Summary: | Stack-smash in PyCrypto | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Noah K <coderanger> |
Component: | [OLD] Core system | Assignee: | Python Gentoo Team <python> |
Status: | RESOLVED CANTFIX | ||
Severity: | major | ||
Priority: | High | ||
Version: | 2006.0 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Noah K
2006-06-13 01:00:28 UTC
-fstack-protector in CFLAGS is beyond the scope of hardened and is simply unsupported as it can lead to miscompiles of many things. -O3 with fstack-protector is even more not supported and documented. python team: suggestion to mark this bug as INVALID, CANTFIX This problem is already referenced in the current ebuild, the protections just don't seem to actually work. If nothing else the package should just refuse to build to prevent people from getting into the chicken-and-egg situation described above. The protections in there are triggered if you're running a hardened compiler. You are not running a hardened compiler: you're passing an unsupported CFLAG instead. As solar says you will probably hit problems with more than just pycrypto if you do this. Recommend you switch to the supported way of stack smash protection (hardened compiler profile) and reopen this if it still fails with a supported compiler/CFLAGS combination. See also the hardened faq, specifically http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#hardenedcflags. |