Summary: | www-client/mozilla-firefox-1.5 - stack smashing attack in function _cairo_stroker_join() | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | a_tevelev |
Component: | Current packages | Assignee: | The Gentoo Linux Hardened Team <hardened> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | cardoe, compnerd, f.nijdam, hardened |
Priority: | High | ||
Version: | 2006.0 | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 135265 | ||
Attachments: |
emerge --info
Got the same for rufus, and also some other situations emerge cairo > emcairo.txt |
Description
a_tevelev
2006-09-03 09:53:35 UTC
Created attachment 95855 [details]
emerge --info
*** Bug 146162 has been marked as a duplicate of this bug. *** The same problem is observed and when CFLAGS are set only to "CFLAGS="-march=athlon64 -O2 -pipe". The problem appears to be specific not to Firefox but to x11-libs/cairo - see bug #146162: http://bugs.gentoo.org/show_bug.cgi?id=146162 Exactly the same problem is observed when using rox-base/rox. Created attachment 103642 [details]
Got the same for rufus, and also some other situations
python: stack smashing attack in function _cairo_stroker_join()
/usr/bin/rufus: line 22: 885 Aborted python -OO /usr/share/rufus/rufus.py
[ebuild R ] x11-libs/cairo-1.2.4
Comment on attachment 103642 [details]
Got the same for rufus, and also some other situations
[ebuild R ] x11-libs/cairo-1.2.4
>x11-libs/cairo-1.0.2-r1
<x11-libs/cairo-1.0.2-r1
Stayed for a while on 1.0.2-r1, because of gdm session abends when using session selection. That problem is still not solved.
Been a bit busy... But I thought I remember this issue being fixed in cairo-1.2.6? Care to give it a whirl? I'll look into it on Monday. Thank, I unmasked 1.2.6 and x11-libs/cairo Available versions: 1.0.2 1.0.2-r1[1] 1.0.4 1.0.4-r1 ~1.2.2 1.2.4 1.2.6 Installed: 1.2.6 Also revdep-rebuild, without inconsistencies. Problem is still there python: stack smashing attack in function _cairo_stroker_join() /usr/bin/rufus: line 22: 5883 Aborted python -OO /usr/share/rufus/rufus.py and also, GDM still crashes when selecting a language or session or ... I noticed the -debug but where will the output go. Maybe I've to do some homework, cathed gdm :0.log X Window System Version 7.1.1 Release Date: 12 May 2006 X Protocol Version 11, Revision 0, Release 7.1.1 Build Operating System: Linux 2.6.17-gentoo-r82006sep x86_64 Current Operating System: Linux KAST64 2.6.17-gentoo-r82006okt #10 PREEMPT Tue Nov 21 22:56:32 CET 2006 x86_64 Build Date: 16 October 2006 Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. Module Loader present Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (==) Log file: "/var/log/Xorg.0.log", Time: Mon Dec 11 12:55:06 2006 (==) Using config file: "/etc/X11/xorg.conf" xkb_keycodes { include "xfree86+aliases(qwerty)" }; xkb_types { include "complete" }; xkb_compatibility { include "complete" }; xkb_symbols { include "pc(pc105)+us" }; xkb_geometry { include "pc(pc105)" }; FreeType: couldn't open face /usr/share/fonts/TTF/luximr.ttf: 1 xkb_types { include "%" }; xkb_compatibility { include "%" }; xkb_symbols { include "%" }; xkb_geometry { include "%" }; The XKEYBOARD keymap compiler (xkbcomp) reports: > Error: Missing KeyNames section in a Keymap file > Description of Keymap not compiled Errors from xkbcomp are not fatal to the X server (EE) Error loading keymap /usr/share/X11/xkb/compiled/server-0.xkm xkb_keycodes { include "xfree86+aliases(qwerty)" }; xkb_types { include "complete" }; xkb_compatibility { include "complete" }; xkb_symbols { include "pc(pc105)+us" }; xkb_geometry { include "pc(pc105)" }; This 1.2.6 cairo is worse xsane: stack smashing attack in function _cairo_stroker_join() How can I help you to test it. I'm guessing that these are all caused by bugs in gcc-3+SSP. I'm hoping these problems will go away with gcc-4.1, which has completely re-written SSP support. For the moment, switch to the hardenednossp compiler and rebuild cairo with that (switch back afterwards). Doug - in the ebuild for cairo you could just 'filter-flags -fstack-protector' for now, and we'll revisit once >gcc-4.1 is available and stable for hardened users. Created attachment 103870 [details]
emerge cairo > emcairo.txt
Well, nice to learn these things (as a mainframe sysprog), I'm sure there must be something missing.
source /etc/profile
gcc-config -l
[1] i686-pc-linux-gnu-3.4.6 *
[2] i686-pc-linux-gnu-3.4.6-hardened
[3] i686-pc-linux-gnu-3.4.6-hardenednopie
[4] i686-pc-linux-gnu-3.4.6-hardenednopiessp
[5] i686-pc-linux-gnu-3.4.6-hardenednossp
[6] x86_64-pc-linux-gnu-3.4.6
[7] x86_64-pc-linux-gnu-3.4.6-hardenednopie
[8] x86_64-pc-linux-gnu-3.4.6-hardenednopiessp
[9] x86_64-pc-linux-gnu-3.4.6-hardenednossp *
[10] x86_64-pc-linux-gnu-3.4.6-vanilla
[11] x86_64-pc-linux-gnu-4.1.1
gcc -v
Reading specs from /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/specs
Reading specs from /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/hardenednossp.specs
Configured with: /var/tmp/portage/gcc-3.4.6-r1/work/gcc-3.4.6/configure --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/3.4.6 --includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/3.4.6 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/3.4.6/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/3.4.6/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/include/g++-v3 --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --disable-altivec --enable-nls --without-included-gettext --with-system-zlib --disable-checking --disable-werror --disable-libunwind-exceptions --enable-multilib --disable-libgcj --enable-languages=c,c++,f77 --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu
Thread model: posix
gcc version 3.4.6 (Gentoo Hardened 3.4.6-r1, ssp-3.4.5-1.0, pie-8.7.9)
But it still crashes.
Greetings Fred
Hi, a recompile with 4.1.1 (not hardened) at least makes cairo indeed run. Using built-in specs. Reading specs from /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/hardenednossp.specs Target: x86_64-pc-linux-gnu Configured with: /var/tmp/portage/gcc-4.1.1-r1/work/gcc-4.1.1/configure --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/4.1.1 --includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.1 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.1/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.1/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/include/g++-v4 --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --disable-altivec --enable-nls --without-included-gettext --with-system-zlib --disable-checking --disable-werror --disable-libunwind-exceptions --enable-multilib --disable-libmudflap --disable-libssp --disable-libgcj --enable-languages=c,c++,fortran --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu Thread model: posix gcc driver version 4.1.1 (Gentoo 4.1.1-r1) executing gcc version 3.4.6) Well looks like this issue is resolved for gcc 4.1. Not sure how hardened wants to proceed... re-assigning. Please test this with cairo 1.4.x to see if we need the filter-flags call there as well. (In reply to comment #14) > Well looks like this issue is resolved for gcc 4.1. Not sure how hardened wants > to proceed... re-assigning. > > Please test this with cairo 1.4.x to see if we need the filter-flags call there > as well. mozilla-firefox-2.0.0.9 is perfectly fine from my point of view, so I don't really see a reason. |