Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 123306

Summary: sys-devel/gdb-6.4 doesn't work with hardened toolchain
Product: Gentoo Linux Reporter: Peter Simons <simons>
Component: Current packagesAssignee: Gentoo Toolchain Maintainers <toolchain>
Status: RESOLVED WORKSFORME    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Peter Simons 2006-02-18 11:16:06 UTC 
I tried version 6.4 with gcc 3.4.4, 3.6.6, with SSP/PIE, without SSP/PIE, etc., but no version I emerged actually works:

peti:/tmp$ cat test.cpp 
int main(int, char**)
{
  return 0;
}
peti:/tmp$ g++ -g test.cpp 
peti:/tmp$ ./a.out 
peti:/tmp$ gdb ./a.out 
GNU gdb 6.4
Copyright 2005 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so.1".

(gdb) break main
Breakpoint 1 at 0x78c: file test.cpp, line 2.
(gdb) run
Starting program: /tmp/a.out 
Warning:
Cannot insert breakpoint 1.
Error accessing memory address 0x78c: Input/output error.

(gdb) quit
The program is running.  Exit anyway? (y or n) y

peti:/tmp$ emerge info
Portage 2.0.54 (hardened/x86/2.6, gcc-3.4.4, glibc-2.3.5-r2, 2.6.15-gentoo i686)
=================================================================
System uname: 2.6.15-gentoo i686 mobile AMD Duron(tm) 
Gentoo Base System version 1.6.14
ccache version 2.3 [enabled]
dev-lang/python:     2.3.5-r2, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-mtune=athlon-xp -O3 -fomit-frame-pointer -fforce-addr -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-mtune=athlon-xp -O3 -fomit-frame-pointer -fforce-addr -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache distlocks maketest sandbox sfperms strict test userpriv usersandbox"
GENTOO_MIRRORS="http://213.186.33.38/gentoo-distfiles/ http://gentoo.mirror.intouch.nl/gentoo/ http://212.219.56.152/sites/www.ibiblio.org/gentoo/ http://194.117.143.72"
MAKEOPTS="-j1"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X aac adns alsa audiofile bash-completion berkdb bitmap-fonts bonobo bzip2 caps cdparanoia cdr crypt curl dlloader doc dvd dvdread emacs encode erandom esd expat ffmpeg fortran gd gdbm gif glade glibc-omitfp glut gmp gnomecanvas graphviz gtk gtkhtml guile hardened idea idn imagemagick ipv6 jpeg latex lcms libwww mbox mmx mmxext mng mpeg ncurses normalizemime nptl nptlonly nsplugin objc opengl oss pam pam_chroot pam_console pam_timestamp perl pic png pwdb python qt readline real sse ssl tetex threads tiff truetype truetype-fonts type1-fonts udev unicode userlocales vim-with-x win32codecs x86 xine xml xml2 xv zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
Comment 1 Peter Simons 2006-02-18 11:17:16 UTC 
Um, you probably guessed it anyway, but I meant gcc 3.3.6 above, not 3.6.6.
Comment 2 Kevin F. Quinn (RETIRED) gentoo-dev 2006-02-18 13:51:59 UTC 
ok; two things:

1) you need to link with -nopie; hardened toolchain switches on PIE automatically, and the Gentoo gdb doesn't support PIEs.  You can compile with pie, but you need to do the final link -nopie:

g++ -c test.cpp
g++ -nopie test.o

one way to do this with ebuilds is to add '-nopie' to LDFLAGS temporarily:

LDFLAGS="-nopie" ebuild <peth-to-ebuild> compile

provided the ebuild honours LDFLAGS (which it should in the majority of cases).


2) If you're running a kernel with the PaX mprotect restrictions on, you'll need to relax the mprotect restrictions; i.e. do:

/sbin/paxctl -m a.out


Re-open if the above doesn't work for you.
Comment 3 Peter Simons 2006-02-19 09:16:45 UTC 
Thanks a lot for your response, Kevin. Adding -nopie at link-time did the trick. I had tried building gdb with PIE disabled, but it never occurred to me to do that with the application that is being debugged.

In the sake of other users who might run into the same problem: Maybe the gdb ebuild should print an "einfo" item after merging the debugger? That would have helped me.

Anyway, thanks again.