Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 459784

Summary: sys-libs/pam forces pie builds for all programs
Product: Gentoo Linux Reporter: Agostino Sarubbo <ago>
Component: Current packagesAssignee: PAM Gentoo Team (OBSOLETE) <pam-bugs+disabled>
Status: RESOLVED FIXED    
Severity: normal CC: sh+disabled
Priority: Normal    
Version: unspecified   
Hardware: sh   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=336641
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: build log

Description Agostino Sarubbo gentoo-dev 2013-02-28 20:17:11 UTC 
* QA Notice: The following files contain runtime text relocations
 *  Text relocations force the dynamic linker to perform extra
 *  work at startup, waste system resources, and may pose a security
 *  risk.  On some architectures, the code may not even function
 *  properly, if at all.
 *  For more information, see http://hardened.gentoo.org/pic-fix-guide.xml
 *  Please include the following list of files in your report:
 * TEXTREL lib/security/pam_filter/upperLOWER
 * TEXTREL sbin/unix_update
 * TEXTREL sbin/pam_timestamp_check
 * TEXTREL sbin/unix_chkpwd
 * QA Notice: Package triggers severe warnings which indicate that it
 *            may exhibit random runtime failures.
 * misc_conv.c:213:13: warning: the address of 'line' will always evaluate as 'true' [-Waddress]
 * misc_conv.c:325:6: warning: the address of 'binary_prompt' will always evaluate as 'true' [-Waddress]
 * Please do not file a Gentoo bug and instead report the above QA
 * issues directly to the upstream developers of this software.
 * Homepage: https://fedorahosted.org/linux-pam/


Portage 2.1.11.50 (default/linux/sh/13.0, gcc-4.6.3, glibc-2.11.3, 2.6.30.9 sh4)
=================================================================
System uname: Linux-2.6.30.9-sh4-SH7751R-with-gentoo-2.1
KiB Mem:       60920 total,      9468 free
KiB Swap:     999928 total,    989920 free
Timestamp of tree: Sat, 23 Feb 2013 09:00:01 +0000
ld GNU ld (GNU Binutils) 2.22
ccache version 3.1.9 [disabled]
app-shells/bash:          4.2_p37
dev-lang/python:          2.7.3-r2, 3.2.3
dev-util/ccache:          3.1.9
dev-util/cmake:           2.8.9
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.1-r1
sys-apps/openrc:          0.11.8
sys-apps/sandbox:         2.5
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.11.6
sys-devel/binutils:       2.22-r1
sys-devel/gcc:            4.5.3-r1, 4.6.3
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.6 (virtual/os-headers)
sys-libs/glibc:           2.11.3
Repositories: gentoo
ACCEPT_KEYWORDS="sh"
ACCEPT_LICENSE="*"
CBUILD="sh4-unknown-linux-gnu"
CFLAGS="-O2 -m4 -pipe"
CHOST="sh4-unknown-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -m4 -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps y --keep-going y -1 --quiet-fail y"
FCFLAGS="-O2"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch protect-owned sandbox sfperms split-log strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
FFLAGS="-O2"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acl berkdb bzip2 cli cracklib crypt cxx fortran gdbm gpm iconv ipv6 modules mudflap ncurses nls nossp nptl openmp pam pcre readline session sh ssl tcpd unicode zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" PHP_TARGETS="php5-3 php5-4" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="dummy fbdev v4l"
USE_PYTHON="2.7 3.2"
Comment 1 Agostino Sarubbo gentoo-dev 2013-02-28 20:28:05 UTC 
Created attachment 340566 [details]
build log
Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev 2013-03-01 06:40:13 UTC 
Mike does SH support PIE? HPPA seems like they don't and we disable it as is ...
Comment 3 Diego Elio Pettenò (RETIRED) gentoo-dev 2013-03-01 06:40:34 UTC 
Otherwise I guess I could just disable pie support from PAM and just leave it to Hardened..
Comment 4 SpanKY gentoo-dev 2013-03-03 06:59:17 UTC 
(In reply to comment #2)

SuperH somewhat supports PIE.  its apps will run link/load/run fine, but there are textrels in the init code -- see bug 336641

imo, if the program isn't set*id, there's no reason to force PIE for non-hardened system.  i can't see any of these pam utils falling into that category.
Comment 5 SpanKY gentoo-dev 2015-05-17 03:17:31 UTC 
should be all set now in the tree; thanks for the report!

Commit message: Respect USE=pie
http://sources.gentoo.org/sys-libs/pam/pam-1.1.8-r3.ebuild?rev=1.1