After compiling both pwdb and pam with -fstack-protector, pam fails with *
ERROR: pam_pwdb module did not build. Using the selinux profile.
Steps to Reproduce:
1. Emerge pam and pwdb with -fstack-protector
* ERROR: pam_pwdb module did not build.
It to compile with Propolice support
Portage 2.0.48-r1 (selinux-x86-1.4, [unavailable], glibc-2.3.1-r4)
System uname: 2.4.20-xfs-r2 i686 AMD Athlon(tm) XP 1700+
CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config
USE="crypt libwww mmx ncurses selinux zlib berkdb readline tcpd pam ssl perl
python spell -nls -X -gtk -gnome -alsa -kde -qt mysql -apache2 gd png jpg gif
xml xml2 x86"
CFLAGS="-mcpu=athlon-xp -O2 -pipe -fstack-protector"
CXXFLAGS="-O2 -mcpu=i686 -pipe"
we should make sys-libs/pwdb optional because only pam_radius.so and
pam_pwdb.so need it anyways.. both of these arent really crucial.
please see my post to -dev mailing list with respect to this.
subject was something like: "possibly trim sys-libs/pwdb from profiles"
by the way, the bug reporter is not correct, my PAM works just fine
the problem is just the pwdb crap.
*** Bug 24353 has been marked as a duplicate of this bug. ***
I ran into this the other day trying to recompile my x86 system using the propolice in gcc-3.3-r1. I thought it was a gcc-3.3 bug...Seems not to be the case.
I doubled checked this error on sparc64 as well, and using -fstack-protector there, it also fails as well.
I've added filter-flags "-fstack-protector" to the pwdb ebuilds. This should resolve the issue (for now).
so can we close this?
I'd think this could be closed now. It's a shame however that -fstack has to be filtered for pwdb. Anybody know the root reason of why pwdb could not cope with the flag?
It smashes the stack at one point? Probably just a byte of in a string.
(I have seen gcc 3.3 and higher smash stack if you re-use arrays in different
variables and use -O2 or higher)
The problem is in general pwdb .. security issues is one reason why we switched
from pam_pwdb to pam_unix again ...
Closing, as it is no longer an issue.