/bin/sh ./libtool --mode=link gcc -march=athlon64 -O2 -pipe -msse3 -fforce-addr -x none test2.o trampoline.lo -o test2 gcc -march=athlon64 -O2 -pipe -msse3 -fforce-addr -x none test2.o trampoline.o -o test2 ./test1 trampoline: cannot make memory executable make[1]: *** [check] Aborted make[1]: Leaving directory `/var/tmp/portage/dev-lisp/clisp-2.41/work/clisp-2.41/build/callback/trampoline_r' after running "paxctl -m test1" the test passes successfully so I have a question... should I make a patch that can do this automatically so that the package builds correctly or this package is a security risk and should be masked out on hardened? Reproducible: Always Steps to Reproduce: 1. emerge clisp Actual Results: ./configure failed Expected Results: successful build Portage 2.1.3.9 (hardened/amd64/multilib, gcc-4.1.1, glibc-2.6.1-r0, 2.6.22-hardened-r2 x86_64) ================================================================= System uname: 2.6.22-hardened-r2 x86_64 AMD Athlon(tm) 64 Processor 3000+ Timestamp of tree: Fri, 14 Sep 2007 12:00:01 +0000 app-shells/bash: 3.2_p17-r1 dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.4.4-r5, 2.5.1-r2 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.10-r4 sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18 sys-devel/gcc-config: 1.4.0-r2 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.22-r2 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS=" -march=athlon64 -O2 -pipe -msse3 -fforce-addr" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS=" -march=athlon64 -O2 -pipe -msse3 -fforce-addr" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps y" FEATURES="autoconfig distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="en_US.UTF-8" LINGUAS="en en_US en_GB ro af ar be bg ca cs da de el es es_AR es_ES eu fi fr fy fy_NL ga ga_IE gu gu_IN he hu it ja ka ko ku lt mk mn nb nb_NO nl nn nn_NO pa pa_IN pl pt pt_BR pt_PT ru sk sl sv sv_SE tr zh zh_CN zh_TW br bs cy et fa gl hi is ms nds rw se sr sr@Latn ta uk uz az tg bn eo id km lo sq ss th hr no vi" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/xeffects /usr/local/portage /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X a52 aac ac3 accessibility acl acpi aiglx akode alsa amd64 ao apmdaudiofile arts audiofile bash-completion berkdb beryl bluetooth bzip2 cairo calendar caps cdparanoia cdr compiz cracklib crypt cscope ctype cups cvs dbus dga dmx dri dv dvd dvdr dvdread encode erandom esd expat fam fbcon ffmpeg firefox flac fontconfig ftp gd gdbm geoip gif glut gmp gnome gnutls gpm gstreamer gtk hal hardened idn imagemagick imlib ipod ipv6 jabber jpeg jpeg2k justify kde kdehiddenvisibility lame lastfm ldap lesstif libedit libg++ libnotify libsamplerate lm_sensors logitech-mouse logrotate mad memlimit mhash midi mime mmap mmx mmxext mng mp3 mp4 mpeg mplayer msn multilib musepack musicbrainz ncurses network-cron network_manager networkmanager nis nls nptl nptlonly nsplugin ogg openal opengl oss pam pcntl pda pdf perl pic pie png posix prelude python qt3 qt4 rdesktop readline samba sdl shorten skey smb sndfile speex sqlite3 sse sse2 sse3 ssl startup-notification subversion svg svn sysvipc tcl tcpd theora tiff tk truetype unicode urandom usb v4l vcd vim-syntax vorbis wmf x264 xcb xcomposite xine xinerama xkb xml xorg xosd xpm xprint xscreensaver xv xvid xvmc yahoo zeroconf zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse wacom evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_US en_GB ro af ar be bg ca cs da de el es es_AR es_ES eu fi fr fy fy_NL ga ga_IE gu gu_IN he hu it ja ka ko ku lt mk mn nb nb_NO nl nn nn_NO pa pa_IN pl pt pt_BR pt_PT ru sk sl sv sv_SE tr zh zh_CN zh_TW br bs cy et fa gl hi is ms nds rw se sr sr@Latn ta uk uz az tg bn eo id km lo sq ss th hr no vi" LIRC_DEVICES="kworld" USERLAND="GNU" VIDEO_CARDS="radeon fbdev v4l vesa vga" Unset: CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Unfortunately all common lisp implementations (known to me) have a tendency to ignore discrimination between rw and executable pieces. This seems to be a common policy amongst them. This whole security things is not a concern for those folks. Perhaps I'm stupid taking care of... You'll probably have to face more problems after getting through this simple test issue. However I would be interested in any of the lisp implementations being compatible with PaX, cos I would use maxima. Regards, Dw. (In reply to comment #0) > /bin/sh ./libtool --mode=link gcc -march=athlon64 -O2 -pipe -msse3 -fforce-addr > -x none test2.o trampoline.lo -o test2 > gcc -march=athlon64 -O2 -pipe -msse3 -fforce-addr -x none test2.o trampoline.o > -o test2 > ./test1 > trampoline: cannot make memory executable > make[1]: *** [check] Aborted > make[1]: Leaving directory > `/var/tmp/portage/dev-lisp/clisp-2.41/work/clisp-2.41/build/callback/trampoline_r' > > after running "paxctl -m test1" the test passes successfully > > so I have a question... should I make a patch that can do this automatically so > that the package builds correctly or this package is a security risk and should > be masked out on hardened? >
this appears to be a libffcall, not a clisp bug. libffcall is now a separate package. http://savannah.gnu.org/projects/libffcall
The fail part have moved to new package dev-libs/ffcall Can you make new bugreport on the error with new info and logs? And ffcall have a QA problem with trampolines #253963