Summary: | net-fs/openafs-1.4.7 (kaserver) is terminated by stack smashing detection | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Matthew J. Harmon <mjh+gentoo> |
Component: | Hardened | Assignee: | The Gentoo Linux Hardened Team <hardened> |
Status: | RESOLVED NEEDINFO | ||
Severity: | critical | CC: | byron, zorry |
Priority: | High | ||
Version: | 2008.0 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Matthew J. Harmon
2008-07-08 21:40:06 UTC
Hardend gcc 4.x.x is not in toolchain yet and it is masked. dos gcc 3.6.x work? (In reply to comment #1) > Hardend gcc 4.x.x is not in toolchain yet > and it is masked. > dos gcc 3.6.x work? gcc 3.6.x doesn't appear to exist in portage ( http://www.gentoo-portage.com/sys-devel/gcc ) but I recompiled with 3.4.6-r2 and had the same issues. Portage 2.2_rc1 (hardened/linux/amd64/2008.0, gcc-3.4.6, glibc-2.7-r2, 2.6.25-gentoo-r4 x86_64) CFLAGS="-O2 -pipe -fforce-addr -D_FORTIFY_SOURCE=2 -fstack-protector" However, we now know which function was terminated, initialize_database. *** stack smashing detected ***: kaserver - terminated kaserver: stack smashing attack in function initialize_database - terminated I also tried this with CFLAGS="-O2 -pipe" with the same results. (In reply to comment #2) > (In reply to comment #1) > > Hardend gcc 4.x.x is not in toolchain yet > > and it is masked. > > dos gcc 3.6.x work? > > gcc 3.6.x doesn't appear to exist in portage ( > http://www.gentoo-portage.com/sys-devel/gcc ) but I recompiled with 3.4.6-r2 > and had the same issues. Try getting rid of all optimization (-O0) and removing -fforce-addr from the CFLAGS. Also, glibc-2.7-r2 appears to be unstable (don't downgrade your system glibc, though!!). If you are willing, it might also be helpful to compile this package with debugging symbols (-g) and to try to run it with gdb. You can "attach" to a process with the gdb command "attach [pid]" Hope this helps! > > Portage 2.2_rc1 (hardened/linux/amd64/2008.0, gcc-3.4.6, glibc-2.7-r2, > 2.6.25-gentoo-r4 x86_64) > CFLAGS="-O2 -pipe -fforce-addr -D_FORTIFY_SOURCE=2 -fstack-protector" > > However, we now know which function was terminated, initialize_database. > > *** stack smashing detected ***: kaserver - terminated > kaserver: stack smashing attack in function initialize_database - terminated > > I also tried this with CFLAGS="-O2 -pipe" with the same results. > this is an old bug with old versions of tools. please refresh with at least: - glibc-2.11.x - gcc-4.4.x - openafs-1.4.12.x |