Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 679776

Summary: app-portage/portage-utils does not respect CFLAGS (stack-protection)
Product: Gentoo Linux Reporter: Agostino Sarubbo <ago>
Component: Current packagesAssignee: Fabian Groffen <grobian>
Status: RESOLVED INVALID    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2019-03-08 16:01:21 UTC
This is an auto-filled bug because this package does not respect user's CFLAGS.

While SSP is really good for security purpose, I'd expect that with CFLAGS="-fno-stack-protector" the package should not have stack protection.
In this case the file /usr/bin/q (and maybe some other file from this package) has stack protection.
To check the SSP status you can use:
checksec --file /usr/bin/q  (from app-admin/checksec)
hardening-check /usr/bin/q  (from app-admin/hardening-check)
readelf -sW /usr/bin/q | grep "__stack_chk_fail"
Comment 1 Fabian Groffen gentoo-dev 2019-03-08 17:29:03 UTC
On Linux, a single Makefile is used, which just honours CFLAGS.

I see almost all of my binaries having __stack_chk_fail references, but I don't have -fstack-protector in CFLAGS.  Is this really a portage-utils bug, or a toolchain problem?
Comment 2 Agostino Sarubbo gentoo-dev 2019-03-09 13:47:40 UTC
I'm sorry for the bugspam but this bug comes from a false-positive, more info at https://bugs.gentoo.org/679788#c2