Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 132873 - dev-lisp/gcl 2.6.7,2.6.7-r1, and CVS do not compile on hardened
Summary: dev-lisp/gcl 2.6.7,2.6.7-r1, and CVS do not compile on hardened
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: x86 Linux
: High major (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
: 119411 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-05-10 02:08 UTC by Michael Dillon
Modified: 2010-12-15 15:56 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Dillon 2006-05-10 02:08:25 UTC
I use a hardened setup with rsbac sources.  I've tried disabling pax, using both vanilla-sources and regular hardened gcc with no luck.

Error:

checking for randomized sbrk... yes
checking for randomized brk remedy... no
Cannot build with randomized sbrk

Config Log:

[omitted]
configure:3767: checking for sbrk
configure:3785: gcc -o conftest -march=pentium4 -O2 -pipe    conftest.c  1>&5
configure:3801: checking for randomized sbrk
configure:3818: gcc -o conftest -march=pentium4 -O2 -pipe    conftest.c  1>&5
configure:3850: gcc -o conftest -march=pentium4 -O2 -pipe    conftest.c  1>&5
configure:3870: checking for randomized brk remedy
configure:3895: gcc -o conftest -march=pentium4 -O2 -pipe    conftest.c  1>&5
configure:3935: gcc -o conftest -march=pentium4 -O2 -pipe    conftest.c  1>&5


Emerge Info:

Portage 2203-svn (default-linux/x86/2005.1, gcc-3.4.5-vanilla, glibc-2.3.6-r3, 2.6.14-rsbac-r1-rsbac i686)
=================================================================
System uname: 2.6.14-rsbac-r1-rsbac i686 Intel(R) Celeron(R) CPU 2.60GHz
Gentoo Base System version 1.6.14
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.3 [enabled]
dev-lang/python:     2.4.2
dev-python/pycrypto: [Not Present]
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O2 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=pentium4 -O2 -pipe"
DISTDIR="/mnt/hdb1/portage/distfiles"
FEATURES="autoconfig buildpkg ccache collision-protect distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LC_ALL="en_US.UTF-8"
LINGUAS="en en_GB ja ko ru zh_CN zh_TW"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/mnt/hdb1/portage/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 16bit 64bit X X509 a52 aac acl acpi ada aim alsa amarok amr amrr ansi asf atm audiofile authfile automount avahi bash-completion bcp bdf berkdb bidi big-tables binfilter bitmap-fonts bjam blas boehm-gc bzip2 c++ cairo cdb cddb cdf cdio cdr cdrom chasen chroot cjk cracklib crypt cscope css cups curl dga dhcp directfb djbfft dlloader doc dpms dri dts dv dvd dvdr dvdread ecc edl encode enscript erandom examples exif expat extensions extraengine extrafilters fam fbcon fdftk ffmpeg fftw finger firefox flac font-server foomaticdb fortran fpx ftp gcj geoip geometry gif gimp gimpprint glitz glut glx gmp gnutls gopher gpm graphviz gs gssapi gstreamer gtk2 hal hardened haskell howl hpn iconv icq icu idn imagemagick imap imlib2 immqt-bc input_devices_keyboard input_devices_mouse ipv6 java javacomm javascript jbig jce jcs jp2 jpeg jpeg2k justify kde kdeenablefinal kexi kig-scripting kipi kqemu latex lcms ldap ldapsam libg++ libwww lua lzo lzw m17n-lib maildir mailwrapper matroska max-idx-128 md5sum mhash migemo mikmod mime mjpegtools mmap mmx mng modplug moznocompose moznoirc moznomail mozxmlterm mp3 mpeg mplayer msn musepack mysql mysqli ncurses net netcdf network nfs nls nntp no-old-linux noamazon nocd nptl nptlonly nsplugin objc objc-gc odbc offensive ogg on-the-fly-crypt opengl oscar oss pam pam_chroot pam_console pam_timestamp pascal pcntl pcre pdf perl pg-hier pg-intdatetime pg-vacuumdelay pic png posix postgis postgres ppds proj pyste python qemu-fast qt quicktime quotas rar rdesktop readline real recode rle rss rtc samba sasl savedconfig sblive sdk sdl server session sftplogging sharedmem shorten sid simplexml skey slp sndfile soap sockets softmmu soundtouch speex spell sql sqlite sqlite3 sse sse2 ssl subversion svg svga sysfs tcltk tcpd test tetex theora tiff toolbar truetype truetype-fonts type1-fonts unicode urandom usb utf8 vcd video_cards_vesa video_cards_voodoo visualization voodoo5 vorbis win32codecs wma wmf x264 xanim xattr xcomposite xml xmlrpc xosd xpm xsl xv xvid xvmc yahoo yv12 zeroconf zlib video_cards_i810 video_cards_i915 linguas_en linguas_en_GB linguas_ja linguas_ko linguas_ru linguas_zh_CN linguas_zh_TW userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, INSTALL_MASK, LANG, LDFLAGS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS, PORTAGE_RSYNC_OPTS, PORTDIR_OVERLAY
Comment 1 Matthew Kennedy (RETIRED) gentoo-dev 2006-05-10 17:20:30 UTC
Not all the world is C.  Try a non-hardened GCC.  The furtherest the common-lisp team will probably take this is to put a check for hardened GCC in pkg_setup and then abort.
Comment 2 Michael Dillon 2006-05-10 17:36:19 UTC
I did try non-hardened gcc by switching to the vanilla setup.  It was the same result.
Comment 3 Matthew Kennedy (RETIRED) gentoo-dev 2006-05-10 20:03:29 UTC
What is your C library compiled with?
Comment 4 solar (RETIRED) gentoo-dev 2006-05-10 22:23:36 UTC
What the c lib was built with wont really matter.. It's not a +hardened thing 
either but rather a kernel thing. An slowly becoming a default.
Anyway please try with -Wl,--execheap
Comment 5 solar (RETIRED) gentoo-dev 2006-05-10 22:34:47 UTC
Actually try -Wl,-z,execheap
Comment 6 Kevin F. Quinn (RETIRED) gentoo-dev 2006-05-10 23:33:39 UTC
(In reply to comment #0)
> Error:
> Cannot build with randomized sbrk

This test checks that the output of sbrk(0) executed at the start of a program (i.e. before any malloc) returns the same value on every execution.

It fails due to PaX randomising the location of the heap, which some applications assume to be located immediately above the initialised data area.  emacs used to assume this, but has since been changed to remove the assumption.  I'm not sure whether the assumption is valid or not with respect to POSIX.

I don't think you can switch this off completely on PaX-enabled kernels; setting 'r' reduces the randomisation from 24 randomised bits to 13.

As to why it requires the heap to be in the same place on every execution, I couldn't say.  Might be worth querying upstream, at least to find out why.

(In reply to comment #1)
> Not all the world is C.  Try a non-hardened GCC.  The furtherest the
> common-lisp team will probably take this is to put a check for hardened GCC in
> pkg_setup and then abort.

BTW that's never really necessary (the only thing that does it at the moment is Xorg7, and that's a very special case that we simply haven't had the resource to deal with, yet).  There's support in flag-o-matic and toolchain-funcs for manipulating the hardened compiler.  If you ever find yourself considering the "die on hardened" approach, please talk to us (hardened@) first :)
Comment 7 Michael Dillon 2006-05-11 00:07:59 UTC
I tried with LDFLAGS="-Wl,-z,execheap" with no difference in output.  Seems I can effectively disable PaX in RSBAC-sources by using a softmode setting but this really is counter productive as it'd do it system-wide.
Comment 8 PaX Team 2006-05-11 03:44:17 UTC
some notes:

1. i don't know why gcl assumes/needs a non-random brk(), but there's no standard that guarantees it, even though it has been a long unix tradition to have one. mind you, the whole of brk() is a thing of the past, it's rather inflexible and modern memory allocators are better off by directly using mmap(). my guess is that gcl doesn't really need fixed addresses, it's probably heritage from the times it was originally written. the fact that upstream hasn't fixed it despite a maintream distro (fedora and now RHEL, i think) shipping with such brk() randomization means that gentoo will be unlikely to convince them otherwise. so let's see the workarounds.

2. the gcl configure script attempts to 'fix' the brk() randomization by using a linux specific remedy (what mess they will end up in when other OSs begin to randomize it is left as an exercise... but then that's what configure is for), namely the PF_RANDOMIZE personality bit. in PaX i explicitly made the decision to not make use of this because it is badly designed and implemented (coming from the usual Red Hat folks this should not strike anyone with surprise i guess). the design problem is that the mechanism chosen (personality bits) is not portable, the implementation problem is that this (and another, iirc) bit can get 'lost' across a failed execve(). so let's see what i chose.

3. in general, PaX features can be controlled at two levels: systemwide and per process. systemwide can be further broken down into static (kernel compile time) and runtime (softmode kernel cmdline arg and the softmode/aslr sysctl) settings. the per-process controls can come from either the ELF header markings or from an ACL system. ideally, everyone would use the ACL system and emerge gcl under a role that turns off randomization (on the PaX side, the kernel's own will then kick in which the gcl configure script handles). i guess it'll be a while till portage will handle this, if ever, not to mention non-ACL hardened users, so let's see what else you can do.

4. turn off ASLR in kernel .config - not a good idea just for emerging one package.

5. turn on softmode - better but you need it in the kernel's .config and will expose your entire system during emerge (that is, other programs started during gcl emerge time won't get ASLR). so it's still not ideal.

6. turn off ASLR in the ELF header marking - almost good except as of now you can't do it via ld cmdline, you must invoke paxctl -r explicitly, on each binary that's affected. that means configure/makefile hacking, so it's more work for you. the reason i haven't added ld support (-z noaslr or so) is that i always considered such apps broken and in need of fixing, instead of working around their bugs by turning off ASLR (note that wine/valgrind/qemu/etc can control their address space layout by using linker scripts and mmap(MAP_FIXED), so such needs can still be accomodated, despite ASLR). since it seems that gcl is unlikely to get fixed, i guess i'll have to cave in and add -z noaslr to ld. my question is if that would be a good solution or not, in particular, if the ebuild used -z noaslr in CFLAGS or LDFLAGS, would that be propagated/used even for configure (else it's useless of course, or will still need configure patching)?
Comment 9 Matthew Kennedy (RETIRED) gentoo-dev 2006-05-11 08:40:59 UTC
Could the hardened folks please take a look at dev-lisp/sbcl and dev-lisp/cmucl?  I know SBCL is incompatible with hardened gcc (remove die section in pkg_setup first).  CMUCL is SBCL's direct ancestor, so it is likely to be affected similarly.

dev-lisp/clisp contains some fun trampoline code.  If you have a hardened setup, would you mind trying it out also?
Comment 10 Kevin F. Quinn (RETIRED) gentoo-dev 2006-05-11 14:56:11 UTC
Had a quick look at cmucl and sbcl.  They don't play nice with PaX - by the time they've finished mmap-ing huge areas for allocation, they overflow the SEGMEXEC memory limits (I think there are few options like -dynamic-space-size that can help here).  In addition they do seem to need W|X heap or stack, not sure exactly which yet.  The sbcl build dies when the bootstrapped compiler is executed for the first time; jumps to address 0 so not sure what's happening there.  cmucl dies when the bootstrapped compiler runs as it gets killed trying to do things forbidden by PaX.

So - haven't had chance to deal with any hardened compiler issues with those :)

If I find anything useful I'll raise separate bugs about those and dev-lisp/clisp.  
Comment 11 Kevin F. Quinn (RETIRED) gentoo-dev 2006-05-11 15:45:16 UTC
(In reply to comment #8)
> some notes:

Thanks for those :)

> 6. turn off ASLR in the ELF header marking - almost good except as of now you
> can't do it via ld cmdline, you must invoke paxctl -r explicitly, on each
> binary that's affected.

Is that enough? There's still some randomisation on stuff I create here; marking with -r gives me what seems like 13 bits of randomisation rather than 24, on my 2.6.16-hardened PaX-enabled kernel for both ET_DYN and ET_EXEC.  Doing the same on a non-PaX kernel (2.6.15-gentoo) gives me no randomisation at all.
Comment 12 PaX Team 2006-05-12 02:34:58 UTC
> Is that enough? There's still some randomisation on stuff I create here;
> marking with -r gives me what seems like 13 bits of randomisation rather than
> 24, on my 2.6.16-hardened PaX-enabled kernel for both ET_DYN and ET_EXEC. 
> Doing the same on a non-PaX kernel (2.6.15-gentoo) gives me no randomisation at
> all.

doh, you're right, on 2.6 the brk randomization depends on the global randomize_va_space sysctl, instead of the per process flags, i'll fix it for 2.6.17+. you can fix it in the meantime by something like this:

--- linux-2.6.17-rc3-pax/fs/binfmt_elf.c        2006-04-27 13:52:30.000000000 +0200
+++ linux-2.6.17-rc3-pax/fs/binfmt_elf.c        2006-05-12 11:23:39.000000000 +0200
@@ -1190,7 +1190,7 @@
        end_data += load_bias;

 #ifdef CONFIG_PAX_RANDMMAP
-       if (randomize_va_space)
+       if (current->mm->pax_flags & MF_PAX_RANDMMAP)
                elf_brk += PAGE_SIZE + pax_delta_mask(pax_get_random_long(), 4, PAGE_SHIFT);
 #undef pax_delta_mask
 #endif
Comment 13 Marijn Schouten (RETIRED) gentoo-dev 2007-06-20 16:48:16 UTC
*** Bug 119411 has been marked as a duplicate of this bug. ***
Comment 14 Panagiotis Christopoulos (RETIRED) gentoo-dev 2010-12-15 15:56:19 UTC
RESOLVED WONTFIX. This package is masked for many months. We may make an
attempt to revive it, but not in the near future. You're free to reopen if you
want. But as Marijn says:

# Marijn Schouten <hkBst at gentoo dot org> (29 Jul 2009)
# Masked for increasingly many problems. Upstream is flaky and hasn't released
since 2005.
# Maxima is the only consumer and can be built with sbcl or clisp.
# Hopefully upstream will do a release that we can add to revive this package.
dev-lisp/gcl