Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 192521 - dev-lisp/clisp fails to configure on hardened due to some failed tests
Summary: dev-lisp/clisp fails to configure on hardened due to some failed tests
Status: RESOLVED CANTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-09-14 16:00 UTC by Radu Benea
Modified: 2010-07-27 15:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Radu Benea 2007-09-14 16:00:36 UTC 
/bin/sh ./libtool --mode=link gcc -march=athlon64 -O2 -pipe -msse3 -fforce-addr -x none test2.o trampoline.lo  -o test2
gcc -march=athlon64 -O2 -pipe -msse3 -fforce-addr -x none test2.o trampoline.o -o test2
./test1
trampoline: cannot make memory executable
make[1]: *** [check] Aborted
make[1]: Leaving directory `/var/tmp/portage/dev-lisp/clisp-2.41/work/clisp-2.41/build/callback/trampoline_r'

after running "paxctl -m test1" the test passes successfully

so I have a question... should I make a patch that can do this automatically so that the package builds correctly or this package is a security risk and should be masked out on hardened?

Reproducible: Always

Steps to Reproduce:
1. emerge clisp
Actual Results:  
./configure failed

Expected Results:  
successful build

Portage 2.1.3.9 (hardened/amd64/multilib, gcc-4.1.1, glibc-2.6.1-r0, 2.6.22-hardened-r2 x86_64)
=================================================================
System uname: 2.6.22-hardened-r2 x86_64 AMD Athlon(tm) 64 Processor 3000+
Timestamp of tree: Fri, 14 Sep 2007 12:00:01 +0000
app-shells/bash:     3.2_p17-r1
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r5, 2.5.1-r2
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.10-r4
sys-apps/sandbox:    1.2.18.1
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18
sys-devel/gcc-config: 1.4.0-r2
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.22-r2
ACCEPT_KEYWORDS="amd64 ~amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS=" -march=athlon64 -O2 -pipe -msse3 -fforce-addr"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS=" -march=athlon64 -O2 -pipe -msse3 -fforce-addr"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps y"
FEATURES="autoconfig distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="en_US.UTF-8"
LINGUAS="en en_US en_GB ro af ar be bg ca cs da de el es es_AR es_ES eu fi fr fy fy_NL ga ga_IE gu gu_IN he hu it ja ka ko ku lt mk mn nb nb_NO nl nn nn_NO pa pa_IN pl pt pt_BR pt_PT ru sk sl sv sv_SE tr zh zh_CN zh_TW br bs cy et fa gl hi is ms nds rw se sr sr@Latn ta uk uz az tg bn eo id km lo sq ss th hr no vi"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/xeffects /usr/local/portage /usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X a52 aac ac3 accessibility acl acpi aiglx akode alsa amd64 ao apmdaudiofile arts audiofile bash-completion berkdb beryl bluetooth bzip2 cairo calendar caps cdparanoia cdr compiz cracklib crypt cscope ctype cups cvs dbus dga dmx dri dv dvd dvdr dvdread encode erandom esd expat fam fbcon ffmpeg firefox flac fontconfig ftp gd gdbm geoip gif glut gmp gnome gnutls gpm gstreamer gtk hal hardened idn imagemagick imlib ipod ipv6 jabber jpeg jpeg2k justify kde kdehiddenvisibility lame lastfm ldap lesstif libedit libg++ libnotify libsamplerate lm_sensors logitech-mouse logrotate mad memlimit mhash midi mime mmap mmx mmxext mng mp3 mp4 mpeg mplayer msn multilib musepack musicbrainz ncurses network-cron network_manager networkmanager nis nls nptl nptlonly nsplugin ogg openal opengl oss pam pcntl pda pdf perl pic pie png posix prelude python qt3 qt4 rdesktop readline samba sdl shorten skey smb sndfile speex sqlite3 sse sse2 sse3 ssl startup-notification subversion svg svn sysvipc tcl tcpd theora tiff tk truetype unicode urandom usb v4l vcd vim-syntax vorbis wmf x264 xcb xcomposite xine xinerama xkb xml xorg xosd xpm xprint xscreensaver xv xvid xvmc yahoo zeroconf zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse wacom evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_US en_GB ro af ar be bg ca cs da de el es es_AR es_ES eu fi fr fy fy_NL ga ga_IE gu gu_IN he hu it ja ka ko ku lt mk mn nb nb_NO nl nn nn_NO pa pa_IN pl pt pt_BR pt_PT ru sk sl sv sv_SE tr zh zh_CN zh_TW br bs cy et fa gl hi is ms nds rw se sr sr@Latn ta uk uz az tg bn eo id km lo sq ss th hr no vi" LIRC_DEVICES="kworld" USERLAND="GNU" VIDEO_CARDS="radeon fbdev v4l vesa vga"
Unset:  CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Attila Tóth 2008-02-13 06:16:37 UTC 
Unfortunately all common lisp implementations (known to me) have a tendency to ignore discrimination between rw and executable pieces. This seems to be a common policy amongst them. This whole security things is not a concern for those folks. Perhaps I'm stupid taking care of... You'll probably have to face more problems after getting through this simple test issue.

However I would be interested in any of the lisp implementations being compatible with PaX, cos I would use maxima.

Regards,
Dw.

(In reply to comment #0)
> /bin/sh ./libtool --mode=link gcc -march=athlon64 -O2 -pipe -msse3 -fforce-addr
> -x none test2.o trampoline.lo  -o test2
> gcc -march=athlon64 -O2 -pipe -msse3 -fforce-addr -x none test2.o trampoline.o
> -o test2
> ./test1
> trampoline: cannot make memory executable
> make[1]: *** [check] Aborted
> make[1]: Leaving directory
> `/var/tmp/portage/dev-lisp/clisp-2.41/work/clisp-2.41/build/callback/trampoline_r'
> 
> after running "paxctl -m test1" the test passes successfully
> 
> so I have a question... should I make a patch that can do this automatically so
> that the package builds correctly or this package is a security risk and should
> be masked out on hardened?
>
Comment 2 Sam Steingold 2010-07-08 20:06:20 UTC 
this appears to be a libffcall, not a clisp bug.
libffcall is now a separate package.
http://savannah.gnu.org/projects/libffcall
Comment 3 Magnus Granberg gentoo-dev 2010-07-27 15:36:33 UTC 
The fail part have moved to new package dev-libs/ffcall
Can you make new bugreport on the error with new info and logs?
And ffcall have a QA problem with trampolines #253963