Summary: | Starting Firefox gives a "stack smashing attack" error | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | ketanrp |
Component: | Current packages | Assignee: | Alexander Gabert (RETIRED) <pappy> |
Status: | RESOLVED WORKSFORME | ||
Severity: | blocker | CC: | hardened |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
ketanrp
2004-03-03 06:21:41 UTC
Adding "filter-flags -fstack-protector" to the ebuild resolves the problem. fixes it for you but what about everyone else ? ;) filtering fstack protector fixes the problem? I see no fix here. I see a way to pretend that firefox might not have some fundamental problems in the first place. What I've noticed with fstack-protector thus far is there has never once been a runtime false positive. If a problem comes up with ssp it will be at compile time with inline assembly and mmx instructions, but runtime.. I think it probably is catching something valid here that's probably worth taking a closer look at. In what function does it die? What does the backtrace from the "core" look like? mozilla@g.o please don't filter this flag till we all know why it would/could cause problems in the first place. No worries, will keep the flag unfiltered until we find that out. good morning, please remove all optimization CFLAGS and recompile mozilla and mozilla firebird again to emerge a debugging version, use the command FEATURES="debug keeptemp keepwork" and CFLAGS="-g -ggdb" on the ebuild file directly to emerge the package only and remove all optimizer flags from /etc/make.conf:CFLAGS then run the firefox/mozilla binary from the command line with the following command: gdb --quiet --args ../path/to/mozilla/executable this will drop you into a gdb session where you can hit "run" to execute if this application is threaded, try compiling it statically to prevent the invokation of shared libraries executing thread code in parallel. when you hit the point, it will drop you into a traceback where the first command i want is: "where" the "where" command will show you exactly what the path of selfdestruction was thank you for your help, Alex when you are on a pax kernel you need to chpax the binary with -pemsrv to prevent random loading for debugging otherwise it will not be able to find the frame pointer and entry/starting point. also bear in mind that you must not compile fomit-frame-pointer to have a good copy of the executable for debugging thanks I haven't looked at the specifics of how ProPolice protects the stack, but when we built Mozilla using previous versions of StackGuard, we had to patch the stack-layout specific assembly language in mozilla/xpcom/reflect/xptcall/src/md/unix/xptcstubs_unixish_x86.cpp. Re: comment #7 Jesse, interesting.. Could you please locate the xptcstubs_unixish_x86.patch and give it a try with ssp? after typing my search string in the Quick Search bar firefox crashes. I opened it from a terminal window and tried it again and got the following error: Code: $ firefox firefox-bin: stack smashing attack in function virtual nsresult nsHTMLInputElement::HandleDOMEvent(nsIPresContext*, nsEvent*, nsIDOMEvent**, unsigned int, nsEventStatus*)/usr/lib/MozillaFirefox/run-mozilla.sh: line 451: 19021 Aborted "$prog" ${1+"$@"} /Code: every other thing seems to work fine and it does not crash when pressing enter on google after typing in a search string. i am not running hardened gentoo just a regular install on a laptop. gentoo-dev-sources-2.6.3-r1 do you have -fstack-protector in your CFLAGS? the reason i am asking is that we had occurrences with early SSP protections that when a library or executable is only partly compiled/protected with SSP, those errors might happen. i will have the chance to test firefox when i finished emerging my new test station with XFree if there is no update on this bug in the next week and my tests with firefox in a hardened chroot are successful, i gonna post a complete emerge info of my build environment and mark this bug WORKSFORME and remove the blocker status. Sincerely, Alex no comment on stale bug |