Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 50309

Summary: python doesn't work with -fstack-protector-all (smtplib)
Product: Gentoo Linux Reporter: Jens Gutzeit <jens>
Component: Current packagesAssignee: Python Gentoo Team <python>
Status: VERIFIED TEST-REQUEST    
Severity: critical CC: adam, askwar, hardened, mike, sam, sandino
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: python-2.3.4.ebuild.diff

Description Jens Gutzeit 2004-05-06 20:37:11 UTC
Python crashs with -fstack-protector-all compiled on making an 
instance of smtplib.

Please change filter-flags -malign-double to 
filter-flags -malign-double -fstack-protector-all

Reproducible: Always
Steps to Reproduce:
1. CFLAGS="-O3 -fstack-protector-all" emerge python
2. 
python
Python 2.3.3 (#1, May  7 2004, 05:28:30)
[GCC 3.3.3 20040412 (Gentoo Linux 3.3.3-r3, ssp-3.3-7, pie-8.5.3)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import smtplib
>>> server = smtplib.SMTP('localhost')

Actual Results:  
python: stack smashing attack in function fast_function() 
Segmentation fault 

Expected Results:  
creating an instance of smtplib that I can use to spam myself to death ;) 

Kernel is with grsec patch, PaX enabled. 
 
cat root # emerge info 
Portage 2.0.50-r6 (default-x86-1.4, gcc-3.3.3, glibc-2.3.3_pre20040420-r0, 
2.6.5-grsec) 
================================================================= 
System uname: 2.6.5-grsec i686 AMD Athlon(tm) prosussor 
Gentoo Base System version 1.4.10 
Autoconf: sys-devel/autoconf-2.59-r3 
Automake: sys-devel/automake-1.8.3 
ACCEPT_KEYWORDS="x86 ~x86" 
AUTOCLEAN="yes" 
CFLAGS="-O3" 
CHOST="i686-pc-linux-gnu" 
COMPILER="gcc3" 
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" 
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" 
CXXFLAGS="-O3" 
DISTDIR="/usr/portage/distfiles" 
FEATURES="autoaddcvs ccache sandbox" 
GENTOO_MIRRORS="http://ftp.easynet.nl/mirror/gentoo/ 
        ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo 
        ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ 
        http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ 
        http://ftp.uni-erlangen.de/pub/mirrors/gentoo" 
MAKEOPTS="-j2" 
PKGDIR="/usr/portage/packages" 
PORTAGE_TMPDIR="/var/tmp" 
PORTDIR="/usr/portage" 
PORTDIR_OVERLAY="/root/portage" 
SYNC="rsync://rsync.gentoo.org/gentoo-portage" 
USE="X509 acl apache2 berkdb crypt curl flash gd gdbm ipv6 jpeg ldap maildir 
mysql ncurses nls pdflib perl png python readline skey ssl tiff truetype x86 
xml2"
Comment 1 Nils Ohlmeier 2004-05-08 19:26:00 UTC
I can confirm that "-fstack-protector" compiler flag seems to hurt the python executable extremely.

I have my own python program which started to crash the python interpreter after i compiled python with "-fstack-protector". I tried some combinations, and finally the program is working fine again after recompiling python (2.3.3) without "-fstack-protector".

So it should be better to remove all stack-protector flags when compiling python to protect the users from itself. But because if someone is playing with these compiler flags he should know what he is doing, i would rate this bug minor :-)

For completeness:
Portage 2.0.50-r6 (default-x86-1.4, gcc-3.3.2, glibc-2.3.2-r9, 2.4.25-gentoo-r2)
=================================================================
System uname: 2.4.25-gentoo-r2 i686 AMD Athlon(TM) XP 1900+
Gentoo Base System version 1.4.10
distcc 2.13 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
Autoconf: sys-devel/autoconf-2.59-r3
Automake: sys-devel/automake-1.8.3
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-mcpu=athlon-xp -O3 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/3/share/config /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-mcpu=athlon-xp -O3 -pipe -fomit-frame-pointer"
DISTDIR="/alderan/distfiles"
FEATURES="autoaddcvs ccache distcc fixpackages sandbox"
GENTOO_MIRRORS="ftp://ftp.freenet.de/pub/ftp.snt.utwente.nl/pub/os/linux/gentoo http://ftp.easynet.nl/mirror/gentoo/ http://www.mirror.ac.uk/sites/www.ibiblio.org/gentoo/"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.ohlmeier.home/gentoo-portage"
USE="3dnow X X509 aalib acpi acpi4linux adns alsa arts artswrappersuid avi berkdb cdr crypt cscope cups dga directfb doc dvb dvd encode ethereal fbcon flash foomaticdb gdbm gif gimpprint gphoto2 gpm gstreamer gtk gtk2 guile hardened hbci idea imap imlib innodb irda java jpeg kde libg++ libwww lirc mad maildir matroska matrox mbox mikmod mmx motif mozilla mpeg mysql nas ncurses nls odbc ofx oggvorbis opengl oss pam pda pdflib perl pic png ppds python qt qtmt quicktime readline samba sasl scanner sdl skey slang slp speex spell sse ssl svga tcltk tcpd tetex theora tiff truetype usb v4l v4l2 wmf x86 xinerama xml xml2 xmms xv zlib"
Comment 2 Alastair Tse (RETIRED) gentoo-dev 2004-06-26 13:01:06 UTC
is the stack protector stuff managed by hardended? i don't have a pax enabled kernel so i can't reproduce. what negative affects are there for filtering this cflag?
Comment 3 solar (RETIRED) gentoo-dev 2004-06-26 14:16:23 UTC
Hey.... python works just fine with -fstack-protector and -fstack-protector-all 
Don't filter it! 

The problem is that function has an array that can be overflowed. 
Fix the python core code instead of filtering it.


Comment 4 Alastair Tse (RETIRED) gentoo-dev 2004-06-26 18:20:41 UTC
good, as long as someone knows whats going on here.  anyone with a patch?
Comment 5 Jon Hood (RETIRED) gentoo-dev 2004-08-07 16:46:23 UTC
*** Bug 59603 has been marked as a duplicate of this bug. ***
Comment 6 Jon Hood (RETIRED) gentoo-dev 2004-08-07 16:46:41 UTC
*** Bug 59604 has been marked as a duplicate of this bug. ***
Comment 7 solar (RETIRED) gentoo-dev 2004-08-07 17:17:49 UTC
The gentoo python herd/maintainer should take care of patching her/his 
package and/or make arrangements/get advice with/from upstream as/if needed.
Comment 8 Alastair Tse (RETIRED) gentoo-dev 2004-08-07 18:18:55 UTC
well, what are the requirements to reproduce this? i have no hardened stuff running at all, so i'm not even sure what it involves?

the closest thing i've seen is this openbsd bug where they use stack protector, but they seem to have figured it out?

http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=3622
Comment 9 Mike Nerone 2004-08-16 22:30:04 UTC
For whoever's still looking into this: I believe the simplest example of something pythonic that doesn't work with -fstack-protector* is "idle," the basic python development environment that comes with python (tcltk must be in USE, of course).

I am running no grsec, no pax, no hardened kernel. I don't know if this is going to be considered an upstream problem or not, but as it stands, even some things that come with python and are integral to it fail. IMHO, -fstack-protector should be filtered at least for the time-being.

# emerge info
Portage 2.0.50-r9 (default-x86-2004.2, gcc-3.3.3, glibc-2.3.3.20040420-r1, 2.6.8-gentoo)
=================================================================
System uname: 2.6.8-gentoo i686 Pentium III (Coppermine)
Gentoo Base System version 1.4.16
distcc 2.13 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
Autoconf: sys-devel/autoconf-2.59-r4
Automake: sys-devel/automake-1.8.3
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O3 -march=pentium3 -pipe -fomit-frame-pointer -fstack-protector"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O3 -march=pentium3 -pipe -fomit-frame-pointer -fstack-protector"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache distcc fixpackages sandbox"
GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo http://mirrors.tds.net/gentoo ftp://linux.thai.net/pub/mirrors/gentoo"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X aalib alsa apache2 apm avi crypt cups encode flash foomaticdb gd gnome gtk gtk2 imagemagick imap imlib jpeg lcms libg++ libwww mad mcal memlimit mikmod mmap mmx motif mozilla mpeg mysql ncurses nls nntp oggvorbis opengl pam pdflib perl png postgres ppds python quicktime readline samba sasl sdl slang slp spell sse ssl svga tcltk threads tiff truetype usb vhosts x86 xml xml2 xmms xv zlib"
Comment 10 solar (RETIRED) gentoo-dev 2004-08-17 03:20:29 UTC
Test box #1 

(solar@toucan:~)$ python
Python 2.3.3 (#1, May 15 2004, 21:11:00) 
[GCC 3.3.2 20031218 (Gentoo Linux 3.3.2-r5, propolice-3.3-7)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import smtplib;
>>> server = smtplib.SMTP("localhost");
>>> 

--------------------------------------------------------------
Test Box #2

echo 'import smtplib; server = smtplib.SMTP("smtp.gentoo.org");' | python - ; echo $?
0

Python 2.3.3 (#1, Jan 14 2004, 15:32:05) 
[GCC 3.3.2 20031218 (Gentoo Linux 3.3.2-r5, propolice-3.3-7)] on linux2
----------------------------------------------------------------------
Test Box #3

echo 'import smtplib; server = smtplib.SMTP("smtp.gentoo.org");' | python - ; echo $?
0

Python 2.3.4 (#1, Aug 17 2004, 05:55:33) 
[GCC 3.4.1 20040803 (Gentoo Hardened Linux 3.4.1-r2, ssp-3.4-2, pie-8.7.6.5)] on linux2
Type "help", "copyright", "credits" or "license" for more information.

-----------------------------------------------------------------------------
Test Box #4
echo 'import smtplib; server = smtplib.SMTP("smtp.gentoo.org");' | python - ; echo $?
0

Python 2.3.3 (#1, Apr 18 2004, 02:20:33) 
[GCC 3.3.3 20040217 (Gentoo PaX Linux 3.3.3-r1, ssp-3.3-7, pie-0.8.5.3)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> 

-----------------------------------------------------------------------------

I can't even reproduce this on the 4 boxes I've tested on. All of them use the 
hardened toolchain and or -fstack-protector{,-all} via CFLAGS.
Comment 11 solar (RETIRED) gentoo-dev 2004-08-17 03:47:50 UTC
I've talked with some others. It does seem that this might only happen when -O3 is in use. Testing
Comment 12 Adam Chodorowski 2004-08-17 03:59:59 UTC
Yes, I can confirm that. Just tried recompiling python with -O2 instead of -O3 (all other options the same), and the problem dissapears. So it seems it might be a bug in GCC. Either it's a problem of the stack protector patches, or the bug is already there and stack protector only makes it visible. 
Comment 13 solar (RETIRED) gentoo-dev 2004-08-17 04:19:42 UTC
Created attachment 37582 [details, diff]
python-2.3.4.ebuild.diff

Yep.. Just confirmed this only happens at O3

-------------------------------------------------------------------
echo 'import smtplib; server = smtplib.SMTP("localhost");' | python - ; echo $?

python: stack smashing attack in function call_function()
Aborted
134

Python 2.3.4 (#1, Aug 17 2004, 07:05:07) 
[GCC 3.3.3 20040412 (Gentoo Hardened Linux 3.3.3-r5, ssp-3.3-7, pie-8.7.5.3)]
on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> 

I'll attach a patch shortly for your testing pleasure.
Comment 14 Mike Nerone 2004-08-17 10:34:46 UTC
Confirmed for the "idle" case as well. The bug is only triggered with -O3. Note: Bug #54856 (an evms bug) appears to be the same bug (same behavior). Reassign to toolchain?
Comment 15 solar (RETIRED) gentoo-dev 2004-08-17 11:02:42 UTC
No need to reassign to toolchain@

The bug is with python, and python maintainer is given a chance to update 
his ebuild. If no objections or if Alastair is fine with it I can add the work 
around it to the ebuild.
Comment 16 Mike Nerone 2004-08-17 11:34:03 UTC
I don't understand why you consider this a python bug. It is triggered by a compiler optimization option and affects at least two completely different packages (python and evms - see comment #14). It seems to me that this is a compiler issue. Of course, I've now learned that using any optimizations higher than -O2 with ProPolice is not recommended anyway, apparently because it can optimize away some of the protection.
Comment 17 Alexander Gabert (RETIRED) gentoo-dev 2004-08-18 09:05:45 UTC
 15:57:09 [/space/chroots/chroot001:24976.pts-49.papillon]papillon ~
 # rm -rf /var/tmp/portage/python-2.3.*; FEATURES="debug nostrip keeptemp keepwork" ACCEPT_KEYWORDS="~x86" CFLAGS="-g -ggdb -O3" emerge -v python 2>&1 | tee /tmp/python.txt

 # cat /root/bug.py 
#!/usr/bin/python
import smtplib;
smtplib.SMTP("smtp.gentoo.org");

 15:59:38 [/space/chroots/chroot001:24976.pts-49.papillon]papillon ~
 # ./bug.py 
Killed

Aug 18 15:59:55 papillon PAX: execution attempt in: /usr/lib/libpython2.3.so.1.0, 2156c000-21664000 00000000
Aug 18 15:59:55 papillon PAX: terminating task: /usr/bin/python2.3(bug.py):5860, uid/euid: 0/0, PC: 21630b58, SP: 581e1a50
Aug 18 15:59:55 papillon PAX: bytes at PC: 8b 72 0c 89 72 08 8b 12 39 fa 75 f4 39 f9 89 ce 74 2a 8d 8b 
Aug 18 15:59:55 papillon PAX: bytes at SP: 215850f6 00000000 0000001a 2167fe00 215c068e 153e82ec 00000000 581e1918 21847000 153e82ec 21823060 21812824 215b851a 2167fe28 00000000 00000000 624a7f12 2165dda9 581e1ab8 2162a383 
Aug 18 15:59:55 papillon grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by /space/chroots/chroot001/root/bug.py[bug.py:5860] uid/euid:0/0 gid/egid:0/0, parent /space/chroots/chroot001/bin/bash[bash:29065] uid/euid:0/0 gid/egid:0/0

does not happen with -O2 or leaving out optimization.

-O3 seems to have more issues with python than you expected, and apparently my pax kernel stops the show way before your problems with SSP would make it bite the dust.

and no, i will not chpax and paxctl it, because i hate overoptimizing security- oriented technology.

And please, next time you try to embarrass devs with making them bounce bugs back and forth between teams: dont do it.

Test with -O2 and do not use -O3 and SSP together.

TIA;

Alex
Comment 18 Mike Nerone 2004-08-18 09:58:45 UTC
I still say that since the bug only occurs with -O3, as you've proven, it is an optimization issue, not a bug in python. If it is an unavoidable tradeoff due to overoptimization, then I can accept that. I wasn't attempting to embarrass anybody (unlike you). I merely wanted to have an opposing viewpoint explained to me.

As for not using -O3, I believe I said that in my previous comment.
Comment 19 Alexander Gabert (RETIRED) gentoo-dev 2004-08-18 10:01:04 UTC
other than that, the ebuild sucks hard.

 # rm -rf /var/tmp/portage/python-2.3.*; FEATURES="debug nostrip keeptemp keepwork" ACCEPT_KEYWORDS="~x86" CFLAGS="-O3" emerge -v python 2>&1 | tee /tmp/python.txt; python-updater; paxctl -pemrxs -v $(which python2.3); paxctl -pemrxs -v /usr/lib/libpython2.3.so.1.0

gives an other result as

 # rm -rf /var/tmp/portage/python-2.3.*; FEATURES="debug nostrip keeptemp keepwork" ACCEPT_KEYWORDS="~x86" CC="gcc -O3" emerge -v python 2>&1 | tee /tmp/python.txt; python-updater; paxctl -pemrxs -v $(which python2.3); paxctl -pemrxs -v /usr/lib/libpython2.3.so.1.0

You can try building python with CC="gcc -O3 -fstack-protector -fstack-protector-all" and see what it yields.



there is only one more thing i have to say: this would have not happened with a CFLAGS wrapper.

have a nice day!

Alex
Comment 20 solar (RETIRED) gentoo-dev 2004-08-19 11:00:28 UTC
Tested with a hardened toolchain (emits -fstack-protector-all by default)

Portage 2.0.51_pre18 (hardened/x86, gcc-3.4.1, glibc-2.3.4.20040619-r1, ...

CC="gcc -O3"
CFLAGS="-pipe -fforce-addr -fomit-frame-pointer"

Package works as pappy has described.

echo 'import smtplib; server = smtplib.SMTP("smtp.gentoo.org");' | python - ; echo $?
0
Comment 21 solar (RETIRED) gentoo-dev 2004-08-19 11:04:57 UTC
Again... this is a python and not a toolchain bug.
Comment 22 Adam Chodorowski 2004-08-19 11:15:26 UTC
solar, can you please motivate *why* you think this is not a toolchain issue but a python bug? 
Comment 23 solar (RETIRED) gentoo-dev 2004-08-19 11:26:31 UTC
1) I'm on the toolchain herd and I know when something is and is not a toolchain bug and who should handle said bugs for pkgs. I'm also aware of the fundamentals around ssp.
2) This problem only happens with python.
3) Forcing the -O3 logic via CC= (ie force it across the board for all compile object files) fixes the problem at hand.
Comment 24 Alastair Tse (RETIRED) gentoo-dev 2004-08-19 12:20:07 UTC
i'm fine with applying this to python, if no one else does it, i'll apply it. 

but it would be interesting to know which bit of code is triggering the -O3 problem, i still reckon its a toolchain bug, but I agree we should put a workaround in python for this.
Comment 25 Alexander Gabert (RETIRED) gentoo-dev 2004-08-19 14:41:52 UTC
in my opinion, rather than just adding a "bandaid", you should find out where the reason is.

i wrote a simple DEBUG wrapper for gcc-config that lists "malformed" CFLAGS when the gcc is run.

solar: please test and paste output here.

my chroots are out of order because i am preparing a new version of dev-util/devel-chroots

thanks in advance,

Alex
Comment 26 solar (RETIRED) gentoo-dev 2004-08-19 15:09:37 UTC
Well great that you wrote a wrapper but I'm not a mind reader I have nfc how to use your tool. How about you use it and paste the output here.
Comment 27 Alexander Gabert (RETIRED) gentoo-dev 2004-08-20 09:06:42 UTC
emerge -gK ./gcc-3.3.3-r6.tbz2
 # cat /tmp/build-python.sh 
#!/bin/bash

cd /root

CC="gcc -g3 -ggdb3" CFLAGS="-O3 -fstack-protector-all" ACCEPT_KEYWORDS="x86" FEATURES="keeptemp keepwork nostrip debug" emerge -v python 2>&1 | tee /tmp/python.txt

python-updater

ldconfig

this produces:

Python 2.3.3 (#1, Aug 20 2004, 12:42:50) 
[GCC 3.3.3 20040412 (Gentoo Linux 3.3.3-r6, ssp-3.3.2-2, pie-8.7.6)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> 

after running the test script, the output is okay # /tmp/bug.py; echo $?
0
 17:59:17 [/space/chroots/chroot001:2332.pts-4.papillon]papillon ~
 # cat /tmp/bug.py 
#!/usr/bin/python

## http://bugs.gentoo.org/show_bug.cgi?id=50309

import smtplib;
server = smtplib.SMTP("smtp.gentoo.org");

but after doing this: # cat /tmp/bug.py 
#!/usr/bin/python -i

## http://bugs.gentoo.org/show_bug.cgi?id=50309

import smtplib;
server = smtplib.SMTP("smtp.gentoo.org");

(remember the -i is interactive mode)

starting the script, attaching with gdb and exiting python, it gives the following results:

 18:00:03 [/space/chroots/chroot001:2332.pts-4.papillon]papillon ~
 # /tmp/bug.py 
>>> 

papillon root # gdb -q /space/chroots/chroot001/usr/bin/python2.3 $(ps axufwww | grep python | grep "bug.py" | awk '{ print $2 }')

Loaded symbols for /lib/libresolv.so.2
0x40141af8 in thread_self () at descr.h:260
260         return (pthread_descr)(((unsigned long)sp | (STACK_SIZE-1))+1) - 1;
(gdb) c
Continuing.

 # /tmp/bug.py 
>>> ((pressing CTRL-D))

the gdb says:

Program received signal SIGSEGV, Segmentation fault.
0x400db904 in eval_doc () from /usr/lib/libpython2.3.so.1.0
(gdb) where
#0  0x400db904 in eval_doc () from /usr/lib/libpython2.3.so.1.0
#1  0x40131d7c in ?? ()
#2  0x0804a258 in ?? ()
#3  0x0d409294 in ?? ()
#4  0x4012ae00 in ?? ()
#5  0x40016000 in ?? ()
#6  0x400217f6 in ?? () from /usr/lib/libpython2.3.so.1.0
(gdb) quit
The program is running.  Quit anyway (and detach it)? (y or n) y
Detaching from program: /space/chroots/chroot001/usr/bin/python2.3

Unfortunately i could not reproduce the SSP error, but maybe you can give me the information if the problem goes away if you would use gcc-3.3.3-r6.

thanks,

Alex
Comment 28 Alexander Gabert (RETIRED) gentoo-dev 2004-08-20 09:07:50 UTC
additionally, these last tests have been done on a nonPAX kernel (happens on pax kernel too though)

 18:04:16 [/space/chroots/chroot001:2332.pts-4.papillon]papillon ~
 # uname -a
Linux papillon 2.6.7 #1 Thu Aug 19 19:10:57 CEST 2004 i686 Mobile Intel(R) Pentium(R) 4 - M CPU 1.80GHz GenuineIntel GNU/Linux
Comment 29 solar (RETIRED) gentoo-dev 2004-08-22 12:09:33 UTC
The patch mitigates the problem while further investigation can be done by pappy and or others.
Comment 30 Alexander Gabert (RETIRED) gentoo-dev 2004-09-23 19:30:17 UTC
Alistair: please add this peace to all pythons "in the wild".

+	if is-flag -O3 ; then
+		is-flag -fstack-protector-all && replace-flags -O3 -O2
+		use hardened && replace-flags -O3 -O2

TIA, Alex (closing bug)
Comment 31 Alastair Tse (RETIRED) gentoo-dev 2004-09-24 03:49:55 UTC
committed for all 2.3* pythons, thanks alex!
Comment 32 solar (RETIRED) gentoo-dev 2005-02-20 07:23:57 UTC
I think this can be closed now.
Comment 33 Alastair Tse (RETIRED) gentoo-dev 2005-03-15 07:37:32 UTC
closing
Comment 34 Henryk Plötz 2005-05-02 05:26:13 UTC
I think the fix is not complete. The mentioned problem still exists when compiling python with -fstack-protector -O3 and that will not be catched by the modified ebuild.

Steps to reproduce:
1. Compile python with -fstack-protector -O3
2. Start pydoc -p 8080
3. Open a web browser at http://localhost:8080/

Actual results:
henryk@gleam henryk $ pydoc -p 8080
pydoc server ready at http://localhost:8080/
python: stack smashing attack in function fast_function()
Aborted

Expected results:
Shouldn't abort.

Simple fix: Change
+	if is-flag -O3 ; then
+		is-flag -fstack-protector-all && replace-flags -O3 -O2
+		use hardened && replace-flags -O3 -O2
to
+	if is-flag -O3 ; then
+		is-flag -fstack-protector-all && replace-flags -O3 -O2
+		is-flag -fstack-protector && replace-flags -O3 -O2
+		use hardened && replace-flags -O3 -O2
Comment 35 solar (RETIRED) gentoo-dev 2005-05-02 07:14:29 UTC
tip. Don't use -O3 with ssp.
Comment 36 Mike Nerone 2005-05-02 17:20:35 UTC
That is a good tip. Too many people are unaware of this ssp/-O3 incompatibility (as you can see above, I was bitten by this about eight months ago). Perhaps portage should be made to automatically warn about this situation when it sees it?
Comment 37 Larry the Git Cow gentoo-dev 2022-06-07 08:05:05 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f58c0be83b23be42aa2e6452c4b4bfd875fcbbb

commit 5f58c0be83b23be42aa2e6452c4b4bfd875fcbbb
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-06-07 08:02:54 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-06-07 08:04:59 +0000

    dev-lang/python: drop long-obsolete SSP / -O3 workaround
    
    Everyone in Gentoo (unless they unforce defaults) had, for years now,
    -fstack-protector-all on, or nowadays, -fstack-protector-strong.
    
    This means that it won't have been explicitly in *FLAGS and hence
    the replacement won't have been triggered anyway.
    
    Plus, the hardened conditional is irrelevant given the above
    (it uses no more SSP than the default, because the default
    is what hardened used to be, many years ago).
    
    Bug: https://bugs.gentoo.org/50309
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-lang/python/python-2.7.18_p15.ebuild   | 6 ------
 dev-lang/python/python-3.10.5.ebuild       | 6 ------
 dev-lang/python/python-3.11.0_beta3.ebuild | 6 ------
 dev-lang/python/python-3.8.13_p2.ebuild    | 6 ------
 dev-lang/python/python-3.9.13.ebuild       | 6 ------
 5 files changed, 30 deletions(-)