Bug 609658

Summary:	sys-libs/glibc-2.25: __mempcpy_chk missing in static builds on hardened systems
Product:	Gentoo Linux	Reporter:	Toralf Förster <toralf>
Component:	Current packages	Assignee:	Gentoo Toolchain Maintainers <toolchain>
Status:	RESOLVED FIXED
Severity:	normal	CC:	kamikaze.is.waiting.you, plevine457
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://sourceware.org/ml/libc-alpha/2017-03/msg00194.html
See Also:	https://bugs.debian.org/845521
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	628180
Attachments:	emerge-info.txt emerge-history.txt environment etc.portage.tbz2 sys-apps:busybox-1.26.0:20170217-185101.log

Description Toralf Förster gentoo-dev

2017-02-17 19:22:20 UTC

netstat.c:(.text.ip_port_str+0xad): warning: Using 'getservbyport' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
networking/lib.a(arping.o): In function `catcher':
arping.c:(.text.catcher+0xd3): undefined reference to `__mempcpy_chk'

  -----------------------------------------------------------------

  This is an unstable amd64 chroot image (named hardened_20170217-144156) at a hardened host acting as a tinderbox.

  -----------------------------------------------------------------

gcc-config -l:
 [1] x86_64-pc-linux-gnu-5.4.0 *
 [2] x86_64-pc-linux-gnu-5.4.0-hardenednopie
 [3] x86_64-pc-linux-gnu-5.4.0-hardenednopiessp
 [4] x86_64-pc-linux-gnu-5.4.0-hardenednossp
 [5] x86_64-pc-linux-gnu-5.4.0-vanilla

Available Python interpreters, in order of preference:
  [1]   python3.4
  [2]   python2.7 (fallback)

Comment 1 Toralf Förster gentoo-dev

2017-02-17 19:22:23 UTC

Created attachment 464140 [details]
emerge-info.txt

Comment 2 Toralf Förster gentoo-dev

2017-02-17 19:22:26 UTC

Created attachment 464142 [details]
emerge-history.txt

Comment 3 Toralf Förster gentoo-dev

2017-02-17 19:22:29 UTC

Created attachment 464144 [details]
environment

Comment 4 Toralf Förster gentoo-dev

2017-02-17 19:22:32 UTC

Created attachment 464146 [details]
etc.portage.tbz2

Comment 5 Toralf Förster gentoo-dev

2017-02-17 19:22:36 UTC

Created attachment 464148 [details]
sys-apps:busybox-1.26.0:20170217-185101.log

Comment 6 Toralf Förster gentoo-dev

2017-02-17 19:28:55 UTC

the well known glibc/locale issue I do think

Comment 7 Toralf Förster gentoo-dev

2017-02-18 09:38:15 UTC

This is an issue I fear.

It happens after glibc was re-compiled with -fstack-check=no as requested in bug #608788 

FWIW:

=================================================================
                        Package Settings
=================================================================

sys-libs/glibc-2.25::gentoo was built with the following:
USE="hardened (multilib) rpc -audit -caps -debug -gd -nscd (-profile) (-selinux) -suid -systemtap -vanilla" ABI_X86="64"
CFLAGS="-pipe -march=native -Wall -fstack-check=no -O2 -fno-strict-aliasing -fno-stack-protector"
CXXFLAGS="-pipe -march=native -O2 -fno-strict-aliasing -fno-stack-protector"

Comment 8 SpanKY gentoo-dev

2017-03-12 04:40:11 UTC

__mempcpy_chk is provided by glibc.  please verify the symbol exists in your glibc builds.

$ readelf -sW /lib64/libc.so.6 | grep __mempcpy_chk
369: 00000000000f3440 186 IFUNC GLOBAL DEFAULT 12 __mempcpy_chk@@GLIBC_2.3.4
$ readelf -sW /usr/lib64/libc.a | grep __mempcpy_chk
 10: 0000000000000000  14 FUNC  GLOBAL DEFAULT  1 __mempcpy_chk

Comment 9 SpanKY gentoo-dev

2017-03-12 04:40:32 UTC

*** Bug 611676 has been marked as a duplicate of this bug. ***

Comment 10 Peter Levine 2017-03-12 06:46:50 UTC

Possibly related to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845521?

Fixed upstream here http://sourceware.org/git/?p=glibc.git;a=commit;h=380ec16d62f459d5a28cfc25b7b20990c45e1cc9

Comment 11 Toralf Förster gentoo-dev

2017-03-12 08:47:45 UTC

(In reply to SpanKY from comment #8)
tinderbox@mr-fox ~ $ scw img2/hardened_20170217-144156
mr-fox / # readelf -sW /lib64/libc.so.6 | grep __mempcpy_chk
   371: 00000000000f61f0   186 IFUNC   GLOBAL DEFAULT   11 __mempcpy_chk@@GLIBC_2.3.4
mr-fox / # readelf -sW /usr/lib64/libc.a | grep __mempcpy_chk
mr-fox / # exit
exit

Comment 12 SpanKY gentoo-dev

2017-03-12 09:35:45 UTC

(In reply to Peter Levine from comment #10)

looks like it indeed!

Comment 13 SpanKY gentoo-dev

2017-03-12 22:24:10 UTC

(In reply to SpanKY from comment #12)

hmm, that change is related, but doesn't fix this issue.  that change is already in glibc-2.25.  but the same fix can be applied to __mempcpy_chk.

sent a fix upstream:
https://sourceware.org/ml/libc-alpha/2017-03/msg00194.html

Comment 14 SpanKY gentoo-dev

2017-03-15 23:55:31 UTC

i've pushed my fix in upstream and added to the 2.25 branch/patchsets

rebuild 2.25 to get it