Summary: | i486-gentoo-linux-uclibc SSP build segfaults | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Gordon Schumacher <gordons> |
Component: | [OLD] Development | Assignee: | The Gentoo Linux Hardened Team <hardened> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | bertrand, zorry |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Gordon Schumacher
2009-04-24 14:14:15 UTC
Er, sorry... couldn't remember which issue I was tracking. I'm building the cross-gdb to tackle a different issue; I will be building a *native* gdb to chase this one :) Hardened, this looks like your alley. jasmin / # gcc -Os -fstack-protector-all gcctest.c -o gcctest jasmin / # ./gcctest 0: ./gcctest jasmin / # ./gcctest foo 0: ./gcctest 1: foo jasmin / # jasmin / # emerge --info Portage 2.1.6.13 (uclibc/x86, gcc-4.4.1, uclibc-0.9.30.1-r1, 2.6.28-gentoo-r3 i686) Added the patch gcc4-stack-protector-uclibc-no_tls.patch to GCC from #149292 It segfaulted before the patch. (In reply to Magnus Granberg from comment #3) > jasmin / # gcc -Os -fstack-protector-all gcctest.c -o gcctest > jasmin / # ./gcctest > 0: ./gcctest > jasmin / # ./gcctest foo > 0: ./gcctest > 1: foo > jasmin / # > jasmin / # emerge --info > Portage 2.1.6.13 (uclibc/x86, gcc-4.4.1, uclibc-0.9.30.1-r1, > 2.6.28-gentoo-r3 i686) > Added the patch gcc4-stack-protector-uclibc-no_tls.patch to GCC from #149292 > It segfaulted before the patch. I can't speak directly to this bug, but as far as uclibc-0.9.33.2, if you enable tls and nptl, then you shouldn't have any problems with hardening. All the hardened stages on the mirrors under /experimental/<arch>/uclibc are configured this way and they "just work". I'm really not sure how to deal with this except to say, if you want hardening then you need the following in your uclibc config. Since uclibc is configurable, unlike glibc, you must expect that if some needed feature is missing, then you get breakage. # HAS_NO_THREADS is not set # LINUXTHREADS_OLD is not set # LINUXTHREADS_NEW is not set UCLIBC_HAS_THREADS_NATIVE=y UCLIBC_HAS_THREADS=y UCLIBC_HAS_TLS=y PTHREADS_DEBUG_SUPPORT=y Finally, I really don't want the gcc4-stack-protector-uclibc-no_tls.patch back because that's just hacky stuff and we can now do it properly. I'd close obsolete. As per discussion in IRC, this one is done. Perhaps the best approach here is as in bug #470608 where we should stub stack_guard. *** This bug has been marked as a duplicate of bug 470608 *** |