Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 338627

Summary: dev-util/cmake-2.8.1-r2 Assembler test has text relocation
Product: Gentoo Linux Reporter: Joshua Pettett <bugs.gentoo.devel>
Component: [OLD] KDEAssignee: Gentoo KDE team <kde>
Status: RESOLVED FIXED    
Severity: minor CC: hardened
Priority: High Keywords: InVCS
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: Ebuild patch to skip Assembler test on systems using PaX.
Generated from main.c on a hardened i686 system.

Description Joshua Pettett 2010-09-25 01:08:12 UTC 
I'm putting this in here in case someone else encounters this problem.  On PaX-hardened systems using FEATURES="-test", cmake-2.8.1-r2 fails to emerge due to a relocation in the Assembler test.  The inelegant, but easy solution is to simply skip the test.
Comment 1 Joshua Pettett 2010-09-25 01:11:07 UTC 
Created attachment 248574 [details, diff]
Ebuild patch to skip Assembler test on systems using PaX.
Comment 2 Anthony Basile gentoo-dev 2010-12-25 17:13:55 UTC 
I tested on amd64 and i686.  I only hit it on i686.  The patch works, but I'll try to clobber the TEXTREL rather than disable the test.
Comment 3 Anthony Basile gentoo-dev 2010-12-25 17:57:39 UTC 
Okay I found where the TEXTREL is being introduced.  Its not in /usr/bin/{cpack,cmake,ccmake,ctest}, its in HelloAsm created during the test.  After running the test its in

  /var/tmp/portage/dev-util/cmake-2.8.1-r2/work/cmake-2.8.1/Tests/Assembler

Running scanelf on it gives:

scanelf -qT HelloAsm 
  HelloAsm: (memory/data?) [0x6C6] in (optimized out: previous main) [0x6AC]
  HelloAsm: (memory/data?) [0x6CB] in (optimized out: previous main) [0x6AC]
  HelloAsm

Looking at the asm source in main-linux-x86-gas.s we see that it does "call	printf" to glibc.  That's where the TEXTREL is coming from (probably).  Running ./HelloAsm gets killed by pax with the following error message:

./HelloAsm: error while loading shared libraries: cannot make segment writable for relocation: Permission denied

with the following in dmesg:

[412166.544746] grsec: From 192.168.3.7: denied RWX mprotect of /var/tmp/portage/dev-util/cmake-2.8.1-r2/work/cmake-2.8.1/Tests/Assembler/HelloAsm by /var/tmp/portage/dev-util/cmake-2.8.1-r2/work/cmake-2.8.1/Tests/Assembler/HelloAsm[HelloAsm:32680] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:21642] uid/euid:0/0 gid/egid:0/0

We could fix this by not linking to glibc.  I'll bang something out and post.
Comment 4 Anthony Basile gentoo-dev 2010-12-25 18:40:11 UTC 
Slyfox had a good idea.  Just regenerate main-linux-x86-gas.s on a hardened system using gcc -S main.c -o main-linux-x86-gas.s, it'll get the PIC asm code right.  I'll attached the regenerated file for the record.

scarabeus: can you hack up the test to make sure main-linux-x86-gas.s is generated this way?
Comment 5 Anthony Basile gentoo-dev 2010-12-25 18:41:42 UTC 
Created attachment 258041 [details]
Generated from main.c on a hardened i686 system.
Comment 6 Tomáš Chvátal (RETIRED) gentoo-dev 2011-02-21 15:36:26 UTC 
Closing as fixed cause we fixed it localy and upstream plans to fix it in 2.8.5.