Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 23934 - PAM fails to compile when either it or pwdb is compiled with -fstack-protector
Summary: PAM fails to compile when either it or pwdb is compiled with -fstack-protector
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] GCC Porting (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: PAM Gentoo Team (OBSOLETE)
: 24353 (view as bug list)
Depends on:
Reported: 2003-07-03 20:18 UTC by Vince Castellano
Modified: 2006-10-18 20:21 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Vince Castellano 2003-07-03 20:18:03 UTC
After compiling both pwdb and pam with -fstack-protector, pam fails with *
ERROR: pam_pwdb module did not build. Using the selinux profile.

Reproducible: Always
Steps to Reproduce:
1. Emerge pam and pwdb with -fstack-protector

Actual Results:  
* ERROR: pam_pwdb module did not build.

Expected Results:  
It to compile with Propolice support

Portage 2.0.48-r1 (selinux-x86-1.4, [unavailable], glibc-2.3.1-r4)
System uname: 2.4.20-xfs-r2 i686 AMD Athlon(tm) XP 1700+
CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config
/usr/kde/2/share/config /usr/kde/3/share/config"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
USE="crypt libwww mmx ncurses selinux zlib berkdb readline tcpd pam ssl perl
python spell -nls -X -gtk -gnome -alsa -kde -qt mysql -apache2 gd png jpg gif
xml xml2 x86"
CFLAGS="-mcpu=athlon-xp -O2 -pipe -fstack-protector"
CXXFLAGS="-O2 -mcpu=i686 -pipe"
FEATURES="sandbox ccache"
Comment 1 Donny Davies (RETIRED) gentoo-dev 2003-07-19 15:09:01 UTC

we should make sys-libs/pwdb optional because only and need it anyways.. both of these arent really crucial.

please see my post to -dev mailing list with respect to this.

subject was something like: "possibly trim sys-libs/pwdb from profiles"
Comment 2 Donny Davies (RETIRED) gentoo-dev 2003-07-19 15:09:55 UTC
by the way, the bug reporter is not correct, my PAM works just fine
with propolice.

the problem is just the pwdb crap.
Comment 3 Donny Davies (RETIRED) gentoo-dev 2003-07-19 15:12:23 UTC
*** Bug 24353 has been marked as a duplicate of this bug. ***
Comment 4 Joshua Kinard gentoo-dev 2003-08-08 12:51:59 UTC
I ran into this the other day trying to recompile my x86 system using the propolice in gcc-3.3-r1.  I thought it was a gcc-3.3 bug...Seems not to be the case.

I doubled checked this error on sparc64 as well, and using -fstack-protector there, it also fails as well.
Comment 5 Matthew Rickard 2003-08-08 17:11:43 UTC
I've added filter-flags "-fstack-protector" to the pwdb ebuilds.  This should resolve the issue (for now).
Comment 6 Heinrich Wendel (RETIRED) gentoo-dev 2004-03-15 12:00:31 UTC
so can we close this?
Comment 7 solar (RETIRED) gentoo-dev 2004-03-17 20:43:55 UTC
I'd think this could be closed now. It's a shame however that -fstack has to be filtered for pwdb. Anybody know the root reason of why pwdb could not cope with the flag?
Comment 8 Stian Skjelstad 2005-07-01 04:23:37 UTC
It smashes the stack at one point? Probably just a byte of in a string.

(I have seen gcc 3.3 and higher smash stack if you re-use arrays in different
variables and use -O2 or higher)
Comment 9 Martin Schlemmer (RETIRED) gentoo-dev 2005-07-05 13:44:00 UTC
The problem is in general pwdb .. security issues is one reason why we switched
from pam_pwdb to pam_unix again ...
Comment 10 Vince Castellano 2006-10-18 20:21:43 UTC
Closing, as it is no longer an issue.