Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 898328 - x11-misc/xscreensaver-6.05-r2 has implicit function declarations in configure logs (HARDENED-SYSTEM)
Summary: x11-misc/xscreensaver-6.05-r2 has implicit function declarations in configure...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Pascal Jäger
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 906027
  Show dependency tree
 
Reported: 2023-02-28 11:23 UTC by Agostino Sarubbo
Modified: 2023-09-05 13:51 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
build.log (build.log,929.58 KB, text/plain)
2023-02-28 11:23 UTC, Agostino Sarubbo
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2023-02-28 11:23:35 UTC
https://blogs.gentoo.org/ago/2020/07/04/gentoo-tinderbox/

Issue: x11-misc/xscreensaver-6.05-r2 has implicit function declarations in configure logs (HARDENED-SYSTEM).
Discovered on: amd64 (internal ref: hardened_tinderbox)

NOTE:
(HARDENED-SYSTEM) in the summary means that the bug was found on a machine that runs an hardened profile with -D_FORTIFY_SOURCE=3 and -D_GLIBCXX_ASSERTIONS (https://www.gentoo.org/support/news-items/2023-01-01-hardening-fortify-assertions.html) but this bug MAY or MAY NOT BE related to the changes related to hardened.
Comment 1 Agostino Sarubbo gentoo-dev 2023-02-28 11:23:38 UTC
Created attachment 855152 [details]
build.log

build log and emerge --info
Comment 2 Pascal Jäger 2023-02-28 21:56:22 UTC
This is mostly a note to me, as I will ask about this in IRC later. 

This test in configure.ac is causing this implicit function declaration

###############################################################################
#
#       Check for OpenBSD-style shadow passwords.
#       It's getpwnam_shadow instead of getpwnam, and it only works as root.
#
###############################################################################

if test "$with_shadow" = yes ; then
  AC_CACHE_CHECK([for OpenBSD-style shadow passwords], ac_cv_pwnam_shadow,
                 [AC_TRY_X_COMPILE([#include <stdlib.h>
                                    #include <unistd.h>
                                    #include <sys/types.h>
                                    #include <pwd.h>],
                      [struct spwd *p = getspnam_shadow("nobody");
                       const char *pw = p->pw_passwd;],
                      [ac_cv_pwnam_shadow=yes],
                      [ac_cv_pwnam_shadow=no])])
  if test "$ac_cv_pwnam_shadow" = yes; then
    have_pwnam_shadow=yes

    # If we also have PAM, assume that we don't need to be setuid.
    if test $have_pam != yes; then
      setuid_auth=yes
    fi
  fi
fi


This is composing a code snippet with the function getspnam_shadow in it. Then it checks if this compiles, if so, system has it, if not system does not. 
The relevance for Gentoo is questionable but anyway. 
config.log says exactly this:

conftest.c:74:18: error: implicit declaration of function 'getpwnam_shadow' [-Werror=implicit-function-declaration]
   74 | struct spwd *p = getpwnam_shadow("nobody");
      |                  ^~~~~~~~~~~~~~~

Shouldn't this be ok then?
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-02-28 22:00:11 UTC
Looks like we can set QA_CONFIG_IMPL_DECL_SKIP=( getpwnam_shadow ) in the ebuild  if it's an OpenBSD-only thing (or similar).
Comment 4 Pascal Jäger 2023-03-01 07:46:52 UTC
(In reply to Sam James from comment #3)
> Looks like we can set QA_CONFIG_IMPL_DECL_SKIP=( getpwnam_shadow ) in the
> ebuild  if it's an OpenBSD-only thing (or similar).

Weird thing is, this is checking for 'getspnam_shadow("nobody")', yet it seems there is no such thing. 

For Linux there is getspnam (get Shadow Password Name) analog to getpwnam() for non shadow. 
And for Open BSD the equivalent seems to be getpwnam_shadow() (https://man.openbsd.org/getpwnam_shadow) and getpwnam() but no getspnam_shadow().

I am not familiar with OpenBSD at all, but this seems to be a bug. In the comment it is even talking about getpwnam_shadow, yet it is checking for getspnam_shadow.
Comment 5 Pascal Jäger 2023-09-05 13:51:29 UTC
This was fixed in 6.06 already