Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 611152 - net-nds/rpcbind-0.2.4 SIGABRTs if built with '--as-needed' in LDFLAGS
Summary: net-nds/rpcbind-0.2.4 SIGABRTs if built with '--as-needed' in LDFLAGS
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-02-27 22:25 UTC by Joshua Kinard
Modified: 2018-04-01 06:47 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Output of 'strace -f rpcbind -df' (rpcbind-024-sigabrt-20170227.txt,29.08 KB, text/plain)
2017-02-27 22:27 UTC, Joshua Kinard
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Joshua Kinard gentoo-dev 2017-02-27 22:25:38 UTC
It looks like building net-nds/rpcbind-0.2.4 with --as-needed in LDFLAGS will cause it to abort for unknown reasons:

# rpcbind -df
Aborted

]# genlop -i =net-nds/rpcbind-0.2.4
 * net-nds/rpcbind


   Total builds: 12
   Global build time: 2 minutes and 34 seconds.
   Average merge time: 12 seconds.

   Info about currently installed ebuild:

   * net-nds/rpcbind-0.2.4
   Install date: Mon Feb 27 17:18:37 2017
   USE="tcpd -debug -selinux -systemd -warmstarts"
   CFLAGS="-O2 -ggdb2 -pipe -march=ivybridge -mtune=ivybridge -mfpmath=sse -mieee-fp -mmmx -msse -msse2 -msse3 -mssse3 -msse4 -msse4.1 -msse4.2 -maes -mavx -mcx16 -mf16c -mfsgsbase -mfxsr -mpclmul -mpopcnt -mrdrnd -msahf -mxsave -mxsaveopt -mvzeroupper -mavx256-split-unaligned-load -mavx256-split-unaligned-store -maccumulate-outgoing-args -fmodulo-sched -fmodulo-sched-allow-regmoves -ftree-loop-im -ftree-loop-linear -ftree-loop-ivcanon -fgcse-after-reload -fgcse-lm -fgcse-sm -fgcse-las -floop-interchange -ftree-loop-distribution -floop-strip-mine -floop-block -ftree-vectorize -flto=10 -fuse-linker-plugin -fstack-check=no"   CXXFLAGS="-O2 -ggdb2 -pipe -march=ivybridge -mtune=ivybridge -mfpmath=sse -mieee-fp -mmmx -msse -msse2 -msse3 -mssse3 -msse4 -msse4.1 -msse4.2 -maes -mavx -mcx16 -mf16c -mfsgsbase -mfxsr -mpclmul -mpopcnt -mrdrnd -msahf -mxsave -mxsaveopt -mvzeroupper -mavx256-split-unaligned-load -mavx256-split-unaligned-store -maccumulate-outgoing-args -fmodulo-sched -fmodulo-sched-allow-regmoves -ftree-loop-im -ftree-loop-linear -ftree-loop-ivcanon -fgcse-after-reload -fgcse-lm -fgcse-sm -fgcse-las -floop-interchange -ftree-loop-distribution -floop-strip-mine -floop-block -ftree-vectorize -flto=10 -fuse-linker-plugin -fstack-check=no"   LDFLAGS="-O2 -ggdb2 -pipe -march=ivybridge -mtune=ivybridge -mfpmath=sse -mieee-fp -mmmx -msse -msse2 -msse3 -mssse3 -msse4 -msse4.1 -msse4.2 -maes -mavx -mcx16 -mf16c -mfsgsbase -mfxsr -mpclmul -mpopcnt -mrdrnd -msahf -mxsave -mxsaveopt -mvzeroupper -mavx256-split-unaligned-load -mavx256-split-unaligned-store -maccumulate-outgoing-args -fmodulo-sched -fmodulo-sched-allow-regmoves -ftree-loop-im -ftree-loop-linear -ftree-loop-ivcanon -fgcse-after-reload -fgcse-lm -fgcse-sm -fgcse-las -floop-interchange -ftree-loop-distribution -floop-strip-mine -floop-block -ftree-vectorize -flto=10 -fuse-linker-plugin -fstack-check=no -Wl,-O1 -Wl,--as-needed -Wl,-z,now -Wl,-z,relro"

Removing --as-needed appears to be what gets it working again.  I discovered this completely by randomly removing various CFLAGS and LDFLAGS.
Comment 1 Joshua Kinard gentoo-dev 2017-02-27 22:26:20 UTC
emerge --info:
# emerge --info
Portage 2.3.3 (python 2.7.13-final-0, hardened/linux/amd64, gcc-6.3.0, glibc-2.25, 4.9.11 x86_64)
=================================================================
System uname: Linux-4.9.11-x86_64-Genuine_Intel-R-_CPU_@_3.40GHz-with-gentoo-2.3
KiB Mem:    32795564 total,  26003344 free
KiB Swap:    4209024 total,   4209024 free
Timestamp of repository gentoo: Mon, 27 Feb 2017 10:45:01 +0000
sh bash 4.4_p12
ld GNU ld (Gentoo 2.27 p1.0) 2.27
distcc 3.2rc1 x86_64-pc-linux-gnu [disabled]
ccache version 3.3.4 [disabled]
app-shells/bash:          4.4_p12::gentoo
dev-java/java-config:     2.2.0-r3::gentoo
dev-lang/perl:            5.24.1-r1::gentoo
dev-lang/python:          2.7.13::gentoo, 3.4.6::gentoo, 3.5.3::gentoo
dev-util/ccache:          3.3.4::gentoo
dev-util/cmake:           3.7.2::gentoo
dev-util/pkgconfig:       0.29.1::gentoo
sys-apps/baselayout:      2.3::gentoo
sys-apps/openrc:          0.23.2::gentoo
sys-apps/sandbox:         2.11-r4::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69-r2::gentoo
sys-devel/automake:       1.11.6-r2::gentoo, 1.12.6-r1::gentoo, 1.13.4-r1::gentoo, 1.14.1-r1::gentoo, 1.15-r2::gentoo
sys-devel/binutils:       2.27::gentoo
sys-devel/gcc:            6.3.0::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1::gentoo
sys-kernel/linux-headers: 4.9::gentoo (virtual/os-headers)
sys-libs/glibc:           2.25::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://gentoo.cs.uni.edu/gentoo-portage
    priority: -1000

local
    location: /usr/portage/local
    masters: gentoo
    priority: 0

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -ggdb2 -pipe -march=ivybridge -mtune=ivybridge -mfpmath=sse  -mieee-fp -mmmx -msse -msse2 -msse3 -mssse3 -msse4 -msse4.1 -msse4.2  -maes -mavx -mcx16 -mf16c -mfsgsbase -mfxsr -mpclmul -mpopcnt -mrdrnd  -msahf -mxsave -mxsaveopt -mvzeroupper -mavx256-split-unaligned-load  -mavx256-split-unaligned-store -maccumulate-outgoing-args  -fmodulo-sched -fmodulo-sched-allow-regmoves  -ftree-loop-im -ftree-loop-linear -ftree-loop-ivcanon  -fgcse-after-reload -fgcse-lm -fgcse-sm -fgcse-las  -floop-interchange -ftree-loop-distribution -floop-strip-mine -floop-block  -ftree-vectorize -flto=10 -fuse-linker-plugin -fstack-check=no"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/init.d /etc/pam.d /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -ggdb2 -pipe -march=ivybridge -mtune=ivybridge -mfpmath=sse  -mieee-fp -mmmx -msse -msse2 -msse3 -mssse3 -msse4 -msse4.1 -msse4.2  -maes -mavx -mcx16 -mf16c -mfsgsbase -mfxsr -mpclmul -mpopcnt -mrdrnd  -msahf -mxsave -mxsaveopt -mvzeroupper -mavx256-split-unaligned-load  -mavx256-split-unaligned-store -maccumulate-outgoing-args  -fmodulo-sched -fmodulo-sched-allow-regmoves  -ftree-loop-im -ftree-loop-linear -ftree-loop-ivcanon  -fgcse-after-reload -fgcse-lm -fgcse-sm -fgcse-las  -floop-interchange -ftree-loop-distribution -floop-strip-mine -floop-block  -ftree-vectorize -flto=10 -fuse-linker-plugin -fstack-check=no"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs candy cgroup config-protect-if-modified distlocks downgrade-backup ebuild-locks fixlafiles ipc-sandbox merge-sync network-sandbox news preserve-libs protect-owned sandbox sfperms sign split-elog splitdebug unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="    http://gentoo.osuosl.org/    http://mirror.usu.edu/mirrors/gentoo/    http://mirror.csclub.uwaterloo.ca/gentoo-distfiles/ "
INSTALL_MASK="/usr/lib/systemd /etc/systemd"
LANG="en_US.iso885915"
LDFLAGS="-O2 -ggdb2 -pipe -march=ivybridge -mtune=ivybridge -mfpmath=sse  -mieee-fp -mmmx -msse -msse2 -msse3 -mssse3 -msse4 -msse4.1 -msse4.2  -maes -mavx -mcx16 -mf16c -mfsgsbase -mfxsr -mpclmul -mpopcnt -mrdrnd  -msahf -mxsave -mxsaveopt -mvzeroupper -mavx256-split-unaligned-load  -mavx256-split-unaligned-store -maccumulate-outgoing-args  -fmodulo-sched -fmodulo-sched-allow-regmoves  -ftree-loop-im -ftree-loop-linear -ftree-loop-ivcanon  -fgcse-after-reload -fgcse-lm -fgcse-sm -fgcse-las  -floop-interchange -ftree-loop-distribution -floop-strip-mine -floop-block  -ftree-vectorize -flto=10 -fuse-linker-plugin -fstack-check=no -Wl,-O1 -Wl,--as-needed -Wl,-z,now -Wl,-z,relro"
MAKEOPTS="-j14"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/ramfs"
USE="amd64 berkdb bzip2 cli cracklib crypt curl cxx dbus dri gd gdbm graphite hardened inotify ipv6 justify lto modules multilib ncurses nptl offensive openmp pam pax_kernel pcre pic pie readline rtc seccomp session sqlite ssl ssp tcpd unicode urandom xattr xml xtpax zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4 python3_5" RUBY_TARGETS="ruby21" USERLAND="GNU" VIDEO_CARDS="vesa vga fbdev ast" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Comment 2 Joshua Kinard gentoo-dev 2017-02-27 22:27:14 UTC
Created attachment 465446 [details]
Output of 'strace -f rpcbind -df'
Comment 3 Markus Oehme 2017-04-01 08:35:41 UTC
I can confirm this issue on hardened ~amd64, rebuilding without --as-needed fixed it for me. This is a weird one to debug (or my systemd-foo is not yet up to par since I had to stare at it for quite some time).
Comment 4 Andreas K. Hüttel gentoo-dev 2017-10-03 17:50:35 UTC
Looks hardened-specific.
Comment 5 Joshua Kinard gentoo-dev 2018-04-01 06:47:42 UTC
FWIW, I no longer run a hardened system (rebuilt the system due to the whole grsecurity fiasco), so this no longer affects me.