Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 280041

Summary: net-analyzer/ntop segfaults when compiled using =sys-devel/gcc-3.4.6-r2
Product: Gentoo Linux Reporter: Christian Ruppert (idl0r) <idl0r>
Component: HardenedAssignee: The Gentoo Linux Hardened Team <hardened>
Status: RESOLVED FIXED    
Severity: normal CC: mrness, tommy, zorry
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Christian Ruppert (idl0r) gentoo-dev 2009-08-02 13:25:42 UTC 
Hey guys,

ntop is not running if built with hardened gcc-3.4.6-r2.

Steps to reproduce:
1. emerge ntop
2. Start ntop
3. Go through the webinterface an click on 'Admin->Configure->Startup Options'.

Result: ntop will segfault:
device eth0 entered promiscuous mode
ntop[22314] trap stack segment ip:757dd9c630ef sp:757dd2c08e10 error:0
grsec: From 10.8.6.6: signal 7 sent to /usr/bin/ntop[ntop:22314] uid/euid:104/104 gid/egid:1022/1022, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
device eth0 left promiscuous mode

Tommy[D] confirmed that ntop is working fine with hardened gcc-4.x.
Zorry confirmed that ntop is _not_ working with hardened gcc-3.x.

Even no luck with 3.4.6-vanilla specs.

emerge --info
Portage 2.1.6.13 (hardened/amd64/multilib, gcc-3.4.6-asneeded, glibc-2.9_p20081201-r2, 2.6.28-hardened-r9 x86_64)
=================================================================
System uname: Linux-2.6.28-hardened-r9-x86_64-Intel-R-_Core-TM-_i7_CPU_920_@_2.67GHz-with-gentoo-2.0.1
Timestamp of tree: Sun, 02 Aug 2009 12:20:02 +0000
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p39
dev-lang/python:     2.5.4-r3, 2.6.2-r1
dev-python/pycrypto: 2.0.1-r8
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.4.3-r3
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.63-r1
sys-devel/automake:  1.7.9-r1, 1.9.6-r2, 1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=nocona -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=nocona -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps y"
FEATURES="autoconfig ccache collision-protect distlocks fakeroot fixpackages parallel-fetch preserve-libs protect-owned sandbox sfperms strict stricter suidctl unmerge-orphans userfetch userpriv usersandbox usersync"
GENTOO_MIRRORS="http://gentoo.mneisen.org/ http://mirror.jamit.de/gentoo/ http://mirror.netcologne.de/gentoo/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo"
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,now -Wl,--sort-common"
MAKEOPTS="-j8"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="X509 acl amd64 audit bash-completion bcmath berkdb bzip2 caps cgi checkpath clamdtop cli cracklib crypt cscope ctype ctypes-python curl curlwrappers cxx dnsdb exif exiscan-acl filter fontconfig ftp gcrypt gd gdbm geoip gmp gnutls gpgme hardened hash hpn iconv idn imap iproute2 jabber jpeg justify kpoll libgcrypt libssh2 lm_sensors lzma lzo maildir mhash mktemp mmx mode-paranoid multilib mysql mysqli nagios-dns nagios-ntp nagios-ping nagios-ssh ncurses network-cron nptl nptlonly openmp opensslcrypt pam pcntl pcre perl pic plugins png posix pth python readline reflection rrdcgi sasl sensord session sha512 sieve simplexml smime smp sockets spl sqlite sqlite3 sse sse2 ssh ssl ssse3 suexec svg syslog sysvipc threads threadsafe tokenizer truetype unicode urandom vim-syntax web webdav-serf xattr xml xmlreader xmlrpc xmlwriter xsl zip zlib zsh-completion" APACHE2_MODULES="asis actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif so speling status unique_id userdir usertrack vhost_alias substitute proxy proxy_connect proxy_http" APACHE2_MPMS="worker" ELIBC="glibc" KERNEL="linux" USERLAND="GNU"
Unset:  CPPFLAGS, CTARGET, FFLAGS, INSTALL_MASK, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Christian Ruppert (idl0r) gentoo-dev 2009-09-26 23:07:35 UTC 
Seems to work now with glibc-2.9_p20081201-r4 and gcc-4.3.4-r1 from hardened-dev overlay.
Comment 2 Magnus Granberg gentoo-dev 2010-10-28 15:42:30 UTC 
Reopen if it still fails with gcc-4.4.4-r2