87269 – (kernel) hardened-sources-2.6.11-r1 fails to build (PaX error?)

Bug 87269 - (kernel) hardened-sources-2.6.11-r1 fails to build (PaX error?)

Summary: (kernel) hardened-sources-2.6.11-r1 fails to build (PaX error?)

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Duplicates (1):	87272 (view as bug list)
Depends on:
Blocks:

Reported:	2005-03-30 06:38 UTC by Spider (RETIRED)
Modified:	2005-07-24 07:08 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
.config (hardened-config,25.89 KB, text/plain) 2005-05-02 14:19 UTC, Spider (RETIRED)	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Spider (RETIRED) gentoo-dev

2005-03-30 06:43:57 UTC

thebunker linux # make
  CHK     include/linux/version.h
make[1]: `arch/i386/kernel/asm-offsets.s' is up to date.
  CHK     include/linux/compile.h
  CHK     usr/initramfs_list
  CC      fs/binfmt_elf.o
fs/binfmt_elf.c: In function `pax_parse_elf_flags':
fs/binfmt_elf.c:736: error: structure has no member named `flags'
make[1]: *** [fs/binfmt_elf.o] Error 1
make: *** [fs] Error 2



Appears to be PaX related due to the codeblock its in.

Comment 1 Stephen Bennett (RETIRED) gentoo-dev

2005-03-30 06:47:01 UTC

*** Bug 87272 has been marked as a duplicate of this bug. ***

Comment 2 Kevin F. Quinn (RETIRED) gentoo-dev

2005-05-02 13:06:15 UTC

I _think_ this is because the flags element of struct mm_struct is conditional on:

#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)

in include/linux/sched.h, but the usage is dependent on:

#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)                           

in fs/binfmt_elf.c


What PaX flags have you chosen (attach your kernel config file)?  If I'm right, you have the PaX EI and/or PT flags enabled but not the things that use them.  Try switching on "Enforce non-executable pages" or "Address Layout Randomization" in your kernel config.  Either way, let us know how you get on.

Comment 3 Spider (RETIRED) gentoo-dev

2005-05-02 14:19:32 UTC

Created attachment 57879 [details]
.config

Here's the .config, relevant parts as comment:
CONFIG_PAX=y
CONFIG_PAX_SOFTMODE=y
# CONFIG_PAX_EI_PAX is not set
CONFIG_PAX_PT_PAX_FLAGS=y
CONFIG_PAX_NO_ACL_FLAGS=y
# CONFIG_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
# CONFIG_PAX_NOEXEC is not set
# CONFIG_PAX_ASLR is not set

Comment 4 solar (RETIRED) gentoo-dev

2005-05-02 14:25:56 UTC

Spider just snag the .config from toucan ;)

Comment 5 Kevin F. Quinn (RETIRED) gentoo-dev

2005-05-02 15:07:05 UTC

Hah! I was right :)  Happens occasionally...

There's little point having CONFIG_PAX_PT_PAX_FLAGS set if you don't have CONFIG_PAX_NOEXEC or CONFIG_PAX_ASLR - the flags enabled by PT_PAX_FLAGS control how the NOEXEC and ASLR protections are applied.

Either switch off PT_PAX_FLAGS (or all of PaX!), or switch on NOEXEC and/or ASLR.

Comment 6 Kevin F. Quinn (RETIRED) gentoo-dev

2005-07-24 07:08:02 UTC

Possible fixes include:

1) Rework PAX patch to include the relevant declarations when CONFIG_NOEXEC |
CONFIG_ASLR instead of CONFIG_PAX

2) Warn user that one of NOEXEC/ASLR must be set, in CONFIG_PAX help

Given that the failing configuration is not a useful configuration anyway, I
propose we do nothing.