When glibc (sys-libs/glibc-2.3.4.20040808-r1) is compiled under linux-2.6.0+, it automatically set __ASSUME_PROT_GROWSUPDOWN. This flag causes backward-compatibility code necessary for 2.4.x (including 2.4.28-gentoo-r5) to be skipped (#ifdef-ed out). This leads to error on mprotecting stack when libcrytpo from openssl is linked to openssh. As can be seen in glibc-2.3.3/sysdeps/unix/sysv/linux/dl-execstack.c, mprotect is called which MMAP_GROWSDOWN, which is not permited in 2.4 and -EINVAL is returned. Backward compatibility code can detect this and work around, without it error is fatal. Reproducible: Always Steps to Reproduce: My way: 1. use kernel 2.6+ to bootstrap and system 2. return to 2.4 for syslog-ng and company 3. try to run ssh Normal way: 1. emerge glibc with 2.6+ 2. run ssh with 2.4 Actual Results: ssh (in fact, ld-linux.so.2) complain about "can't set executable stack" (not exact wording) and is aborted Expected Results: ssh should load normally and complain about missing options :-) (ie. display usage). Expected behaviour: I think this backward-compatibility code do no harm in 2.6, so I think it could be compilled everytime. If not, users should have option (USE flag ?) to set this and should be warned early enough that they can expect random aplication don't work in 2.4 without 2.4 compatibility combination. Gentoo Base System version 1.4.16 Portage 2.0.51-r15 (default-linux/x86/2004.3, gcc-3.3.4, glibc-2.3.4.20040808-r1, 2.6.0 i686) ================================================================= System uname: 2.6.0 i686 Celeron (Coppermine) Python: dev-lang/python-2.3.4 [2.3.4 (#1, Mar 30 2005, 09:30:07)] distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] dev-lang/python: 2.3.4 sys-devel/autoconf: 2.59-r5 sys-devel/automake: 1.8.5-r1 sys-devel/binutils: 2.15.90.0.1.1-r3 sys-devel/libtool: 1.5.2-r7 virtual/os-headers: 2.6.8.1-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=i686 -mcpu=pentium2 -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr /share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -mcpu=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distcc distlocks sandbox sfperms" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 3dnow 3dnowex X Xaw3d aalib alsa apache2 apm arts avi berkdb bitmap-fonts caps cdr crypt cups curl dga directfb doc dvd encode esd f77 fbcon flac font-server fooma ticdb fortran gd gdbm ggi gif gpm gtk gtk2 imagemagick imlib innodb ipv6 jpeg lcms lesstif libcaca libg++ libwww lirc mad mailwrapper mbox mcal memlimit mikmod mmx mmx2 mng motif mozilla mpeg multislot mysql ncurses nls oggvorbis opengl oss pam pcmcia pdflib perl png python qt quicktime readline samba sdl slang snmp spell sqlite sse ssl svga tcpd tetex theora tiff truetype truetype-fonts type1-fonts unicode usb v4l v4l2 vhosts videos wmf xml xml2 xmms xosd xv xvid zlib" Unset: ASFLAGS, CBUILD, CTARGET, LDFLAGS
Weird is, glibc have such option (--enable-kernel) and it seems it's not used so all compatibility options should be compiled ... maybee it is specific to bootstrap, specific to fact I installed 2.6.x linux headers (I don't see reason to download prehistoric 2.4.21 instead) or something other ... shame I didn't enable portage log before emerging glibc ...
I must apologize, my analysis was wrong. Backward-compatibility code IS compiled in, but don't work. I try another analysis ...
Problem is in kernel 2.4.18, which return EFAULT (not handled) like 2.4.16, while 2.4.20, 2.4.23, 2.4.29, 2.4.28-gentoo-r5 return ENOMEM (handled). (Change is in patch-2.4.19). I didn't test it under all these kernels, only 2.4.18 (don't work) and 2.4.23 (work), but code seems clear.
sounds good