Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 109824

Summary: konsole won't start due to stack smashing attack on hardened ppc
Product: Gentoo Linux Reporter: nixnut (RETIRED) <nixnut>
Component: Current packagesAssignee: Gentoo KDE team <kde>
Status: RESOLVED NEEDINFO    
Severity: normal CC: hardened, kurt.hindenburg
Priority: High    
Version: unspecified   
Hardware: PPC   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 86857    
Bug Blocks:    

Description nixnut (RETIRED) gentoo-dev 2005-10-19 08:50:31 UTC 
konsole won't start on kde-3.4.1 here. After trying to start from an xterm I get
the following:

nixnut@clueless ~ $ konsole
konsole: stack smashing attack in function void Konsole::makeBasicGUI()()
Aborted
nixnut@clueless ~ $ konsole -v
Qt: 3.3.4
KDE: 3.4.1
Konsole: 1.5.1


Reproducible: Always
Steps to Reproduce:
1. start kde
2. open an xterm
3. type konsole and press enter
4. error message

Actual Results:  
konsole does not start

Expected Results:  
konsole runs without trying to smash stacks

clueless ~ # emerge info
Portage 2.0.51.22-r3 (default-linux/ppc/2005.0, gcc-3.4.4, glibc-2.3.5-r2,
2.6.12-gentoo-r6 ppc)
=================================================================
System uname: 2.6.12-gentoo-r6 ppc 7447A, altivec supported
Gentoo Base System version 1.6.13
dev-lang/python:     2.3.5-r2, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.15.90.0.3-r5
sys-devel/libtool:   1.5.18-r1
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="ppc"
AUTOCLEAN="yes"
CBUILD="powerpc-unknown-linux-gnu"
CFLAGS="-O2 -mtune=G4 -maltivec -mabi=altivec -fno-strict-aliasing -pipe"
CHOST="powerpc-unknown-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env
/usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env
/usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config
/var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -mtune=G4 -maltivec -mabi=altivec -fno-strict-aliasing -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict userpriv usersandbox"
GENTOO_MIRRORS="http://ftp.snt.utwente.nl/pub/os/linux/gentoo                  
http://gentoo.osuosl.org/ "
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="ppc X alsa altivec berkdb bitmap-fonts crypt cups curl dlloader dvd dvdread
eds emboss esd fam fortran gdbm gif gnome gpm gstreamer gtk gtk2 hardened imlib
ipv6 jack java jpeg junit kde libwww mad motif mozilla mp3 mpeg mysql ncurses
network nls nptl nptlonly ogg oggvorbis opengl pam pdflib perl png postgres
python qt readline slang spell sqlite ssl tcpd tiff truetype truetype-fonts
type1-fonts unicode vorbis xml xml2 xv zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS
Comment 1 nixnut (RETIRED) gentoo-dev 2005-12-08 10:32:01 UTC 
same problem with konsole-3.5.0  
Qt: 3.3.4 
KDE: 3.5.0 
Konsole: 1.6
Comment 2 Kurt Hindenburg 2005-12-25 00:12:52 UTC 
I'm the maintainer of Konsole... I don't use Gentoo's KDE ebuilds since I have the SVN source trees.

1. Is this PPC only?  I have only i386 systems.
2. Can this be reproduced on a non-hardened system easily?  What would I need to recompile?

Thread model: posix
gcc version 3.4.4 (Gentoo 3.4.4-r1, ssp-3.4.4-1.0, pie-8.7.8)
Comment 3 Kevin F. Quinn (RETIRED) gentoo-dev 2005-12-25 02:59:55 UTC 
re: 1: Konsole is built here with SSP on x86 no problem

re. 2: If you have access to a non-hardened ppc system you can try:

CFLAGS="-fstack-protector-all" emerge konsole

All the hardened compiler does w.r.t. ssp is to switch on -fstack-protector-all by default (in most situations). The only  thing you'll be missing is the support libraries (libstdc++ etc) which are built with the stack protector when gcc is built USE=hardened.
Comment 4 Carsten Lohrke (RETIRED) gentoo-dev 2006-04-29 10:48:16 UTC 
nixnut, is this still an issue for you? If so, provide information, please.
Comment 5 nixnut (RETIRED) gentoo-dev 2006-04-29 13:50:44 UTC 
Ok, seems this too is a problem with a clashing -fno-strict-aliasing and ssp as described in bug 86857. Although solar mentions pie the problem seems more an ssp <-> -fno-strict-aliasing problem.

If I compile konsole with ssp and -fno-strict-aliasing I will get the stack smashing error. Compiling with either the nossp gcc profile or filtering -fno-strict-aliasing will get me a functional konsole. Same with kontact.

I haven't tested this with some of other kde packages (konqueror, kghostview, kstars and others) that seem to fall victim to the same problem, but it looks like ssp and -fno-strict-aliasing on ppc seem to not like each other.

If you want more info please tell me what you need and how I can produce that info for you.