog first-isofs/README.SILO_ISOFS docs/README* ... this logic has to be mocked up like in the grub/lilo ebuilds: inherit the flag-o-matic eclass and test_flag for the flag to be accepted by gcc but the next error comes along: LARGE_RELOC=0x380000 -DTFTP -c -o mainnet.o main.c rm -f fs/libfs.a ar rc fs/libfs.a fs/iom.o fs/ext2.o fs/isofs.o fs/romfs.o fs/ufs.o ld -N -Ttext 0x280000 -Bstatic -o second crt0.o decomp.o ../common/console.o ../common/printf.o malloc.o ../common/jmp.o ../common/prom.o ../common/tree.o ../common/urem.o ../common/udiv.o ../common/stringops1.o ../common/ffs.o bmark.o main.o cmdline.o disk.o file.o misc.o cfg.o strtol.o ranges.o timer.o memory.o fs/libfs.a divdi3.o mul.o ../common/rem.o ../common/sdiv.o umul.o ../common/stringops2.o ls.o muldi3.o -lext2fs mark.o ld -N -Ttext 0x380000 -Bstatic -o second2 crt0.o decomp.o ../common/console.o ../common/printf.o malloc.o ../common/jmp.o ../common/prom.o ../common/tree.o ../common/urem.o ../common/udiv.o ../common/stringops1.o ../common/ffs.o bmark.o main.o cmdline.o disk.o file.o misc.o cfg.o strtol.o ranges.o timer.o memory.o fs/libfs.a divdi3.o mul.o ../common/rem.o ../common/sdiv.o umul.o ../common/stringops2.o ls.o muldi3.o -lext2fs mark.o nm second | grep -v '*ABS*' | sort > second.map elftoaout -o second.aout second PT 0 Entry: Loadable to 0x280000[0x2a0f8] from 0xa0[0x1c4f8] align 0x20 PT 1 Entry: unknown elftoaout -o second2.aout second2 PT 0 Entry: Loadable to 0x380000[0x2a0f8] from 0xa0[0x1c4f8] align 0x20 PT 1 Entry: unknown ./util second.map second.aout second2.aout second.b second.b2 Distance between two changes larger than 63K 3 112361 0 make[1]: *** [second.b] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory `/var/tmp/portage/silo-1.4.5/work/silo-1.4.5/second' make: *** [all] Error 1 !!! ERROR: sys-boot/silo-1.4.5 failed. !!! Function src_compile, Line 22, Exitcode 2 !!! (no error message) is this still related to SSP? I think this time it is the automatic PIE support. so we expand the exclude arguments src_compile() { make CC="${CC} -fno-stack-protector -fno-pic" ${MAKEOPTS} || die } src_install() { make CC="${CC} -fno-stack-protector -fno-pic" DESTDIR=${D} install || die With this modification, silo emerges [ebuild R ] sys-boot/silo-1.4.5 So, the following steps need to be taken: 1) manage these changes to get into the -r6 version of Peter Mazinger 2) edit e2fsprogs on sparc to use test_flags for SSP exclusion 3) edit silo on sparc to use test_flags for SSP and PIE exclusion sincerely, Alex
Pappy, I have done some tests, and you do not need to add -fno-stack-protector (only -all) to CRTSTUFF_CFLAGS and LIBGCC2_CFLAGS Peter
and my tests have shown that this is not enough. maybe you are using a different specs exclude filter? -Alex
btw, i added -r6 with my logic to the cvs (still masked) and it works good on ~sparc and ~x86 so far if you feel better with it, i would be very happy to see you welcome this change bye again, Alex
tackling that one again, putting that into e2fsprogs-1.35.ebuild src_compile() { local myconf # building e2fsprogs on sparc results in silo breaking [ "${ARCH}" = "sparc" ] && filter-flags "-fstack-protector"
test please, its in CVS
