Currently, glibc fails to compile as follows: a - elf/unwind-pe.os : /var/tmp/portage/glibc-2.3.5/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a i686-pc-linux-gnu-gcc -nostdlib -nostartfiles -r -o /var/tmp/portage/glibc-2.3.5/work/build-default-i686-pc-linux-gnu-nptl/elf/librtld.map.o '-Wl,-(' /var/tmp/portage/glibc-2.3.5/work/build-default-i686-pc-linux-gnu-nptl/elf/dl-allobjs.os /var/tmp/portage/glibc-2.3.5/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a -lgcc '-Wl,-)' -Wl,-Map,/var/tmp/portage/glibc-2.3.5/work/build-default-i686-pc-linux-gnu-nptl/elf/librtld.mapT /var/tmp/portage/glibc-2.3.5/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a(_itoa.os): In function `_itoa': _itoa.c:(.text+0x120): multiple definition of `_itoa' /var/tmp/portage/glibc-2.3.5/work/build-default-i686-pc-linux-gnu-nptl/elf/dl-allobjs.os:: first defined here /usr/lib/gcc/i686-pc-linux-gnu/3.4.4/../../../../i686-pc-linux-gnu/bin/ld: Warning: size of symbol `_itoa' changed from 182 in /var/tmp/portage/glibc-2.3.5/work/build-default-i686-pc-linux-gnu-nptl/elf/dl-allobjs.os to 528 in /var/tmp/portage/glibc-2.3.5/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a(_itoa.os) /var/tmp/portage/glibc-2.3.5/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a(dl-close.os): In function `_dl_sort_fini': dl-close.c:(.text+0x158): multiple definition of `_dl_sort_fini' /var/tmp/portage/glibc-2.3.5/work/build-default-i686-pc-linux-gnu-nptl/elf/dl-allobjs.os:: first defined here /var/tmp/portage/glibc-2.3.5/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a(init-first.os):(.data+0x0): multiple definition of `__libc_multiple_libcs' /var/tmp/portage/glibc-2.3.5/work/build-default-i686-pc-linux-gnu-nptl/elf/dl-allobjs.os:(.bss+0x68): first defined here collect2: ld returned 1 exit status make[2]: *** [/var/tmp/portage/glibc-2.3.5/work/build-default-i686-pc-linux-gnu-nptl/elf/librtld.map] Error 1 make[2]: Leaving directory `/var/tmp/portage/glibc-2.3.5/work/glibc-2.3.5/elf' make[1]: *** [elf/subdir_lib] Error 2 make[1]: Leaving directory `/var/tmp/portage/glibc-2.3.5/work/glibc-2.3.5' make: *** [all] Error 2 !!! ERROR: sys-libs/glibc-2.3.5 failed. !!! Function toolchain-glibc_src_compile, Line 244, Exitcode 2 !!! (no error message) !!! If you need support, post the topmost build error, NOT this status message. However, using an older version of the glibc-2.3.5 ebuild (which I'll attach) it compiles successfully. To give you a rough idea, it compiled fine on the 25th, but doesn't compile with the version in the tree on the 28th (still compiles using the older ebuild though). emerge info: Portage 2.0.51.22-r1 (default-linux/x86/2005.0, gcc-3.4.4, glibc-2.3.5-r0, 2.6.11-gentoo-r6 i686) ================================================================= System uname: 2.6.11-gentoo-r6 i686 Mobile Intel(R) Pentium(R) 4 - M CPU 1.80GHz Gentoo Base System version 1.6.12 dev-lang/python: 2.3.5, 2.4.1 sys-apps/sandbox: 1.2.8 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.16 sys-devel/libtool: 1.5.18 virtual/os-headers: 2.6.11 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium4 -pipe -fstack-protector" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/texmf/web2c /etc/env.d" CXXFLAGS="-O2 -march=pentium4 -pipe -fstack-protector" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X aalib alsa apache2 apm atm avi bash-completion berkdb bitmap-fonts cdparanoia cdr cjk crypt curl dbus dhcp directfb divx4linux doc dvd emboss encode fam fbcon foomaticdb gd gdbm gif gpg gpm gtk2 guile imagemagick imap imlib jpeg ldap libg++ libwww live lzo mad maildir mailwrapper mbox mikmod mjpeg mmx mmx2 mng mono mp3 mpeg ncurses network nls nptl offensive ogg oggvorbis pcre pdflib perl plotutils png python quicktime readline real ruby sdl slang spell sse sse2 ssl svga tcltk tcpd theora tiff truetype truetype-fonts type1-fonts unicode usb utf8 v4l v4l2 vcd vidix vorbis win32codecs x86 xine xml2 xv xvid zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS and possibly more helpful, from emerge -p glibc: [ebuild R ] sys-libs/glibc-2.3.5 -build -debug -erandom -hardened (-multilib) +nls -nomalloccheck +nptl +nptlonly -pic +userlocales
Created attachment 60042 [details] Old version of the ebuild
take the new ebuild and change PATCH_VER from 1.2 to 1.1 and see if it works
If I do that I get the same error (and if I make the opposite change in the old ebuild, it fails to compile with a different error, do you want that error?)
Same error for me on two different systems except it occurs in the build-default-i686-pc-linux-gnu-linuxthreads directory instead of the nptl directory. Portage 2.0.51.22-r1 (default-linux/x86/2005.0, gcc-3.4.3-20050110, glibc-2.3.5-r0, 2.6.11-gentoo-r9-1 i686) ================================================================= System uname: 2.6.11-gentoo-r9-1 i686 AMD Athlon(tm) XP 1800+ Gentoo Base System version 1.6.12 dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.8 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.16-r1 sys-devel/libtool: 1.5.18 virtual/os-headers: 2.6.11-r1 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon-xp -O2 -fomit-frame-pointer -fstack-protector -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -O2 -fomit-frame-pointer -fstack-protector -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig collision-protect distlocks sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo http://gentoo.mirrors.pair.com/ http://open-systems.ufl.edu/mirrors/gentoo http://gentoo.osuosl.org/" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="x86 3dnow 3dnowex 3dnowext X X509 aac aavm alsa apache2 arts artworkextra audiofile avi berkdb bitmap-fonts bonobo bzip2 canna cap caps cdparanoia cdr chroot cjk crypt cscope cups curl dga divx4linux dv dvd dvdr dvdread eds emboss encode esd ethereal evo fam fbcon ffmpeg flac flash font-server foomaticdb fortran freewnn gd gdbm gif gimpprint gnome gphoto2 gpm graphviz gstreamer gtk gtk2 gtkhtml hal imagemagick imap imlib immqt-bc innodb j-noaim j-nomsn j-nomuconf j-noyahoo java javascript jbig jce jpeg jpeg2k kde lcms ldap libg++ libgda libwww live lzo lzw-tiff mad maildir mailwrapper matroska mcal mdb memlimit mmx mmx2 mmxext mng mono motif mozdevelop mozilla moznocompose moznoirc mp3 mpeg mpi mysql ncurses network nocd nodrm nptl nvidia odbc ogg oggvorbis openal opengl oss pam pcre pdflib perl pic pie plotutils png pnp ppds python qt quicktime readline real rtc samba scanner sdl sftplogging slang slp smartcard sndfile socks5 speex spell sqlite sse ssl svg tcpd tga theora tiff truetype truetype-fonts type1-fonts unicode usb videos vim-with-x vorbis win32codecs wmf xine xml xml2 xmms xprint xscreensaver xv xvid xvmc zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS
Exactly same error here on a hardened system as reported by David. A thread on the forums suggested that -fstack-protector is the culprit http://forums.gentoo.org/viewtopic-t-342938-highlight-glibc.html Portage 2.0.51.19 (hardened/x86/2.6, gcc-3.4.3-20050110, glibc-2.3.5-r0, 2.6.11-fireball-19 i686) ================================================================= System uname: 2.6.11-fireball-19 i686 Intel(R) Pentium(R) 4 Mobile CPU 1.80GHz Gentoo Base System version 1.6.12 Python: dev-lang/python-2.2.3-r5,dev-lang/python-2.3.5 [2.3.5 (#1, Apr 27 2005, 21:48:47)] dev-lang/python: 2.2.3-r5, 2.3.5 sys-apps/sandbox: [Not Present] sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.5 sys-devel/binutils: 2.16-r1 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.6.11-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=pentium4m -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-O2 -march=pentium4m -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.chem.wisc.edu/gentoo/" LDFLAGS="-Wl,-O1 -Wl,-z,now -Wl,-z,relro" MAKEOPTS="-j2" PKGDIR="/usr/portage//packages/x86/" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X aalib alsa apm avi berkdb bitmap-fonts blas cdparanoia cdr crypt cups curl directfb dlloader dvd dvdread erandom esd fam fftw firebird flac fortran gd gdbm ggi gif gimpprint gphoto2 gpm gtk gtk2 guile hardened imagemagick imap imlib ithreads jbig jpeg kdeenablefinal ldap libwww mikmod mmx mmx2 mng motif moznomail mp3 mpeg nas ncurses netcdf nls nntp nodroproot nptl nptlonly offensive ogg oggvorbis opengl oss pam pcmcia pdflib perl pic png pnp python qt quicktime readline ruby sdl slang sndfile spell sse sse2 ssl stroke svg svga tcltk tcpd tetex tga threads tiff truetype truetype-fonts trusted type1-fonts unicode userlocales vorbis win32codecs x86 xgetdefault xine xml xml2 xmms xprint xrandr xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LINGUAS
can you guys sync up and see if it works now ? make sure the PATCH_VER in the ebuild is now 1.3 ... i updated the patchset and the ssp patches ... tested USE="nptl nptlonly" and USE="nptl -nptlonly" on my x86 pentium4 and both worked ...
Rev 1.22 didn't work here. [ebuild R ] sys-libs/glibc-2.3.5 -build -debug -erandom -hardened (-multilib) -nls -nomalloccheck +nptl +nptlonly -pic +userlocales 0 kB CFLAGS="-O2 -march=athlon-xp -fomit-frame-pointer -fstack-protector"
v1.22 is still broken for me as well :( [ebuild R ] sys-libs/glibc-2.3.5 -build -debug +erandom +hardened -multilib +nls -nomalloccheck +nptl +nptlonly +pic +userlocales CFLAGS="-O2 -march=pentium4m -pipe -fomit-frame-pointer" @SpanKY: Does it work for you with -fstack-protector on?
Still failing here with patch ver 1.3 emerge --info Portage 2.0.51.22-r1 (default-linux/x86/2005.0, gcc-3.4.4, glibc-2.3.5-r0, 2.6.11-gentoo-r9 i686) ================================================================= System uname: 2.6.11-gentoo-r9 i686 Intel(R) Pentium(R) 4 CPU 3.20GHz Gentoo Base System version 1.6.12 dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.8 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.16-r1 sys-devel/libtool: 1.5.18 virtual/os-headers: 2.6.11-r1 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=nocona -pipe -fstack-protector -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/texmf/web2c /etc/env.d" CXXFLAGS="-O2 -march=nocona -pipe -fstack-protector -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.ITDNet.net/gentoo http://gentoo.math.bme.hu http://gentoo.osuosl.org/ ftp://gentoo.itdnet.net/gentoo/ ftp://mirrors1.netvisao.pt/gentoo/" LANG="en_GB.UTF-8" LC_ALL="en_GB.UTF-8" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.uk.gentoo.org/gentoo-portage" USE="x86 X a52 aalib acl acpi aim alsa apache2 apm arts audiofile avi bash-completion berkdb bitmap-fonts bonobo bzip2 bzlib caps cdparanoia cdr cjk crypt cups curl doc dvd dvdr eds emacs emboss encode esd ethereal examples exif expat fam fbcon ffmpeg flac foomaticdb fortran gcj gd gdbm gif glut gmp gnome gnutls gphoto2 gpm gstreamer gtk gtk2 gtkhtml guile iconv icq ieee1394 imagemagick imlib ipv6 jabber jack java javascript jpeg junit kde lcms leim libg++ libwww lm_sensors lython mad mbox mikmod milter mime mmap mmx mng motif mozilla mp3 mpeg mpi msn ncurses nls nptl offensive ogg oggvorbis opengl oscar oss pam pcntl pcre pdflib perl png postgres python qt quicktime readline recode sdl sharedmem sndfile snmp sockets sox speex spell sse ssl svg sysvipc tcltk tcpd tetex theora threads tiff truetype truetype-fonts type1-fonts unicode usb v4l vorbis win32codecs wmf xface xine xml xml2 xmms xv xvid yahoo zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LDFLAGS, LINGUAS
yup, here too. :-/
I'm also suffering the same error now, which I encountered after attempting to compile gcc-3.4.4, which fails during the bootstrap-lean saying something about lots of .o files differ. I decided to try re-compiling glibc (it's already compiled previously my machine, on Sat April 23rd) in case that had to be done first, and that's when I encountered this error. I'm on an AMD_64, but compiling stuff on it as though it were an athlon-xp. I've got ntpl (and ntplonly) and hardened, pic and pie. This is also with the patchver =1.3. I'm happy to test any changes/patch sets/whatever to try and figure out what the problem is... 5:) Portage 2.0.51.22-r1 (default-linux/x86/2005.0, gcc-3.4.3-20050110, glibc-2.3.5-r0, 2.6.12-rc5 i686) ================================================================= System uname: 2.6.12-rc5 i686 AMD Athlon(tm) 64 Processor 3400+ Gentoo Base System version 1.6.12 ccache version 2.4 [enabled] dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.8 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.16-r1 sys-devel/libtool: 1.5.18 virtual/os-headers: 2.6.11-r1 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon-xp -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-xp -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/overlays/personal" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 3dnow X aalib acl acpi adns alsa avi bash-completion berkdb bitmap-fonts cairo ccache cdr cjk client crypt cups djvu dlloader dvd dvdr dvi eds emboss encode fam flac foomaticdb fortran gd gdbm gif glitz gnome gnutls gstreamer gtk gtk2 gtkhtml hal hardened imagemagick imap imlib java jpeg junit libg++ libwww mad mikmod mime mmx mmxext motif mozilla mozsvg mp3 mpeg ncurses nls nptl nptlonly nvidia ogg oggvorbis opengl pam pdflib perl pic pie png postgres python quicktime readline real sdl server snmp spell sse sse2 ssl svg svga t1lib tcpd theora tiff truetype truetype-fonts type1-fonts unicode vorbis win32codecs xine xml2 xrandr xv xvid zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
ok, this is due to the new ssp.c that was integrated with 2.3.5 if you want a better workaround, edit src_unpack() and change this: cp "${FILESDIR}"/2.3.5/ssp.c to this: cp "${FILESDIR}"/2.3.3/ssp.c and Markus is right, this is only an issue when you have -fstack-protector in your CFLAGS
hmmm, I have this problem on my server, where I have USE=hardend. But I really don't use -fstack-protector.
In case you wanted confirmation, using the older ssp.c works (sorry if I've not been very responsive in this bug - I haven't been receiving all of the mail from bugzilla that I should have been. Others seem to have had it covered though)
a hardened toolchain implies stack protector even if it isnt in your CFLAGS
added a workaround to 2.3.5 until this can be fixed properly
Can this bug be closed?
Was a real fix ever made, or is this still using a work around? Anyone know?
since i'm prob the last one to touch it, a work around
If it's still a work around then I would leave this bug open until it gets an actual fix. Does anyone know if upstream have done any work on it, or if there's been any other progress made elsewhere? Thanks...
Is there a fix for this bug? Because it shows up with 2.4 again: a - elf/unwind-pe.os : /Gentoo/Portage/build/portage/glibc-2.4/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a i686-pc-linux-gnu-gcc -Wl,-O1 -nostdlib -nostartfiles -r -o /Gentoo/Portage/build/portage/glibc-2.4/work/build-default-i686-pc-linux-gnu-nptl/elf/librtld.map.o '-Wl,-(' /Gentoo/Portage/build/portage/glibc-2.4/work/build-default-i686-pc-linux-gnu-nptl/elf/dl-allobjs.os /Gentoo/Portage/build/portage/glibc-2.4/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a -lgcc '-Wl,-)' -Wl,-Map,/Gentoo/Portage/build/portage/glibc-2.4/work/build-default-i686-pc-linux-gnu-nptl/elf/librtld.mapT /Gentoo/Portage/build/portage/glibc-2.4/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a(init-first.os)(.data+0x0): multiple definition of `__libc_multiple_libcs' /Gentoo/Portage/build/portage/glibc-2.4/work/build-default-i686-pc-linux-gnu-nptl/elf/dl-allobjs.os(.bss+0x80): first defined here /Gentoo/Portage/build/portage/glibc-2.4/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a(_itoa.os)(.text+0xe0): In function `_itoa': : multiple definition of `_itoa' /Gentoo/Portage/build/portage/glibc-2.4/work/build-default-i686-pc-linux-gnu-nptl/elf/dl-allobjs.os(.text+0x14d10): first defined here /usr/lib/gcc/i686-pc-linux-gnu/3.4.5/../../../../i686-pc-linux-gnu/bin/ld: Warning: size of symbol `_itoa' changed from 232 in /Gentoo/Portage/build/portage/glibc-2.4/work/build-default-i686-pc-linux-gnu-nptl/elf/dl-allobjs.os to 553 in /Gentoo/Portage/build/portage/glibc-2.4/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a(_itoa.os) collect2: ld returned 1 exit status make[2]: *** [/Gentoo/Portage/build/portage/glibc-2.4/work/build-default-i686-pc-linux-gnu-nptl/elf/librtld.map] Error 1 make[2]: Leaving directory `/Gentoo/Portage/build/portage/glibc-2.4/work/glibc-2.4/elf' make[1]: *** [elf/subdir_lib] Error 2 make[1]: Leaving directory `/Gentoo/Portage/build/portage/glibc-2.4/work/glibc-2.4' make: *** [all] Error 2 !!! ERROR: sys-libs/glibc-2.4 failed. hetzner shm # emerge -vpt glibc These are the packages that would be merged, in reverse order: Calculating dependencies... done! [ebuild U ] sys-libs/glibc-2.4 [2.3.6-r3] USE="glibc-omitfp hardened nls nptl* nptlonly* pic userlocales* -build -multilib -profile" 0 kB hetzner shm # emerge --info Portage 2.1_pre5-r4 (hardened/x86/2.6, gcc-3.4.5, glibc-2.3.6-r3, 2.6.14-hardened-r5.01 i686) ================================================================= System uname: 2.6.14-hardened-r5.01 i686 AMD Athlon(tm) XP 2000+ Gentoo Base System version 1.12.0_pre16 ccache version 2.4 [enabled] dev-lang/python: 2.3.5-r2, 2.4.2-r1 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.15.92.0.2-r10, 2.16.1-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r3 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon-xp -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /etc/mail/dspam /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control /var/run/dspam" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -O2 -pipe -fomit-frame-pointer" DISTDIR="/Gentoo/Portage/distfiles" FEATURES="autoconfig buildpkg ccache distlocks sandbox sfperms strict" GENTOO_MIRRORS=" http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ ftp://gentoo.itdnet.net/gentoo/ http://ftp.gentoo.or.kr/ http://distfiles.gentoo.org/ " LDFLAGS="-Wl,-O1" LINGUAS="de" MAKEOPTS="-j2" PKGDIR="/Gentoo/Portage/packages" PORTAGE_TMPDIR="/Gentoo/Portage/build" PORTDIR="/Gentoo/Portage/tree" PORTDIR_OVERLAY="/Gentoo/Portage/local-tree/misc /Gentoo/Portage/local-tree/overlays/gentoo-de" SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" USE="3dnow 3dnowext 7zip acl apache2 async bash-completion berkdb bzip2 cap caps ccache checkpath chroot cracklib crypt cyrus dcc discard-path dlloader ecc erandom exif extensions firefox glep glibc-omitfp hardened hardenedphp hpn iconv idea idled idn imagemagick imap imlib imlib2 jikes jpeg kdeenablefinal linuxthreads-tls logrotate lynxkeymap maildir mime mmap mmx mmxext mode-owner moznoirc mozsvg multislot nls no-old-linux noaudio nocd nodrm nolvm1 nopop3d offensive pam pam-mysql pcre pdf php pic posix postfix prelude pyzor razor readline recode reiserfs sasl sendfile server sftplogging sharedmem sse ssl static sysvipc szip tcpd threads tiff tokenizer tools unicode userlocales utf8 vhosts vim-pager x86 xfs xinetd zlib elibc_glibc kernel_linux linguas_de userland_GNU" Unset: ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LANG, LC_ALL
*** Bug 125836 has been marked as a duplicate of this bug. ***
may have to add CFLAGS-libc-start.c += -fno-stack-protector to csu/Makefile ... not sure if that's the only one though ...
(In reply to comment #23) > may have to add CFLAGS-libc-start.c += -fno-stack-protector to csu/Makefile ... > not sure if that's the only one though ... > This does not solve the problem for me : # emerge --info Portage 2.1_pre6 (hardened/x86/2.6, gcc-3.4.5, glibc-2.3.6-r3, 2.6.14.6-xwing-r5 i686) ================================================================= System uname: 2.6.14.6-xwing-r5 i686 Intel(R) Celeron(R) CPU 2.53GHz Gentoo Base System version 1.6.14 dev-lang/python: 2.4.2-r1 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r3 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium4 -O2 -mtune=pentium4 -fomit-frame-pointer -funroll-loops -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium4 -O2 -mtune=pentium4 -fomit-frame-pointer -funroll-loops -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig buildsyspkg ccache distlocks fixpackages metadata-transfer sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="http://r2d2.v6.xwing.info/ ftp://ftp.ipv6.uni-muenster.de/pub/linux/distributions/gentoo/ http://vlaai.snt.ipv6.utwente.nl/pub/os/linux/gentoo/ http://trumpetti.atm.tut.fi/gentoo/ http://ftp.heanet.ie/pub/gentoo/ http://mirror.switch.ch/ftp/mirror/gentoo/ http://ftp.gentoo.skynet.be/pub/gentoo/" LANG="fr_FR.UTF-8" LC_ALL="fr_FR.UTF-8" LINGUAS="fr" MAKEOPTS="-j2" PKGDIR="/usr/portage//packages/x86/" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" PORTDIR_OVERLAY="/usr/local/gcpan-portage /usr/local/portage" SYNC="rsync://r2d2.v6.xwing.info/gentoo-portage" USE="x86 4kstacks X509 acl acpi acpi4linux apache2 async bash-completion berkdb bzip2 clamav crypt dba dbx devmap dga dlloader enscript expat extensions fbcon freetype fs gd gdbm gif gmp hardened idled idn imagemagick imap imlib2 iproute2 ipv6 ithreads jpeg ldap maildir md5sum mhash mmx ncurses nls nptl nptlonly pam pcre perl php pic png python readline rrdtool sasl slang spf sse sse2 ssl sysfs syslog tcpd threads tiff truetype truetype-fonts type1 type1-fonts udev unicode usb userlocales xml2 zlib elibc_glibc kernel_linux linguas_fr userland_GNU" Unset: ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LDFLAGS
*** Bug 125965 has been marked as a duplicate of this bug. ***
Does not really seem like a 'hardened' bug as we do not support -fstack-protector in CFLAGS directly for reasons like this among others.
I trip this if I build with the gcc-3.4.5 with ssp default (i.e. builds fine with hardenednossp & vanilla but fails with hardened & hardenednopie).
(In reply to comment #26) > Does not really seem like a 'hardened' bug as we do not support > -fstack-protector in CFLAGS directly for reasons like this among others. > no -fstack-protector in CFLAGS here, just hardened profile. Portage 2.1_pre5-r4 (hardened/x86/2.6, gcc-3.4.5, glibc-2.3.6-r3, 2.6.14-hardened-r5 i686) ================================================================= System uname: 2.6.14-hardened-r5 i686 Pentium III (Coppermine) Gentoo Base System version 1.12.0_pre16 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [enabled] dev-lang/python: 2.4.2-r1 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r3 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium3 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /etc/mail/dspam /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control /var/run/dspam" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=pentium3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache confcache distlocks noinfo parallel-fetch prelink sandbox sfperms strict userpriv usersandbox verify-rdepend" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LDFLAGS="-Wl,-O1" LINGUAS="en_US vi" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="apache2 berkdb bitmap-fonts crypt dba gd gd-external hardened ipv6 mmx nls nptl pam pic readline samba session spell sse ssl tcpd truetype unicode userlocales utf8 x86 xml2 zlib elibc_glibc kernel_linux linguas_en_US linguas_vi userland_GNU" Unset: ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LANG, LC_ALL, MAKEOPTS # gcc-config -l [1] i686-pc-linux-gnu-3.4.5 * [2] i686-pc-linux-gnu-3.4.5-hardenednopie [3] i686-pc-linux-gnu-3.4.5-hardenednopiessp [4] i686-pc-linux-gnu-3.4.5-hardenednossp [5] i686-pc-linux-gnu-3.4.5-vanilla
I think we'll have to either: 1) build glibc -fno-stack-protector or 2) Rework __stack_chk_fail to use direct syscalls instead of other bits of libc. on the understanding that __stack_chk_fail is pulling in bits of libc all over the place that would not normally be pulled in. Certainly on the builds that fail, the map for librtld.map.o (the link that fails) the map file is much bigger (5487 lines) than that for builds that succeed (1080 lines). I'll try (2) later today to see if it that works.
*** Bug 126328 has been marked as a duplicate of this bug. ***
*** Bug 126356 has been marked as a duplicate of this bug. ***
*** Bug 126426 has been marked as a duplicate of this bug. ***
Incidentally, glibc-2.4-r1 still fails to compile with hardened -- exact same errors as with glibc-2.4 (multiple definition of `_itoa' ...) (at least this is the case on AMD64)
probably because nothing was done to glibc-2.4-r1 to address the issue
*** Bug 126649 has been marked as a duplicate of this bug. ***
*** Bug 126720 has been marked as a duplicate of this bug. ***
same problem also here with glibc-2.4-r1 I upgraded gcc, that seemed to get me further in the ebuild of glibc /usr/lib/gcc/i686-pc-linux-gnu/3.4.5/../../../../i686-pc-linux-gnu/bin/ld: Warning: size of symbol `_itoa' changed from 193 in /var/tmp/portage/glibc-2.4-r1/work/build-default-i686-pc-linux-gnu-nptl/elf/dl-allobjs.os to 505 in /var/tmp/portage/glibc-2.4-r1/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a(_itoa.os) collect2: ld returned 1 exit status make[2]: *** [/var/tmp/portage/glibc-2.4-r1/work/build-default-i686-pc-linux-gnu-nptl/elf/librtld.map] Error 1 make[2]: Leaving directory `/var/tmp/portage/glibc-2.4-r1/work/glibc-2.4/elf' make[1]: *** [elf/subdir_lib] Error 2 make[1]: Leaving directory `/var/tmp/portage/glibc-2.4-r1/work/glibc-2.4' make: *** [all] Error 2 !!! ERROR: sys-libs/glibc-2.4-r1 failed. Call stack: ebuild.sh, line 1557: Called dyn_compile ebuild.sh, line 966: Called src_compile glibc-2.4-r1.ebuild, line 1260: Called toolchain-glibc_src_compile !!! make for default failed !!! If you need support, post the topmost build error, and the call stack if relevant. # emerge --info Portage 2.1_pre6-r3 (default-linux/x86/2005.1, gcc-3.4.5, glibc-2.3.6-r3, 2.6.12-gentoo-r10 i686) ================================================================= System uname: 2.6.12-gentoo-r10 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz Gentoo Base System version 1.12.0_pre16 dev-lang/python: 2.3.5-r2, 2.4.2-r1 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r3 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 alsa apache2 apm arts avi berkdb bitmap-fonts bzip2 caps crypt cups curl curlwrappers dri eds emboss encode exif fam foomaticdb fortran gif gpm gstreamer gtk2 hardened hardenedphp imlib innodb ipv6 java javacomm javadoc javamail jikes jpeg kerberos ldap libg++ libwww mad mikmod milter motif mp3 mpeg mssql mysql ncurses nls nptl nptlonly ogg oggvorbis opengl oss pdflib perl php png posix postgres python qt quicktime readline samba sapdb sasl sdl snmp spell ssl tcltk tcpd tokenizer truetype truetype-fonts type1-fonts vorbis xerces xml xml2 xmlrpc xmms xv zlib elibc_glibc kernel_linux userland_GNU" Unset: ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
(In reply to comment #37) > same problem also here with glibc-2.4-r1 > > I upgraded gcc, that seemed to get me further in the ebuild of glibc Exactly the same problem here. On a Pentium III mashine. gcc-config -l [...] [6] i686-pc-linux-gnu-3.4.5 * [7] i686-pc-linux-gnu-3.4.5-hardened [8] i686-pc-linux-gnu-3.4.5-hardenednopie [9] i686-pc-linux-gnu-3.4.5-hardenednopiessp [10] i686-pc-linux-gnu-3.4.5-hardenednossp emerge --info Portage 2.1_pre5-r3 (default-linux/x86/2005.1, gcc-3.4.5, glibc-2.3.6-r3, 2.6.15-gentoo-r7 i686) ================================================================= System uname: 2.6.15-gentoo-r7 i686 Pentium III (Coppermine) Gentoo Base System version 1.12.0_pre15 dev-lang/python: 2.3.5, 2.4.2-r1 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r3 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium3 -pipe -fstack-protector" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=pentium3 -pipe -fstack-protector" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig colision-protect distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="DE_de.UTF-8" LC_ALL="DE_de.UTF-8" LINGUAS="de en" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acpi crypt cups dvd ipv6 md5sum mmx ncurses nfs nls nptl nptlonly openssh samba sse ssh ssl unicode usb userlocales x86 xml xml2 elibc_glibc kernel_linux linguas_de linguas_en userland_GNU" Unset: ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LDFLAGS, MAKEOPTS, PORTDIR_OVERLAY
Same problems here: Portage 2.1_pre7-r3 (default-linux/x86/2005.0, gcc-3.4.6-vanilla, glibc-2.3.6-r3, 2.6.16-gentoo-r1 i686) ================================================================= System uname: 2.6.16-gentoo-r1 i686 AMD Athlon(TM) XP 1800+ Gentoo Base System version 1.12.0_pre16 ccache version 2.4 [enabled] dev-lang/python: 2.4.2-r1 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r3 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon-xp -mfpmath=sse -mmmx -msse -m3dnow -ffast-math -funroll-loops -O2 -ftracer -fno-ident -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/3/share/config /usr/share/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -mfpmath=sse -mmmx -msse -m3dnow -ffast-math -funroll-loops -O2 -ftracer -fno-ident -fomit-frame-pointer -pipe -fvisibility-inlines-hidden" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="es_ES.UTF-8" LC_ALL="es_ES.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--enable-new-dtags -Wl,--sort-common -s -Wl,--as-needed" LINGUAS="es-ES es" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 16bit 3dnow 3dnowext 7zip S3TC X a52 aac aalib acpi alsa amr asf bash-completion berkdb bidi bzip2 cairo canvas cdda cddb cdparanoia chroot cjk clock-screen crypt cscope css cups curl daap dbus dlloader dri dts dvd dvdr dvdread ecc edl eds erandom exif faac faad fam fbcon ffmpeg flac font-server fontconfig foomaticdb foreign-sysvinit freetype gdbm gif gimpprint glibc-omitfp glitz gmp gnutls gphoto2 gpm graphviz gs gtk2 hal hardened hpn icecast iconv idn imagemagick imlib imlib2 immqt-bc ipv6 isdnlog ithreads jabber java javascript jbig jce jikes jpeg jpeg2k justify kde kdeenablefinal kipi lcms libcaca libg++ libwww linguas_es live lm_sensors logitech-mouse logrotate lzo lzw-tiff mad matroska md5sum mikmod mmap mmx mmxext mng mod modplug monkey mouse moznocompose moznoirc moznomail mozsvg mp3 mp4 mpeg mpeg4 mpi mplayer msn musepack musicbrainz mysql mysqli mzscheme ncurses network nls no-old-linux no_wxgtk1 nomac nomalloccheck nomotif nptl nptlonly nsplugin ogg oggvorbis openexr opengl pam pccts pdflib perl physfs pic png ppds pppd python qt quicktime rdesktop readline real rtc ruby sasl screen sftplogging shorten slp speex spell srvdir sse ssl stencil-buffer svg symlink tcpd tga theora threads tiff toolbar truetype truetype-fonts udev unicode urandom usb userlocales utf8 vcd vhosts vim-with-x visualization vorbis win32codecs wmf x264 xcomposite xine xml xpm xrandr xscreensaver xv xvid zeroconf zip zlib elibc_glibc input_devices_keyboard input_devices_mouse kernel_linux linguas_es-ES userland_GNU video_cards_fbdev video_cards_vesa video_cards_nvidia" Unset: ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, MAKEOPTS
*** Bug 128488 has been marked as a duplicate of this bug. ***
Me too: Portage 2.1_pre7-r4 (default-linux/x86/2005.1, gcc-3.4.6, glibc-2.4-r1, 2.6.16-hardened i686) ================================================================= System uname: 2.6.16-hardened i686 AMD Athlon(tm) XP 2200+ Gentoo Base System version 1.12.0_pre16 ccache version 2.4 [enabled] dev-lang/python: 2.3.4-r1, 2.4.2-r1 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.16 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon-xp -mfpmath=sse,387 -O2 -s -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/env.d" CXXFLAGS="-march=athlon-xp -mfpmath=sse,387 -O2 -s -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--alphabetical" FEATURES="autoconfig buildpkg ccache distlocks metadata-transfer parallel-fetch prelink sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.prz.edu.pl http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" LANG="pl_PL" LC_ALL="pl_PL" LDFLAGS="-Wl,-O1,--enable-new-dtags,--sort-common,-Bdirect -s" LINGUAS="pl" MAKEOPTS="-j2 -s" PKGDIR="/home/demon/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage-xgl /usr/local/xgl-coffee /usr/local/portage" SYNC="rsync://gentoo.prz.edu.pl/gentoo-portage" USE="3dnow 3dnowext X Xaw3d adsl alsa apache2 apic apm arts atm avi berkdb bitmap-fonts cairo cdparanoia cdrom cmov crypt cups curl cx8 de divx4linux dri dv dvd dvdr dvdread dvi eds elibc_glibc emboss encode esd extramodules fam foomaticdb fortran fpu fxsr gdbm gg gif glitz gnome gpm gstreamer gtk gtk2 hal halimlib hardened hddtemp imlib ipv6 irssi isdnlog java jpeg kde kernel_linux libg++ libwww linguas_pl lirc mad mca mce mikmod mmx mmx2 mmxext motif mozilla mp3 mpeg mpeg2 mplayer msr mtrr mysql ncurses network nls nptl nptlonly nvidia ogg oggvorbis opengl opera oss pae pam pat pdf pdflib perl pge pic png ppdsdvdr pppd pse pse36 python qt quicktime readline sdl sep serial server spell sse ssl syscall tcpd tiff transcode truetype truetype-fonts tsc type1-fonts usb userland_GNU vme voice vorbis win32codecs wmf wxGTK x86 xml xml2 xmms xv zlib input_devices_keyboard input_devices_mouse video_cards_nvidia video_cards_vesa video_cards_fbdev video_cards_nv video_cards_vga" Unset: ASFLAGS, CTARGET, INSTALL_MASK Salute
*** Bug 129181 has been marked as a duplicate of this bug. ***
*** Bug 129239 has been marked as a duplicate of this bug. ***
*** Bug 129256 has been marked as a duplicate of this bug. ***
Hi, hm.. I can't update my system until the new glibc is compiled :(. Please fix it :(.
if you dont have anything constructive to post, then dont both bother
Is somebody working on a fix? If not, I'll start working on one myself... I've masked glibc 2.4 so far on the two servers I work on, but I actually don't want to do this forever, because glibc 2.4 has some advantages concerning NPTL (which makes thread creation even faster than with NPTL+glibc 2.3).
Generally if you are hitting this bug it's because you are doing something that is not recommended. IE using hardened without the hardened profile which has this glibc version p.masked for now. Or you have hard coded -fstack-protector in CFLAGS [eww bad].. If you want to help fix it. See comment #29 section 2
glibc 2.4 (and gcc 4.*, BTW) are not masked on hardened selinux profiles, so it really is possible to run into this.
*** Bug 130454 has been marked as a duplicate of this bug. ***
*** Bug 132796 has been marked as a duplicate of this bug. ***
*** Bug 133941 has been marked as a duplicate of this bug. ***
*** Bug 134093 has been marked as a duplicate of this bug. ***
Hi, I'm hitting this issue on my Hardened Gentoo + VServer box. I hit it in my guests. I guess the system is unusual because I have the host on the hardened profile (hardened/amd64/multilib, gcc-3.4.4, glibc-2.3.6-r3, 2.6.14-vs2.0.1-gr2.1.7-gentoo-r5 x86_64), but the guests use default-linux. My guest emerge --info: gentoo-base glibc-2.4 # emerge --info Portage 2.1.1_pre1-r2 (default-linux/amd64/2005.1/vserver, gcc-3.4.5, glibc-2.3.5-r3, 2.6.14-vs2.0.1-gr2.1.7-gentoo-r5 x86_64) ================================================================= System uname: 2.6.14-vs2.0.1-gr2.1.7-gentoo-r5 x86_64 Intel(R) Pentium(R) D CPU 2.80GHz Gentoo Base System version 1.12.0_pre16 dev-lang/python: 2.3.5-r2, 2.4.2-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1-r2 sys-devel/gcc-config: 1.3.13-r1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r3 ACCEPT_KEYWORDS="amd64 ~amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -pipe -O2" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo" CXXFLAGS="-march=nocona -pipe -O2" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer nostrip sandbox sfperms strict" GENTOO_MIRRORS="ftp://ftp.up.ac.za/mirrors/gentoo.org/gentoo ftp://ftp.is.co.za/linux/distributions/gentoo http://gentoo.oregonstate.edu" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="amd64 apache2 avi bash-completion berkdb bitmap-fonts cli crypt dri eds emboss encode foomaticdb fortran gif gnome gpm gstreamer gtk2 hardened imlib ipv6 isdnlog jpeg kde lzw lzw-tiff mp3 mpeg mysql ncurses nls nptl nptlonly pam pcre pdflib perl php pic png pppd quicktime readline reflection ruby sdl session spell spl ssl tcpd threads tiff truetype-fonts type1-fonts usb vserver xorg xpm zlib elibc_glibc kernel_linux userland_GNU" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY My host "emerge --info" hildegard ~ # emerge --info Portage 2.1 (hardened/amd64/multilib, gcc-3.4.4, glibc-2.3.6-r3, 2.6.14-vs2.0.1-gr2.1.7-gentoo-r5 x86_64) ================================================================= System uname: 2.6.14-vs2.0.1-gr2.1.7-gentoo-r5 x86_64 Intel(R) Pentium(R) D CPU 2.80GHz Gentoo Base System version 1.6.14 dev-lang/python: 2.4.2 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/gcc-config: 1.3.12-r6 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo" CXXFLAGS="-O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="amd64 apache2 bash-completion berkdb crypt dlloader doc emacs hardened ipv6 justify lm_sensors logrotate nls nptl ogg pam pic readline sensord ssl tcpd userlocales xorg zlib elibc_glibc kernel_linux userland_GNU" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
*** Bug 144648 has been marked as a duplicate of this bug. ***
Hmm, I hear 2006.1 has just been released and it is built with glibc 2.4. I guess that means that in order to have a hardened toolchain, we have to use 2006.0.
*** Bug 145696 has been marked as a duplicate of this bug. ***
*** Bug 145977 has been marked as a duplicate of this bug. ***
Well, I don't trust gcc-4 (I don't want to recompile everything on my systems), and glibc 2.4 still fails on hardened. Since I run both hardened and un-hardened, I will not upgrade glibc until the build also works on hardened. The current build failure on hardened for glibc2.4, for me, is this, FWIW: i686-pc-linux-gnu-gcc -nostdlib -nostartfiles -r -o /var/tmp/portage/glibc-2.4-r3/work/build-default-i686-pc-linux-gnu-nptl/elf/librtld.map.o '-Wl,-(' /var/tmp/portage/glibc-2.4-r3/work/build-default-i686-pc-linux-gnu-nptl/elf/dl-allobjs.os /var/tmp/portage/glibc-2.4-r3/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a -lgcc '-Wl,-)' -Wl,-Map,/var/tmp/portage/glibc-2.4-r3/work/build-default-i686-pc-linux-gnu-nptl/elf/librtld.mapT /var/tmp/portage/glibc-2.4-r3/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a(init-first.os):(.data+0x0): multiple definition of `__libc_multiple_libcs' /var/tmp/portage/glibc-2.4-r3/work/build-default-i686-pc-linux-gnu-nptl/elf/dl-allobjs.os:(.bss+0x80): first defined here /var/tmp/portage/glibc-2.4-r3/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a(_itoa.os): In function `_itoa': _itoa.c:(.text+0x120): multiple definition of `_itoa' /var/tmp/portage/glibc-2.4-r3/work/build-default-i686-pc-linux-gnu-nptl/elf/dl-allobjs.os:: first defined here /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/../../../../i686-pc-linux-gnu/bin/ld: Warning: size of symbol `_itoa' changed from 181 in /var/tmp/portage/glibc-2.4-r3/work/build-default-i686-pc-linux-gnu-nptl/elf/dl-allobjs.os to 491 in /var/tmp/portage/glibc-2.4-r3/work/build-default-i686-pc-linux-gnu-nptl/libc_pic.a(_itoa.os) collect2: ld returned 1 exit status make[2]: *** [/var/tmp/portage/glibc-2.4-r3/work/build-default-i686-pc-linux-gnu-nptl/elf/librtld.map] Error 1 make[2]: Leaving directory `/var/tmp/portage/glibc-2.4-r3/work/glibc-2.4/elf' make[1]: *** [elf/subdir_lib] Error 2 make[1]: Leaving directory `/var/tmp/portage/glibc-2.4-r3/work/glibc-2.4' make: *** [all] Error 2
(In reply to comment #56) > Hmm, I hear 2006.1 has just been released and it is built with glibc 2.4. > > I guess that means that in order to have a hardened toolchain, we have to use > 2006.0. No, if you want to use the hardened toolchain you should be using a hardened profile - in which gcc-4 and glibc-2.4 are masked as they're not yet supported. We do not support use of the hardened toolchain outside of the hardened profiles.
(I do not have unusual CFLAGS, just O2, i686, and omit-frame-pointer. I do like the idea of a hardened kernel.) I read the set of posts, and am not understanding what the recommended fix is. Should I hand-mask glibc? Should I change the CFLAGS (to what)?
OK, so like the others on this thread, I have run into this issue. I was sure that I was running a hardend server, because I know I set my server up that way. But I go to look at my profile and sure enough, it shows I am not. lrwxrwxrwx 1 root root 48 Apr 28 21:34 /etc/make.profile -> ../usr/portage/profiles/default-linux/x86/2006.0 Since I did not change it, I have know idea why it is using this profile. I running a hardened kernel, so I can not be smoking anything good. # equery list | grep kernel sys-kernel/genkernel-3.3.11d sys-kernel/hardened-sources-2.6.14-r7 sys-kernel/hardened-sources-2.6.14-r8 sys-kernel/linux-headers-2.6.11-r5 # gcc-config -l [1] i686-pc-linux-gnu-3.4.6 * [2] i686-pc-linux-gnu-3.4.6-hardenednopie [3] i686-pc-linux-gnu-3.4.6-hardenednopiessp [4] i686-pc-linux-gnu-3.4.6-hardenednossp [5] i686-pc-linux-gnu-3.4.6-vanilla [6] i686-pc-linux-gnu-4.1.1 So, I'm switching back to the hardened profile and rebuilding the system since I do not know what happened. If others are in the same boat, here is the the URL to do this: http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#hardenedprofile Would an 'emerge --sync' have updated this? I was using the unstable version for a while to fix a looping issue while doing an update world. Will let you know how it turns out....
(In reply to comment #62) After changeing the profile back to the hardened profile (I still do not know why my link changed, but that is a seperate issue), I was able to do an 'emerge -e system' with no problem and the system is up to date. # equery list | grep glibc sys-libs/glibc-2.3.6-r4 # emerge --pretend --update --deep --newuse system These are the packages that would be merged, in order: Calculating system dependencies... done!
*** Bug 146773 has been marked as a duplicate of this bug. ***
*** Bug 148008 has been marked as a duplicate of this bug. ***
*** Bug 148372 has been marked as a duplicate of this bug. ***
As far as my research goes, the glibc-2.4 problem is a different compile problem. Glibc-2.4 does not contain a ssp.c which posed to be the problem when compiling recent glibc-2.3.x versions. At the moment i am investigating the glibc-2.4 compile failures and i tend to believe that the compiler does not suppress SSP code generation in glibc any more - like it did before since the creation of hardened gcc. It is debatable if a glibc with SSP object code compiled is wanted or not. A fact is: it is technically not possible at this moment. Thus i would vote for having the specs files of hardened gcc modified and updated to the new glibc compile logic to prevent build failures like that for glibc-2.4 with hardened gcc. Thank you, Alex
Calculating dependencies... done! [ebuild N ] virtual/libiconv-0 0 kB [ebuild U ] sys-devel/gcc-3.4.6-r2 [3.4.4-r1] USE="hardened nls (-altivec) -bootstrap -boundschecking -build -doc% -fortran -gcj -gtk -ip28 -ip32r10k% (-multilib) -multislot (-n32) (-n64) -nocxx -nopie -nossp -objc -test% -vanilla" 0 kB [ebuild R ] sys-libs/glibc-2.4-r3 USE="hardened nls nptl nptlonly -build -glibc-omitfp (-multilib) -profile (-selinux)" 0 kB managed to compile glibc with a hardened compiler. specs file was hand modded: # gcc -dumpspecs | grep -A1 "\*cc1\:" *cc1: %(cc1_cpu) %{profile:-p} %{!D__KERNEL__: %{!static: %{!fno-PIC: %{!fno-pic: %{!shared: %{!nostdlib: %{!nostartfiles: %{!fno-PIE: %{!fno-pie: %{!nopie: %{!fPIC:%{!fpic:-fPIE}}} } } } } } } } } %{!nostdlib: %{!fno-stack-protector: -fstack-protector %{!D_LIBC: %{!D_LIBC_REENTRANT: %{!fno-stack-protector-all:-fstack-protector-all}} } } } } basically, nostdlib was interchanged with -fstack-protector. The old situation: glibc was using -fstack-protector sometimes The new situation: glibc is not using -fstack-protector sometimes any more Now i go pondering whether this is a good idea or not (security wise). Nonetheless it's a working technical approach and we did it when introducing hardened and SSP to the Gentoo distribution. Alex
I have glibc-2.4 building fine with SSP switched on in my dev overlay - http://overlays.gentoo.org/dev/kevquinn Basically it means replacing the upstream ssp.c (which is debug code rather than security code) with something more suitable. The new stack_chk_fail is carefully constructed to make no function calls (so it makes no call to stack_chk_fail itself), by syscall'ing directly to the kernel, inline. The only thing it doesn't do at the moment is configure the signal masks, which I'm not sure are necessary (depends whether the syslogging in particular can cause signals to be raised).
can you post the patch please
Created attachment 98022 [details, diff] Patch for stack_chk_fail.c to build with -fstack-protector-all This is a first attempt - it builds for me on x86 and amd64. It does cause warnings about static definitions overriding previous definitions (for the inline syscall macro expansions), which is deliberate.
# find . -name "*ssp\.c*" | wc -l 0 There is zero occurrences of the file ssp.c in the glibc-2.4 sources. Why are you talking about a file ssp.c in glibc-2.4 sources when there is no such file. Alex
I have never mentioned the file "ssp.c" with respect to glibc-2.3.x. You'll find the standard handler in debug/stack_chk_fail.c, which is a simple message reporting handler. SSP support was rewritten by RedHat in glibc 2.4; the biggest most useful change is that the guard is in TLS (so you get per-thread guards). In the process of implementing SSP in gcc-4, the handler was renamed to stack_chk_fail, instead of stack_smash_handler. We alias stack_smash_handler to the new name (see dependent bug #106222), but the new name also allows libc to provide different handlers for the different compiler versions. The other significant change for gcc-4 is that the stack_chk_fail function has no parameters, which means that the amount of change to the stack caused by the call to the handler is minimised. It does mean the handler cannot report file name and line number of the function whose stack was smashed, however that sort of thing can best be discovered by looking at the core dump anyway. The most obvious problem with building glibc-2.4 with -fstack-protector(-all), which causes the build to fail nastily, is that it causes ld.so to pull in large amounts of libc into its link closure to resolve calls to the stack_chk_fail function that are injected by the compiler - obviously this makes a bit of a mess. The other problem, which was always the case, is that the stack_chk_fail handler cannot be allowed to call itself. This was dealt with in 2.3 by ensuring that ssp.c was built with -fno-stack-protector. I've dealt with it by ensuring that stack_chk_fail.c makes no calls to functions - this also allows me to detect whether the "hardened" handler is wanted or not by checking __SSP__ and __SSP_ALL__. Note; another change from gcc-3 gcc-4.1 (that arose from mis-communication) is that when -fstack-protector-all is specified, only __SSP_ALL__ is defined, not __SSP__
build failure: preprocessed -E code following here: static long socketcall(int call, unsigned long *args) __attribute__ ((always_inline)); static long socketcall(int call,unsigned long * args) { long __res; __asm__ volatile ("syscall" : "=a" (__res) : "0" (__NR_socketcall),"D" ((long)(call)),"S" ((long)(args)) : "r11","rcx","memory" ); do { if ((unsigned long)(__res) >= (unsigned long)(-127)) { __stack_chk_fail_ errno = -(__res); __res = -1; } return (long) (__res); } while (0); }; error message during build: stack_chk_fail.c: In function `socketcall': stack_chk_fail.c:79: error: `__NR_socketcall' undeclared (first use in this function) stack_chk_fail.c:79: error: (Each undeclared identifier is reported only once stack_chk_fail.c:79: error: for each function it appears in.) line in compile compiling the .o x86_64-pc-linux-gnu-gcc stack_chk_fail.c -c -std=gnu99 -O2 -Wall -Winline -Wwrite-strings -fmerge-all-constants -march=k8 -pipe -Wstrict-p rototypes -I../include -I/var/tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64-pc-linux-gnu-nptl/debug -I/var/tmp/portage/glibc-2.4-r 3/work/build-amd64-x86_64-pc-linux-gnu-nptl -I../sysdeps/x86_64/elf -I../nptl/sysdeps/unix/sysv/linux/x86_64 -I../sysdeps/unix/sysv/linux/ x86_64 -I../sysdeps/unix/sysv/linux/wordsize-64 -I../ports/sysdeps/unix/sysv/linux -I../nptl/sysdeps/unix/sysv/linux -I../nptl/sysdeps/pth read -I../sysdeps/pthread -I../sysdeps/unix/sysv/linux -I../sysdeps/gnu -I../sysdeps/unix/common -I../sysdeps/unix/mman -I../sysdeps/unix/ inet -I../ports/sysdeps/unix/sysv -I../nptl/sysdeps/unix/sysv -I../sysdeps/unix/sysv -I../sysdeps/unix/x86_64 -I../ports/sysdeps/unix -I.. /nptl/sysdeps/unix -I../sysdeps/unix -I../sysdeps/posix -I../sysdeps/x86_64/fpu -I../nptl/sysdeps/x86_64 -I../sysdeps/x86_64 -I../sysdeps/ wordsize-64 -I../sysdeps/ieee754/ldbl-96 -I../sysdeps/ieee754/dbl-64 -I../sysdeps/ieee754/flt-32 -I../sysdeps/ieee754 -I../sysdeps/generic /elf -I../sysdeps/generic -I../ports -I../nptl -I.. -I../libio -I. -nostdinc -isystem /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/include -isy stem /usr/include -D_LIBC_REENTRANT -include ../include/libc-symbols.h -DPIC -o /var/tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64 -pc-linux-gnu-nptl/debug/stack_chk_fail.o -MD -MP -MF /var/tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64-pc-linux-gnu-nptl/debug/stack_ chk_fail.o.dt -MT /var/tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64-pc-linux-gnu-nptl/debug/stack_chk_fail.o Alex
huh - I obviously didn't build the socket syslog stuff on x86-64 :/ x86-64 has a completely different syscall interface for sockets; instead of the all-in-one socketcall it has decent separate interfaces for connect, sendto etc. I'll get back with an updated patch.
thanks Kevin, i'll have a break.
Created attachment 98119 [details, diff] Patch for stack_chk_fail.c that uses split syscalls when socketcall is not available (i.e. x86_64)
WORKSFORME [ebuild R ] sys-libs/glibc-2.4-r3 USE="hardened nls nptl nptlonly -build -glibc-omitfp (-multilib) -profile (-selinux)" 0 kB Total size of downloads: 0 kB 23:51:08 [/space/chroots/chroot005:11813.pts-0.miranda]miranda ~ # emerge --info Portage 2.1.1-r1 (hardened/amd64, gcc-3.4.4, glibc-2.4-r3, 2.6.16-hardened-r11 x86_64) ================================================================= System uname: 2.6.16-hardened-r11 x86_64 Dual Core AMD Opteron(tm) Processor 280 Gentoo Base System version 1.6.14 Last Sync: Tue, 26 Sep 2006 21:00:01 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.4.2 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/gcc-config: 1.3.12-r6 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo" CXXFLAGS="-O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j10" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="amd64 berkdb crypt dlloader elibc_glibc hardened input_devices_keyboard input_devices_mouse justify kernel_linux nls nptl nptlonly pam pic readline ssl tcpd userland_GNU userlocales xorg zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
WORKS ON x86 [ebuild R ] sys-libs/glibc-2.4-r3 USE="hardened nls nptl nptlonly -build -glibc-omitfp -multilib -profile (-selinux)" 0 kB Total size of downloads: 0 kB 09:07:40 [/home/ftp/devel-chroots/chroots/chroot004:32136.pts-0.tinderbox]tinderbox ~ # emerge --info Portage 2.1.1 (hardened/x86/2.6, gcc-3.4.4, glibc-2.4-r3, 2.6.11-hardened-r15 i686) ================================================================= System uname: 2.6.11-hardened-r15 i686 Intel(R) Pentium(R) 4 CPU 2.60GHz Gentoo Base System version 1.6.13 Last Sync: Tue, 26 Sep 2006 22:30:08 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.4.2 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/gcc-config: 1.3.12-r4 sys-devel/libtool: 1.5.20 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo" CXXFLAGS="-O2 -mcpu=i386 -pipe -fforce-addr" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://ftp.osuosl.org/pub/gentoo" LINGUAS="" PKGDIR="/usr/portage//packages/x86/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" SYNC="rsync://raptor.gentoo.org/gentoo-portage" USE="berkdb crypt dlloader elibc_glibc hardened input_devices_keyboard input_devices_mouse kernel_linux nls nptl nptlonly pam pic readline ssl tcpd userland_GNU userlocales x86 xorg zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
hi Kevin, after mocking up a preliminary amd64 test version of hardened gcc, i tried to compile glibc with your fix for hardened. it failed with an error message unrelated to the problems we had so far, so i take it to be a gcc-4 correlated problem: stack_chk_fail.c:61: error: static declaration of 'write' follows non-static declaration ../posix/unistd.h:331: error: previous declaration of 'write' was here stack_chk_fail.c:64: error: static declaration of 'exit' follows non-static declaration stack_chk_fail.c:67: error: static declaration of 'kill' follows non-static declaration ../signal/signal.h:117: error: previous declaration of 'kill' was here stack_chk_fail.c:70: error: static declaration of 'getpid' follows non-static declaration ../posix/unistd.h:571: error: previous declaration of 'getpid' was here stack_chk_fail.c:75: error: static declaration of 'close' follows non-static declaration ../posix/unistd.h:318: error: previous declaration of 'close' was here stack_chk_fail.c:104: error: static declaration of 'socket' follows non-static declaration ../socket/sys/socket.h:100: error: previous declaration of 'socket' was here stack_chk_fail.c:110: error: static declaration of 'connect' follows non-static declaration ../socket/sys/socket.h:124: error: previous declaration of 'connect' was here make[2]: *** [/var/tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64-pc-linux-gnu-nptl/debug/stack_chk_fail.o] Error 1 this is the command for building it: x86_64-pc-linux-gnu-gcc stack_chk_fail.c -c -std=gnu99 -O2 -Wall -Winline -Wwrite-strings -fmerge-all-constants -pipe -Wstrict-prototypes -I../inclu de -I/var/tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64-pc-linux-gnu-nptl/debug -I/var/tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64-pc-linux-gnu-n ptl -I../sysdeps/x86_64/elf -I../nptl/sysdeps/unix/sysv/linux/x86_64 -I../sysdeps/unix/sysv/linux/x86_64 -I../sysdeps/unix/sysv/linux/wordsize-64 -I../po rts/sysdeps/unix/sysv/linux -I../nptl/sysdeps/unix/sysv/linux -I../nptl/sysdeps/pthread -I../sysdeps/pthread -I../sysdeps/unix/sysv/linux -I../sysdeps/gn u -I../sysdeps/unix/common -I../sysdeps/unix/mman -I../sysdeps/unix/inet -I../ports/sysdeps/unix/sysv -I../nptl/sysdeps/unix/sysv -I../sysdeps/unix/sysv -I../sysdeps/unix/x86_64 -I../ports/sysdeps/unix -I../nptl/sysdeps/unix -I../sysdeps/unix -I../sysdeps/posix -I../sysdeps/x86_64/fpu -I../nptl/sysdeps/x8 6_64 -I../sysdeps/x86_64 -I../sysdeps/wordsize-64 -I../sysdeps/ieee754/ldbl-96 -I../sysdeps/ieee754/dbl-64 -I../sysdeps/ieee754/flt-32 -I../sysdeps/ieee7 54 -I../sysdeps/generic/elf -I../sysdeps/generic -I../ports -I../nptl -I.. -I../libio -I. -nostdinc -isystem /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/incl ude -isystem /usr/include -D_LIBC_REENTRANT -include ../include/libc-symbols.h -DPIC -o /var/tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64-pc-lin ux-gnu-nptl/debug/stack_chk_fail.o -MD -MP -MF /var/tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64-pc-linux-gnu-nptl/debug/stack_chk_fail.o.dt -MT /var /tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64-pc-linux-gnu-nptl/debug/stack_chk_fail.o removing the static from all the declarations and adding a function __stack_smash_handler inside stack_chk_fail.c instead of using a weak symbol solved all the compile errors for me in gcc-4. But i am sure you have your reasons for using static declarations as well as the weak symbol and i would not want to mess or interfere with your code because you are obviously the better coder from what i learned so far :) As said before, i was using a special amd64 PIE SSP patched gcc-4.1.1-r1 ebuild The gcc-4.1.1-r1 works as expected and i was able to reemerge gcc three times with the PIE SSP gcc-4.1.1-r1. I hope you can solve this problem, because it would mean that the hardened team will be able to push out preliminary test versions of PIE SSP gcc-4.1.1 along with your glibc-2.4 hardened SSP compatibility. And finally, this would mean we are on a good step toward 2007.0 being a release where we can have hardened stages again because finishing our toolchain changes in October would leave us roughly two or three months for testing the packages in ~arch and moving them to arch at the beginning of the freeze period before the release is bundling stages and install cdroms. Thanks again for your help and good luck sorting this one out, Alex
Created attachment 98271 [details, diff] Updated stack_chk_fail patch, with warnings/errors cleaned up Alex - try this. I've used #define to rename the extern declarations made by the included headers - really, I only want any definitions/types from these headers not the functions (which I declare locally using the syscall macros). The definitions trick the headers into declaring the functions with different names, that I never use :) The reason for making them static was (1) to be sure they are the ones called by the code in stack_chk_fail.c (not the extern ones from the headers), and (2) they are only used inside stack_chk_fail.c - i.e. to prevent any code linked with stack_chk_fail.o from using the stack_chk_fail definitions instead of the real ones (although the always_inline attribute should prevent that anyway). If you play around with the stack_chk_fail implementation, I recommend you always check the disassembly (objdump -d .../stack_chk_fail.o) and verify that it is indeed using inline syscalls, and that there are no function calls (e.g. 'call' instructions). The x86 version actually does have one call, but that's just the pic register thunking so is of no concern.
Hey, what about the __stack_smash_handler() function? is it gone now from your compat patch? I think we need it though ...
121 #ifndef __NR_local_inline_socket 122 #define __NR_local_inline_socket __NR_socket 123 #endif 124 125 #ifndef __NR_local_inline_connect 126 #define __NR_local_inline_connect __NR_connect 127 #endif 128 129 static int local_inline_socket(int domain, int type, int protocol) __attribute__ ((always_inline)) ; 130 static _syscall3(int,local_inline_socket, int,domain, int,type, int,protocol); 131 132 #define DO_SOCKET(result,domain,type,protocol) \ 133 result = local_inline_socket(domain,type,protocol) 134 135 static int local_inline_connect(int sockfd, const struct sockaddr *serv_addr, socklen_t addrlen) __attribute__ ((always_inline)) ; 136 static _syscall3(int,local_inline_connect, int,sockfd, const struct sockaddr *,serv_addr, socklen_t,addrlen); 137 138 #define DO_CONNECT(result,sockfd,serv_addr,addrlen) \ 139 result = local_inline_connect(sockfd,(struct sockaddr *)serv_addr, addrlen) mockup for the still problematic socket and connect it looks as though GLIBC includes are very early pulling in the socket function call definitions via commandline ... i may be wrong but with using explicit local names at least the error message goes away: stack_chk_fail.c:124: error: static declaration of 'socket' follows non-static declaration ../socket/sys/socket.h:100: error: previous declaration of 'socket' was here stack_chk_fail.c:130: error: static declaration of 'connect' follows non-static declaration ../socket/sys/socket.h:124: error: previous declaration of 'connect' was here make[2]: *** [/var/tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64-pc-linux-gnu-nptl/debug/stack_chk_fail.o] Error 1 make[2]: *** Waiting for unfinished jobs.... This was the error message with your most up to date patch, i ran -E to look whats going on and saw "extern int socket" early defined by a glibc include looking at this now: # x86_64-pc-linux-gnu-gcc stack_chk_fail.c -c -std=gnu99 -O2 -Wall -Winline -Wwrite-strings -fmerge-all-constants -pipe -Wstrict-prototypes -I../include -I/var/tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64-pc-linux-gnu-nptl/debug -I/var/tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64-pc-linux-gnu-nptl -I../sysdeps/x86_64/elf -I../nptl/sysdeps/unix/sysv/linux/x86_64 -I../sysdeps/unix/sysv/linux/x86_64 -I../sysdeps/unix/sysv/linux/wordsize-64 -I../ports/sysdeps/unix/sysv/linux -I../nptl/sysdeps/unix/sysv/linux -I../nptl/sysdeps/pthread -I../sysdeps/pthread -I../sysdeps/unix/sysv/linux -I../sysdeps/gnu -I../sysdeps/unix/common -I../sysdeps/unix/mman -I../sysdeps/unix/inet -I../ports/sysdeps/unix/sysv -I../nptl/sysdeps/unix/sysv -I../sysdeps/unix/sysv -I../sysdeps/unix/x86_64 -I../ports/sysdeps/unix -I../nptl/sysdeps/unix -I../sysdeps/unix -I../sysdeps/posix -I../sysdeps/x86_64/fpu -I../nptl/sysdeps/x86_64 -I../sysdeps/x86_64 -I../sysdeps/wordsize-64 -I../sysdeps/ieee754/ldbl-96 -I../sysdeps/ieee754/dbl-64 -I../sysdeps/ieee754/flt-32 -I../sysdeps/ieee754 -I../sysdeps/generic/elf -I../sysdeps/generic -I../ports -I../nptl -I.. -I../libio -I. -nostdinc -isystem /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/include -isystem /usr/include -D_LIBC_REENTRANT -include ../include/libc-symbols.h -DPIC -o /var/tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64-pc-linux-gnu-nptl/debug/stack_chk_fail.o -MD -MP -MF /var/tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64-pc-linux-gnu-nptl/debug/stack_chk_fail.o.dt -MT /var/tmp/portage/glibc-2.4-r3/work/build-amd64-x86_64-pc-linux-gnu-nptl/debug/stack_chk_fail.o stack_chk_fail.c:276: error: '__stack_smash_handler' aliased to external symbol '__stack_chk_fail' its the last error msg remaining. -Alex
The stack_smash_handler function should still be there; the patch doesn't remove it. Note that if you do ebuild phases manually, the compatibility check stuff will fail because it creates/tests existence of a file in ${T} which gets wiped out between phases, so that although the unpack phase sets it, the compile(configure) phase doesn't find it. I've modified the ebuild locally to use ${S} instead (look for '.ssp.compat' in the ebuild). I only tried the patch on x86; I'll have a look at x86_64 - looks like the includes are different.
178 #if defined ENABLE_OLD_SSP_COMPAT 179 void 180 __attribute__ ((noreturn)) 181 __attribute__ ((alias("__stack_smash_handler"))) 182 __stack_chk_fail (void) 183 { 184 #else /* defined ENABLE_OLD_SSP_COMPAT */ 185 void 186 __attribute__ ((noreturn)) 187 __stack_chk_fail (void) 188 { 189 #endif /* defined ENABLE_OLD_SSP_COMPAT */ is this feasible for replacing the strong_alias producing the odd error message with the external definition? Alex
Created attachment 98296 [details, diff] modification to debug/stack_chk_fail.c based on kevquinn's patch i removed strong_alias to replace it with __attribute__ ((alias "__stack_smash_handler")) in the function declaration of __stack_chk_fail. Also i edited the socket and connect function names to be truly local so no clashing happens with previously included function names from glibc.
Comment on attachment 98296 [details, diff] modification to debug/stack_chk_fail.c based on kevquinn's patch DELETED
(In reply to comment #87) > (From update of attachment 98296 [details, diff] [edit]) > DELETED > i made a mistake in the alias attribute don't use this patch, i am doing a new one atm Alex
Created attachment 98337 [details, diff] Define new __NR macros to avoid the duplicate symbol problem, and provide wrapper function for stack_smash_handler on x86_64 The symbol duplication problem arose because "#include <linux/unistd.h>" on x86_64 ends up declaring socket() and connect(), which is odd. Moving the "#define connect lcconnect" etc to before this include resolved the problem. However I prefer your "#define __NR_blah_operation __NR_operation" to my "#define operation lcoperation" anyway, so this patch does that for all the syscall functions. I don't understand why the compiler rejects the aliasing. It only does so on x86_64 - on x86 it works fine - so for now I've implemented a simple wrapper for the x86_64 case (alias still remains for other arches). Not ideal, as it means the handler modifies more of the stack after the smash, but at least it should work.
btw on x86_64, while everything builds ok for me, the newly-hardened-built sln segfaults during install.
WORKSFORME [ebuild R ] sys-libs/glibc-2.4-r3 USE="hardened nls nptl nptlonly -build -glibc-omitfp -multilib -profile (-selinux)" 0 kB Total size of downloads: 0 kB *** Deprecated use of action 'info', use '--info' instead Portage 2.1.1-r1 (hardened/x86/2.6, gcc-3.4.6, glibc-2.4-r3, 2.6.16-hardened-r11 i686) ================================================================= System uname: 2.6.16-hardened-r11 i686 Dual Core AMD Opteron(tm) Processor 280 Gentoo Base System version 1.12.5 Last Sync: Fri, 29 Sep 2006 08:00:01 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="amd64 x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -march=i686" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" PKGDIR="/usr/portage//packages/x86/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="berkdb crypt dlloader elibc_glibc hardened input_devices_keyboard input_devices_mouse kernel_linux nls nptl nptlonly pam pic readline ssl tcpd userland_GNU userlocales x86 xorg zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY latest patch built with gcc-3.4.6 on a 32 BIT chroot on miranda, testing amd64 now Alex
FI something odd is going on with gcc-4.1.1. For some reason, the rtld-libc.a (an archive linked into ld.so with duplicate code from libc) when built with gcc-4.1.1 doesn't include stack_chk_fail.os and friends. Thus I'm seeing errors about "undefined reference to __stack_chk_fail_local". With gcc-3.4.6, the build process automatically pulls in the objects it needs (rtld-stack_chk_fail.os, rtld-init-misc.os (for __progname), rtld-strrchr.os (needed by init-misc)). With gcc-4.1.1, it doesn't build an rtld-stack_chk_fail.os et. al., and doesn't try to include them. This must be down to differences in the way the symbols stack_chk_fail, stack_chk_fail_local and stack_smash_handler are defined in the various compilers; I'm still investigating. This has also highlighted that the stack_chk_fail.c function should perhaps do something different in ld.so with respect to __progname. Although the gcc-3.4.6 build has pulled in duplicate code for it automatically, it'll remain undefined in ld.so. This will be simple to resolve. BTW - this is with gcc specs where I've removed the "!D_LIBC" and "!D_LIBC_REENTRANT" conditions, so that -fstack-protector-all is on for all of glibc.
WORKSFORME compiling glibc-2.4 with gcc-3.4.4-r1 on amd64 hardened profile 2006.0 using latest patch from kevquinn Calculating dependencies... done! [ebuild N ] virtual/libiconv-0 0 kB [ebuild U ] sys-devel/gcc-3.4.6-r1 [3.4.4-r1] USE="hardened nls (-altivec) -bootstrap -boundschecking -build -doc% -fortran -gcj -gtk -ip28 -ip32r10k% (-multilib) -multislot (-n32) (-n64) -nocxx -nopie -nossp -objc -test% -vanilla" 0 kB [ebuild R ] sys-libs/glibc-2.4-r3 USE="hardened nls nptl nptlonly -build -glibc-omitfp (-multilib) -profile (-selinux)" 0 kB Total size of downloads: 0 kB *** Deprecated use of action 'info', use '--info' instead Portage 2.1.1-r1 (hardened/amd64, gcc-3.4.4, glibc-2.4-r3, 2.6.16-hardened-r11 x86_64) ================================================================= System uname: 2.6.16-hardened-r11 x86_64 Dual Core AMD Opteron(tm) Processor 280 Gentoo Base System version 1.6.14 Last Sync: Fri, 29 Sep 2006 14:00:01 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.4.2 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/gcc-config: 1.3.12-r6 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -fomit-frame-pointer -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo" CXXFLAGS="-march=k8 -fomit-frame-pointer -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j12" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="amd64 berkdb crypt dlloader elibc_glibc hardened input_devices_keyboard input_devices_mouse justify kernel_linux nls nptl nptlonly pam pic readline ssl tcpd userland_GNU userlocales xorg zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
updated gcc to hardened gcc-3.4.6-r3 and reemerged glibc, all fine These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] sys-devel/gcc-3.4.6-r1 USE="hardened nls (-altivec) -bootstrap -boundschecking -build -doc -fortran -gcj -gtk -ip28 -ip32r10k (-multilib) -multislot (-n32) (-n64) -nocxx -nopie -nossp -objc -test -vanilla" 0 kB [ebuild R ] sys-libs/glibc-2.4-r3 USE="hardened nls nptl nptlonly -build -glibc-omitfp (-multilib) -profile (-selinux)" 0 kB Total size of downloads: 0 kB *** Deprecated use of action 'info', use '--info' instead Portage 2.1.1-r1 (hardened/amd64, gcc-3.4.6, glibc-2.4-r3, 2.6.16-hardened-r11 x86_64) ================================================================= System uname: 2.6.16-hardened-r11 x86_64 Dual Core AMD Opteron(tm) Processor 280 Gentoo Base System version 1.6.14 Last Sync: Fri, 29 Sep 2006 14:00:01 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.4.2 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/gcc-config: 1.3.12-r6 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -fomit-frame-pointer -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo" CXXFLAGS="-march=k8 -fomit-frame-pointer -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j12" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="amd64 berkdb crypt dlloader elibc_glibc hardened input_devices_keyboard input_devices_mouse justify kernel_linux nls nptl nptlonly pam pic readline ssl tcpd userland_GNU userlocales xorg zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
(In reply to comment #94) > updated gcc to hardened gcc-3.4.6-r3 and reemerged glibc, all fine -r1 that was :)
(In reply to comment #92) > FI something odd is going on with gcc-4.1.1. For some reason, the rtld-libc.a > (an archive linked into ld.so with duplicate code from libc) when built with > gcc-4.1.1 doesn't include stack_chk_fail.os and friends. Thus I'm seeing > errors about "undefined reference to __stack_chk_fail_local". The reason for this is that when built with gcc-4.1.1 on x86, the symbol referenced is __stack_chk_fail_local rather than __stack_chk_fail - in order to avoid the PIC register being pushed (unnecessarily). However __stack_chk_fail_local.c is built to __stack_chk_fail_local.oS (a "static" object) that ends up in libc_nonshared.a, not libc_pic.a. glibc builds a throw-away version of rtld.so with libc_pic.a in order to find out what objects are needed - it then builds rtld- versions of those objects, and relinks rtld with the rtld- objects. However since __stack_chk_fail_local is static, it's not included, so doesn't get picked up. Just trying a few things to find a simple solution; but in the meantime don't bother trying to build with gcc-4.1.1 on x86 (or rs6000, fwiw ;) - should be ok on x86_64, as I think that doesn't use __stack_chk_fail_local).
WORKSFORME normal gcc-4.1.1 and glibc-2.4 on x86_64 with the latest stack_chk_fail patch Calculating dependencies... done! [ebuild R ] sys-devel/gcc-4.1.1 USE="hardened nls (-altivec) -bootstrap -build -doc -fortran -gcj -gtk -ip28 -ip32r10k -mudflap (-multilib) -multislot (-n32) (-n64) -nocxx -objc -objc++ -objc-gc -test -vanilla" 0 kB [ebuild R ] sys-libs/glibc-2.4-r3 USE="hardened nls nptl nptlonly -build -glibc-omitfp (-multilib) -profile (-selinux)" 0 kB Total size of downloads: 0 kB Portage 2.1.1-r1 (hardened/amd64, gcc-4.1.1, glibc-2.4-r3, 2.6.16-hardened-r11 x86_64) ================================================================= System uname: 2.6.16-hardened-r11 x86_64 Dual Core AMD Opteron(tm) Processor 280 Gentoo Base System version 1.6.14 Last Sync: Fri, 29 Sep 2006 14:00:01 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.4.2 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/gcc-config: 1.3.12-r6 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -fomit-frame-pointer -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo" CXXFLAGS="-march=k8 -fomit-frame-pointer -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j12" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="amd64 berkdb crypt dlloader elibc_glibc hardened input_devices_keyboard input_devices_mouse justify kernel_linux nls nptl nptlonly pam pic readline ssl tcpd userland_GNU userlocales xorg zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
[ebuild R ] sys-libs/glibc-2.4-r3 USE="hardened nls nptl nptlonly -build -glibc-omitfp (-multilib) -profile (-selinux)" 0 kB [ebuild R ] sys-devel/gcc-4.1.1 USE="hardened nls (-altivec) -bootstrap -build -doc -fortran -gcj -gtk -ip28 -ip32r10k -mudflap (-multilib) -multislot (-n32) (-n64) -nocxx -objc -objc++ -objc-gc -test -vanilla" 0 kB Total size of downloads: 0 kB *** Deprecated use of action 'info', use '--info' instead Portage 2.1.1-r1 (hardened/amd64, gcc-4.1.1, glibc-2.4-r3, 2.6.16-hardened-r11 x86_64) ================================================================= System uname: 2.6.16-hardened-r11 x86_64 Dual Core AMD Opteron(tm) Processor 280 Gentoo Base System version 1.6.14 Last Sync: Fri, 29 Sep 2006 14:00:01 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.4.2 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/gcc-config: 1.3.12-r6 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -fomit-frame-pointer -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo" CXXFLAGS="-march=k8 -fomit-frame-pointer -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j12" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="amd64 berkdb crypt dlloader elibc_glibc hardened input_devices_keyboard input_devices_mouse justify kernel_linux nls nptl nptlonly pam pic readline ssl tcpd userland_GNU userlocales xorg zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY here are the modified specs from me. patch is following. *cc1: %(cc1_cpu) %{profile:-p} %{!DIN_GCC: %{!D__KERNEL__: %{!static: %{!fno-PIC: %{!fno-pic: %{!shared: %{!nostdlib: %{!nostartfiles: %{!fno-PIE: %{!fno-pie: %{!nopie: %{!fPIC:%{!fpic:-fPIE}}} } } } } } } } } %{!nostdlib: %{!D_LIBC: %{!D_LIBC_REENTRANT: %{!fno-stack-protector: -fstack-protector %{!fno-stack-protector-all:-fstack -protector-all}} } } } } } *link_ssp: %{fstack-protector|fstack-protector-all:} *endfile: %{static|nopie:crtend.o%s;:crtendS.o%s} crtn.o%s *startfile: %{!shared: %{pg|p|profile:gcrt1.o%s;static|nopie:crt1.o%s;:Scrt1.o%s}} crti.o%s %{static:crtbeginT.o%s;nopie:crtbegin.o%s;:crtbeginS.o%s} *link_command: %{!fsyntax-only:%{!c:%{!M:%{!MM:%{!E:%{!S: %(linker) %l %{!nopie: %{!DIN_GCC: %{!D__KERNEL__: %{!D_LIBC: %{!D_LIBC_REENTRANT: %{!static: %{!A: %{!shared: %{!nos tdlib: %{!nostartfiles: %{!fno-PIE: %{!fno-pie: -pie} } } } } } } } } } } } %{pie: } %{!DIN_GCC: %{!D__KERNEL__: %{!D_LIBC: %{!D_LIBC_REENTRANT: %{!norelro: -z r elro} } } } } %{relro: } %{!DIN_GCC: %{!D__KERNEL__: %{!D_LIBC: %{!D_LIBC_REENTRANT: %{!nonow: -z now} } } } } %{now: } %X %{o*} %{A} %{d} %{e*} %{m} %{N} %{n} %{r} %{s} %{t} %{u*} %{x} %{z} %{Z} %{!A:%{!nostdlib:%{!nostartfiles:%S}}} %{static:} %{L*} %(mfwrap) %(link_libgcc) %o %(mflib) %{fprofile-arcs|fprofile- generate|coverage:-lgcov} %{!nostdlib:%{!nodefaultlibs:%(link_ssp) %(link_gcc_c_sequence)}} %{!A:%{!nostdlib:%{!nostartfiles:%E}}} %{T*} }}}}}} These specs built gcc and glibc without PIE and without SSP. I will increase the pressure on the glibc build and allow SSP for some parts of it during further testing. But relro and bindnow are out of the game for glibc building because i think these options are fuck'n it up in the tight build environment of glibc. Thanks, Alex
I don't think relro/bind-now hurt. Removing the %{!D_LIBC: %{!D_LIBC_REENTRANT: part (which is what I've been trying) certainly breaks things; it ends up trying to put stack protection on crti.o/crtn.o for example which is not a good idea ;) That's easily sorted out, though.
Created attachment 98453 [details, diff] gcc-4.1.1 PIE SSP autoemitter Hello, this patch is an implemention of the hardened automatic PIE SSP toolchain. It filters glibc and gcc building until problems with building SSP into glibc are sorted out by the hardened developers. This patch can be used to convert the normal gcc-4.1.1 -fstack-protector-all, -fPIE, RELRO and BIND_NOW behaviour into default building which enables userlands to benefit from security improvements. Major changes include splitting the relro and bind_now definitions from the pie section and internal reorganization. Parallel development is done to glibc-2.4 to support the backwards compatible symbols and functions of the old SSP implementation in gcc-3.x versions. Thanks all, Alex
(In reply to comment #100) > Created an attachment (id=98453) [edit] > gcc-4.1.1 PIE SSP autoemitter It's for amd64 ONLY at the moment :) Alex
(In reply to comment #99) > I don't think relro/bind-now hurt. > > Removing the %{!D_LIBC: %{!D_LIBC_REENTRANT: part (which is what I've been > trying) certainly breaks things; it ends up trying to put stack protection on > crti.o/crtn.o for example which is not a good idea ;) That's easily sorted > out, though. > affirmative, when you got the Makefiles patched up i'm all open for removing the filters again. But for me it was an easy thing to have the whole glibc/gcc going for a first try... i just wanted to see whether the toolchain actually would work with the hardened changes. If you can make glibc work with SSP by adding -fno-stack-protector to certain Makefiles that would be great. What are your ideas about building gcc with hardened toolchain itself? Thanks, Alex
I'm almost done with the glibc modifications; I've filtered ssp for stack_chk_fail_local and for the rtld compilations (doesn't make sense to have the libc-based stack protection built into the loader...) With regards building gcc with the hardened specs; this achieves more than just having gcc itself protected against internal buffer overflow bugs and the like - it also means that the gcc support code (all the libraries in ls /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/ for example) is built with SSP. There are some bits that should never be built SSP or PIE (in particular the crt objects) but that should be easy enough to manage, if it isn't already. I think gcc discussion should happen on a separate bug (to keep this one focused on glibc), but here's a quick summary of the state of play so far. We (in particular psm) have a range of ideas for what to do with the gcc specs themselves; including: 1) Doing bind_now/relro in ld (binutils), rather than gcc-specs (or in addition to, for transition since they don't conflict) 2) Factoring the toolchain mods in to easy-to see/maintain chunks, so that you would see for example: *cc1: %(cc1_cpu) %{profile:-p} %(cc1_ssp) %(cc1_pie) *cc1_ssp: %{D__KERNEL__|nostdlib|nodefaultlibs|fno-stack-protector|fstack-protector|fno-stack-protector-all:;:-fstack-protector-all} *cc1_pie: %{D__KERNEL__|static|nostdlib|nostartfiles|fPIC|fpic|fno-PIC|fno-pic|fPIE|fpie|fno-PIE|fno-pie|nopie:;:-fPIE} *link_command: %{!fsyntax-only:%{!c:%{!M:%{!MM:%{!E:%{!S: %(linker) %l %{pie:-pie;:%(link_command_pie)} %X %{o*} %{A} %{d} %{e*} %{m} %{N} %{n} %{r} %{s} %{t} %{u*} %{x} %{z} %{Z} %{!A:%{!nostdlib:%{!nostartfiles:%S}}} %{static:} %{L*} %(mfwrap) %(link_libgcc) %o %(mflib) %{fprofile-arcs|fprofile-generate|coverage:-lgcov} %{!nostdlib:%{!nodefaultlibs:%(link_ssp) %(link_gcc_c_sequence)}} %{!A:%{!nostdlib:%{!nostartfiles:%E}}} %{T*} }}}}}} *link_command_pie: %{D__KERNEL__|static|A|nostdlib|nostartfiles|fPIC|fpic|fno-PIC|fno-pic|fPIE|fpie|fno-PIE|fno-pie|nopie:;:-pie} (gcc specs still did bind-now/relro it would be done as new "link_command_zrelro" and "link_command_znow" definitions, referenced from the appropriate place in the link_command definition) This means that the switched specs files no longer have to be full sets - they can be just the modifications necessary; i.e. they just need to define cc1_ssp, cc1_pie and link_command_pie. Note that the GCC_SPECS variable can now contain more than one entry; e.g. one could do: GCC_SPECS="default_ssp.specs:default_pie.specs" gcc ... where default_ssp.specs would contain the cc1_ssp definition and default_pie.specs would be the cc1_pie definition. There are pros and cons to having the builtin specs themselves hardened, still undecided on that.
You ideas regarding modularization of the sections sound good. I hope we can implement them. My opinion is that the builtin specs of gcc should be upstream compatible, e.g. when something goes wrong in the environment and gcc can't find the right specs, it should fall back to a reasonable default which is the upstream vanilla behaviour for building gcc, kernel, glibc properly in emergency situations. TIA Alex
http://bugs.gentoo.org/show_bug.cgi?id=149649 gcc specs file changes TOD moved to new bug id.
Created attachment 98470 [details, diff] gcc-4.1.1-r1 patch for Adamant test patch for Adamant
Created attachment 98567 [details, diff] For info - patch so far for building glibc w/ SSP (i.e. removing the D_LIBC/D_LIBC_REENTRANT conditions for fssp-all) This is what I have so far - still not quite right, as it fails to build the iconvdata stuff (w/ 4.1.1), but I can't see why for the moment. Something odd going on with regards symbol visibility; but I can't see how my changes have affected that (the affected symbols are nothing to do with SSP).
32bit chroot testing i586 (i needed to rebuild my lan server anyway :P) hammer ~ # emerge --info Portage 2.1.2_pre2 (hardened/x86/2.6, gcc-4.1.1, glibc-2.4.90.20060915-r0, 2.6.17-gentoo-r4 i686) ================================================================= System uname: 2.6.17-gentoo-r4 i686 AMD Opteron(tm) Processor 246 Gentoo Base System version 1.12.5 Last Sync: Sun, 01 Oct 2006 00:00:01 +0000 ccache version 2.4 [enabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 2.0.30 dev-lang/python: 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.60 sys-devel/automake: 1.9.6-r2 sys-devel/binutils: 2.17.50.0.5 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i586-pc-linux-gnu" CFLAGS="-march=k6-2 -mtune=k6-2 -O2 -fomit-frame-pointer -pipe -fforce-addr" CHOST="i586-pc-linux-gnu" CONFIG_PROTECT="/etc /opt/openjms/config /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/terminfo" CXXFLAGS="-march=k6-2 -mtune=k6-2 -O2 -fomit-frame-pointer -pipe -fforce-addr" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig candy ccache confcache distlocks metadata-transfer sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo http://mirror.datapipe.net/gentoo http://gentoo.mirrors.tds.net/gentoo http://gentoo.seren.com/gentoo" LDFLAGS="-Wl,-O1 -Wl,--enable-new-dtags -Wl,--hash-style=both -Wl,--as-needed -Wl,--sort-common -s" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.ca.gentoo.org/gentoo-portage" USE="x86 3dnow X509 acpi apache2 authdaemond bash-completion berkdb bzip2 bzlib ccache chroot crypt ctype curl curlwrappers dba dio dlloader elibc_glibc erandom exif extensions fortran ftp hardened hardenedphp imap innodb input_devices_keyboard input_devices_mouse ipv6 ithreads java javascript jpeg jpeg2k kernel_linux libg++ logrotate logwatch maildir memlimit mmx mpi mpm-worker multislot multiuser mysql mysqli nagios-dns nagios-ntp nagios-ping nagios-ssh neural nis nls nptl nptlonly nsplugin objc offensive pam pcntl perl pg-hier pg-intdatetime pg-vacuumdelay pic pie posix procmail readline sasl sendfile session sftplogging shaper shared sharedext sharedmem simplexml sockets softquota sse sse-filters ssl sysvipc szip tcpd threads unicode userland_GNU userlocales vda vhosts virtual-users virus-scan wddx xml xmlrpc xorg xsl zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS hammer ~ # /usr/libexec/gcc/i586-pc-linux-gnu/4.1.1/cc1 -quiet -v vuln-stack.c -fPIE -fstack-protector -fstack-protector-all -quiet -dumpbase vuln-stack.c -mtune=k6-2 -auxbase vuln-stack -version -o /tmp/ccNpj3OK.s ignoring nonexistent directory "/usr/local/include" ignoring nonexistent directory "/usr/lib/gcc/i586-pc-linux-gnu/4.1.1/../../../../i586-pc-linux-gnu/include" #include "..." search starts here: #include <...> search starts here: /usr/lib/gcc/i586-pc-linux-gnu/4.1.1/include /usr/include End of search list. GNU C version 4.1.1 (Gentoo Hardened 4.1.1-r1 xXx PIE SSP autoemitter test patch for Adamant xXx) (i586-pc-linux-gnu) compiled by GNU C version 4.1.1 (Gentoo Hardened 4.1.1-r1 xXx PIE SSP autoemitter test patch for Adamant xXx). GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072 Compiler executable checksum: c5b73f091fa00578cd4ed77fd162b2d1 hammer ~ # gcc -fPIE -fstack-protector -fstack-protector-all -mtune=k6-2 vuln-stack.c -o vuln-stack hammer ~ # readelf -s vuln-stack |grep __stack_chk 18: 00000000 60 FUNC GLOBAL DEFAULT UND __stack_chk_fail@GLIBC_2.4 (3) 71: 00000760 20 FUNC GLOBAL HIDDEN 12 __stack_chk_fail_local 72: 00000000 60 FUNC GLOBAL DEFAULT UND __stack_chk_fail@@GLIBC_2 hammer ~ # ./vuln-stack AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA *** stack smashing detected ***: ./vuln-stack terminated Aborted hammer ~ # cat vuln-stack.c /* solar@simple c $ cat vuln.c #include <stdio.h> int main(int argc, char **argv) { char buf[10]; strcpy(buf, argv[1]); return 0; } solar@simple c $ ./vuln 1234567890123456 vuln: stack smashing attack in function mainAborted */ #include <stdio.h> #include <string.h> int main(int argc, char **argv) { char buf[10]; strcpy(buf, argv[1]); return 0; } hammer ~ # /usr/libexec/gcc/i586-pc-linux-gnu/4.1.1/cc1 -quiet -v test.c -fPIE -fstack-protector -fstack-protector-all -quiet -dumpbase test.c -mtune=k6-2 -auxbase test -version -o /tmp/ccNpj3OK.s ignoring nonexistent directory "/usr/local/include" ignoring nonexistent directory "/usr/lib/gcc/i586-pc-linux-gnu/4.1.1/../../../../i586-pc-linux-gnu/include" #include "..." search starts here: #include <...> search starts here: /usr/lib/gcc/i586-pc-linux-gnu/4.1.1/include /usr/include End of search list. GNU C version 4.1.1 (Gentoo Hardened 4.1.1-r1 xXx PIE SSP autoemitter test patch for Adamant xXx) (i586-pc-linux-gnu) compiled by GNU C version 4.1.1 (Gentoo Hardened 4.1.1-r1 xXx PIE SSP autoemitter test patch for Adamant xXx). GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072 Compiler executable checksum: c5b73f091fa00578cd4ed77fd162b2d1 hammer ~ # gcc -fPIE -fstack-protector -fstack-protector-all -mtune=k6-2 test.c -o test hammer ~ # readelf -s test |grep __stack_chk 18: 00000000 60 FUNC GLOBAL DEFAULT UND __stack_chk_fail@GLIBC_2.4 (3) 71: 00000760 20 FUNC GLOBAL HIDDEN 12 __stack_chk_fail_local 72: 00000000 60 FUNC GLOBAL DEFAULT UND __stack_chk_fail@@GLIBC_2 hammer ~ # ./test *** stack smashing detected ***: ./test terminated Aborted hammer ~ # cat test.c #include <string.h> int main() { char vuln[5]; char smasher[20] = "AAAAAAAAAAAAAAAAAAA"; strcpy(vuln, smasher); return 0; } I will start rebuilding the chroot now with the hardened TC
(In reply to comment #108) > *** stack smashing detected ***: ./vuln-stack terminated > Aborted hmm; which glibc patch did you try? The patches here should end up with it saying "Killed", since it currently does a kill rather than abort (which may change in the future). What does strace show?
removing linuxthreads/Makefile patch from the linuxssp patch because as to vapier@gentoo.org the 2.5 release does not contain a linuxthreads dir. * Patching pt_chown to BIND_NOW * Applying glibc-2.3.6-pt_chown-znow.patch ... * Patching SSP handler so that glibc builds with hardened compiler * Applying glibc-2.4-linuxssp.patch ... The patches apply clean. # ACCEPT_KEYWORDS="~amd64" emerge -pv glibc These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] sys-libs/glibc-2.5 USE="hardened nls nptl nptlonly -build -glibc-compat20 -glibc-omitfp (-multilib) -profile (-selinux)" 0 kB The glibc emerges with a hardened gcc-3.4.6 from a fresh stage3 unrolled in a chroot. Portage 2.1.1-r1 (hardened/amd64, gcc-3.4.4, glibc-2.5-r0, 2.6.16-hardened-r11 x86_64) ================================================================= System uname: 2.6.16-hardened-r11 x86_64 Dual Core AMD Opteron(tm) Processor 280 Gentoo Base System version 1.6.14 Last Sync: Fri, 06 Oct 2006 16:00:09 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.4.2 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/gcc-config: 1.3.12-r6 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -fomit-frame-pointer -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo" CXXFLAGS="-march=k8 -fomit-frame-pointer -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j9" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/master/svn/overlays.gentoo.org/svn/dev/kevquinn/hardened/toolchain" SYNC="rsync://owl.gentoo.org/gentoo-portage" USE="amd64 berkdb crypt dlloader elibc_glibc hardened input_devices_keyboard input_devices_mouse justify kernel_linux nls nptl nptlonly pam pic readline ssl tcpd userland_GNU userlocales xorg zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS
on ppc, nixnut reports the alias error message to be appearing but not stopping the show: 19:32 < nixnut> ./debug/stack_chk_fail.c: * '__stack_smash_handler' aliased to external symbol '__stack_chk_fail'
i586-pc-linux-gnu-gcc -Wl,-O1 -Wl,--enable-new-dtags -Wl,--sort-common -s -shared -static-libgcc -Wl,-O1 -Wl,-z,defs -Wl,-dynamic-linker=/lib/ld-linux.so.2 -B/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/csu/ -Wl,--version-script=/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/libc.map -Wl,-soname=libc.so.6 -Wl,-z,combreloc -Wl,-z,relro -Wl,--hash-style=both -nostdlib -nostartfiles -e __libc_main -Wl,-z,now -L/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu -L/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/math -L/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/elf -L/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/dlfcn -L/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/nss -L/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/nis -L/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/rt -L/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/resolv -L/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/crypt -L/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/nptl -Wl,-rpath-link=/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu:/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/math:/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/elf:/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/dlfcn:/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/nss:/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/nis:/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/rt:/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/resolv:/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/crypt:/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/nptl -o /var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/libc.so -T /var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/shlib.lds /var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/csu/abi-note.o /var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/elf/soinit.os /var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/libc_pic.os /var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/elf/sofini.os /var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/elf/interp.os /var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/elf/ld.so /var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/debug/stack_chk_fail_local.oS -lgcc /var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/debug/stack_chk_fail_local.oS: In function `__stack_chk_fail_local': stack_chk_fail_local.c:(.text+0x0): multiple definition of `__stack_chk_fail_local' /var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/libc_pic.os:(.text+0xd0d20): first defined here collect2: ld returned 1 exit status make[1]: *** [/var/tmp/portage/glibc-2.5.20061005/work/build-default-i586-pc-linux-gnu/libc.so] Error 1 make[1]: Leaving directory `/var/tmp/portage/glibc-2.5.20061005/work/glibc-2.5' make: *** [all] Error 2 fails to build with new patch Portage 2.1.2_pre2-r3 (hardened/x86/2.6, gcc-4.1.1, glibc-2.5.20061005-r0, 2.6.17-gentoo-r4 i686) ================================================================= System uname: 2.6.17-gentoo-r4 i686 AMD Opteron(tm) Processor 246 Gentoo Base System version 1.12.5 Last Sync: Sat, 07 Oct 2006 16:20:01 +0000 distcc 2.18.3 i586-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [enabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.30 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 dev-util/confcache: 0.4.2-r1 sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.6.3, 1.7.9-r1, 1.9.6-r2 sys-devel/binutils: 2.17.50.0.5 sys-devel/gcc-config: 1.3.13-r4 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i586-pc-linux-gnu" CFLAGS="-march=k6-2 -mtune=k6-2 -O2 -fomit-frame-pointer -pipe -fforce-addr" CHOST="i586-pc-linux-gnu" CONFIG_PROTECT="/etc /opt/openjms/config /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/terminfo" CXXFLAGS="-march=k6-2 -mtune=k6-2 -O2 -fomit-frame-pointer -pipe -fforce-addr" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig candy ccache confcache distlocks metadata-transfer sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo http://mirror.datapipe.net/gentoo http://gentoo.mirrors.tds.net/gentoo http://gentoo.seren.com/gentoo" LDFLAGS="-Wl,-O1 -Wl,--enable-new-dtags -Wl,--hash-style=both -Wl,--as-needed -Wl,--sort-common -s" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/overlays/udept /usr/local/overlays/toolchain_overlay /usr/local/portage" SYNC="rsync://rsync.ca.gentoo.org/gentoo-portage" USE="x86 3dnow X509 acpi apache2 authdaemond bash-completion berkdb bzip2 bzlib ccache chroot crypt ctype curl curlwrappers dba dio dlloader elibc_glibc erandom exif extensions fortran ftp hardened hardenedphp imap innodb input_devices_keyboard input_devices_mouse ipv6 ithreads java javascript jpeg jpeg2k kernel_linux libg++ logrotate logwatch maildir memlimit mmx mpi mpm-worker multislot multiuser mysql mysqli nagios-dns nagios-ntp nagios-ping nagios-ssh neural nis nls nptl nptlonly nsplugin objc offensive pam pcntl perl pg-hier pg-intdatetime pg-vacuumdelay pic pie posix procmail readline sasl sendfile session sftplogging shaper shared sharedext sharedmem simplexml sockets softquota sse sse-filters ssl sysvipc szip tcpd threads unicode userland_GNU userlocales vda vhosts virtual-users virus-scan wddx xml xmlrpc xorg xsl zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS
(In reply to comment #111) > on ppc, nixnut reports the alias error message to be appearing but not stopping > the show: > > 19:32 < nixnut> ./debug/stack_chk_fail.c: * '__stack_smash_handler' aliased to > external symbol '__stack_chk_fail' Uhm, actually it bombs quite nicely once gcc really uses hardened.specs powerpc-unknown-linux-gnu-gcc stack_chk_fail.c -c -std=gnu99 -O2 -Wall -Winline -Wwrite-strings -fmerge-all-constants -freorder-blocks -mtune=G4 -pipe -mnew-mnemonics -Wstrict-prototypes -mlong-double-128 -I../include -I/var/tmp/portage/glibc-2.5/work/build-default-powerpc-unknown-linux-gnu-nptl/debug -I/var/tmp/portage/glibc-2.5/work/build-default-powerpc-unknown-linux-gnu-nptl -I../sysdeps/powerpc/powerpc32/elf -I../sysdeps/powerpc/elf -I../sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu -I../sysdeps/powerpc/powerpc32/fpu -I../nptl/sysdeps/unix/sysv/linux/powerpc/powerpc32 -I../sysdeps/unix/sysv/linux/powerpc/powerpc32 -I../nptl/sysdeps/unix/sysv/linux/powerpc -I../sysdeps/unix/sysv/linux/powerpc -I../sysdeps/ieee754/ldbl-128ibm -I../sysdeps/ieee754/ldbl-opt -I../ports/sysdeps/unix/sysv/linux -I../nptl/sysdeps/unix/sysv/linux -I../nptl/sysdeps/pthread -I../sysdeps/pthread -I../sysdeps/unix/sysv/linux -I../sysdeps/gnu -I../sysdeps/unix/common -I../sysdeps/unix/mman -I../sysdeps/unix/inet -I../ports/sysdeps/unix/sysv -I../nptl/sysdeps/unix/sysv -I../sysdeps/unix/sysv -I../sysdeps/unix/powerpc -I../ports/sysdeps/unix -I../nptl/sysdeps/unix -I../sysdeps/unix -I../sysdeps/posix -I../sysdeps/powerpc/powerpc32 -I../sysdeps/wordsize-32 -I../sysdeps/powerpc/fpu -I../ports/sysdeps/powerpc -I../nptl/sysdeps/powerpc -I../sysdeps/powerpc -I../sysdeps/ieee754/dbl-64 -I../sysdeps/ieee754/flt-32 -I../sysdeps/ieee754 -I../sysdeps/generic/elf -I../sysdeps/generic -I../ports -I../nptl -I.. -I../libio -I. -nostdinc -isystem /usr/lib/gcc/powerpc-unknown-linux-gnu/4.1.1/include -isystem /usr/include -D_LIBC_REENTRANT -include ../include/libc-symbols.h -DPIC -o /var/tmp/portage/glibc-2.5/work/build-default-powerpc-unknown-linux-gnu-nptl/debug/stack_chk_fail.o -MD -MP -MF /var/tmp/portage/glibc-2.5/work/build-default-powerpc-unknown-linux-gnu-nptl/debug/stack_chk_fail.o.dt -MT /var/tmp/portage/glibc-2.5/work/build-default-powerpc-unknown-linux-gnu-nptl/debug/stack_chk_fail.o stack_chk_fail.c:36: error:
(In reply to comment #111) > on ppc, nixnut reports the alias error message to be appearing but not stopping > the show: > > 19:32 < nixnut> ./debug/stack_chk_fail.c: * '__stack_smash_handler' aliased to > external symbol '__stack_chk_fail' Uhm, actually it bombs quite nicely once gcc really uses hardened.specs powerpc-unknown-linux-gnu-gcc stack_chk_fail.c -c -std=gnu99 -O2 -Wall -Winline -Wwrite-strings -fmerge-all-constants -freorder-blocks -mtune=G4 -pipe -mnew-mnemonics -Wstrict-prototypes -mlong-double-128 -I../include -I/var/tmp/portage/glibc-2.5/work/build-default-powerpc-unknown-linux-gnu-nptl/debug -I/var/tmp/portage/glibc-2.5/work/build-default-powerpc-unknown-linux-gnu-nptl -I../sysdeps/powerpc/powerpc32/elf -I../sysdeps/powerpc/elf -I../sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu -I../sysdeps/powerpc/powerpc32/fpu -I../nptl/sysdeps/unix/sysv/linux/powerpc/powerpc32 -I../sysdeps/unix/sysv/linux/powerpc/powerpc32 -I../nptl/sysdeps/unix/sysv/linux/powerpc -I../sysdeps/unix/sysv/linux/powerpc -I../sysdeps/ieee754/ldbl-128ibm -I../sysdeps/ieee754/ldbl-opt -I../ports/sysdeps/unix/sysv/linux -I../nptl/sysdeps/unix/sysv/linux -I../nptl/sysdeps/pthread -I../sysdeps/pthread -I../sysdeps/unix/sysv/linux -I../sysdeps/gnu -I../sysdeps/unix/common -I../sysdeps/unix/mman -I../sysdeps/unix/inet -I../ports/sysdeps/unix/sysv -I../nptl/sysdeps/unix/sysv -I../sysdeps/unix/sysv -I../sysdeps/unix/powerpc -I../ports/sysdeps/unix -I../nptl/sysdeps/unix -I../sysdeps/unix -I../sysdeps/posix -I../sysdeps/powerpc/powerpc32 -I../sysdeps/wordsize-32 -I../sysdeps/powerpc/fpu -I../ports/sysdeps/powerpc -I../nptl/sysdeps/powerpc -I../sysdeps/powerpc -I../sysdeps/ieee754/dbl-64 -I../sysdeps/ieee754/flt-32 -I../sysdeps/ieee754 -I../sysdeps/generic/elf -I../sysdeps/generic -I../ports -I../nptl -I.. -I../libio -I. -nostdinc -isystem /usr/lib/gcc/powerpc-unknown-linux-gnu/4.1.1/include -isystem /usr/include -D_LIBC_REENTRANT -include ../include/libc-symbols.h -DPIC -o /var/tmp/portage/glibc-2.5/work/build-default-powerpc-unknown-linux-gnu-nptl/debug/stack_chk_fail.o -MD -MP -MF /var/tmp/portage/glibc-2.5/work/build-default-powerpc-unknown-linux-gnu-nptl/debug/stack_chk_fail.o.dt -MT /var/tmp/portage/glibc-2.5/work/build-default-powerpc-unknown-linux-gnu-nptl/debug/stack_chk_fail.o stack_chk_fail.c:36: error: __stack_smash_handler aliased to external symbol __stack_chk_fail make[2]: *** [/var/tmp/portage/glibc-2.5/work/build-default-powerpc-unknown-linux-gnu-nptl/debug/stack_chk_fail.o] Error 1
I dont see why it is a problem to compile with ssp enabled, it can be solved either adding ssp-local.o* to libc.so as well or add to the linker libc_nonshared.a The second is anyways needed to have the associated libs (non-libc.so) been linked correctly
I've tried various modifications to the build process; adding libc_nonshared.a/stack_chk_fail_local.oS to various links but nothing so far has worked well for all of x86, amd64 and ppc. Worst problem is the strange error about the alias being illegal, which I just do not understand.
Using alias for __stack_chk_fail and __stack_smash_handler is wrong imho, they are different, the latter returns the failure. I have splitted up the code into common/uncommon for both, providing both functions separately in uClibc-svn/libc/sysdeps/linux/common/ssp.c. It would be easier if glibc would set up the libc.so linker script earlier and use that to compile instead of the binary libc.so (but they have a hack using 2 different libc.so libraries, one for general use, the other to link libpthread against
re bug http://bugs.gentoo.org/show_bug.cgi?id=149649 I think it's time to have a working version of these glibc changes in ~arch for being able to go with gcc-4.* and SSP So can we perhaps sum up the required changes to the glibc-2.4 or glibc-2.5 and make a list of things still unclear or in need of being technically worked out? So far the problems remaining that i can identify is the odd aliasing behaviour and warning messages with the backwards compatible stack smash handler function and the glibc building SSP protected failing maybe due to the same problem. Thanks, Alex
As you say, it's glibc that's holding back hardened gcc-4.1. Issues outstanding with glibc I can think of at the moment: 1) __stack_smash_handler (legacy support; weird aliasing issue) I agree with Peter that the best (and simplest, in the end) approach is to implement stack_smash_handler I think the best approach here is to implement stack_smash_handler independently. 2) __stack_chk_fail_local build issues I haven't been able to get glibc to build successfully with __stack_chk_fail_local when ssp-all is enabled on arches that use it. As Peter said, it should be enough to add stack_chk_fail_local.oS or libc_nonshared.a to the relevant links, but glibc's build process is quite involved. 3) Use SIG_ABORT instead of SIG_KILL in the handler, so that failing executables generate a core dump. This means masking signals (so that if SIG_ABORT is hooked, the hook doesn't get executed). This is not difficult, I just need to get around to doing it. An alternative to (1) and (2) is to build glibc without SSP (which is effectively what we have in glibc-2.3).
okay, do you think we can have it by the first or second week of november? Because then i would like to start testing the glibc and gcc-4.xx ebuilds. Thanks, Alex
(In reply to comment #119) > okay, do you think we can have it by the first or second week of november? > > Because then i would like to start testing the glibc and gcc-4.xx ebuilds. > > > Thanks, > > Alex > i second this
*** Bug 155786 has been marked as a duplicate of this bug. ***
ok - in my toolchain overlay: http://overlays.gentoo.org/svn/dev/kevquinn/hardened/toolchain I have a glibc-2.4-r4 ready for testing (I'll attach relevant pieces here as well, but getting it from my overlay may be easier). Unfortunately my amd64 machine won't boot Linux at the moment (after a bios upgrade :/ ) so I can't test amd64 anymore. I did test on amd64 a month or so ago, and the changes since then aren't significant so it should work (famous last words!). Changes for hardened are: 1) Builds the executables PIE. This includes a small hardened-specific patch to the makefiles. 2) Builds _without_ the stack protector, throughout. 3) Save CXXFLAGS when building multilib (otherwise filter-flags -fstack-protector fails in bizarre ways) 4) New handler for stack_chk_fail (stack_smash_handler). This does pretty much what the old one did; I've recently rigged it to ABRT instead of KILL, so that you should get a core dump when a stack smash occurs. I'm considering making this conditional on something like USE=debug, since core dumps could be considered an information leak? There are a few other differences, that are just for testing: 5) Run all tests even if a test fails, and warn only when tests fail rather than die. 6) Force pt_chown to be built BIND_NOW (which we get on hardened anyway) 7) Use ${S} instead of ${T} to remember ssp-compat, so that using ebuild phase by phase works (portage currently cleans out ${T} on each ebuild invocation - it doesn't wipe it between phases when invoked as emerge). Given up for the moment on trying to build glibc itself with the stack protector enabled throughout. We never used to do that anyway, just for the executables supplied with glibc, and with the gcc-4 style of ssp handling things have become more complex. It looks like to get this to work would mean significant patching to the build process which we'd rather avoid. Please, test (in a chroot!) and report back. Also, opinions on SIG_ABRT vs SIG_KILL would be useful.
Created attachment 102912 [details] Modified 2.4-r4 ebuild
Created attachment 102913 [details, diff] bind-now pt_chown patch - can be omitted for hardened (comment from ebuild if you do)
Created attachment 102914 [details, diff] make test phase run all tests, warn on failure instead of fail (for testing)
Created attachment 102915 [details, diff] makefile patching so that pie-building works - applied conditional on use=hardened && gcc-specs-pie
Created attachment 102916 [details] Hardened Gentoo SSP handler
I recall changing KILL to ABRT on uClibc, because sigaction (SIGKILL...) is not allowed, havent looked if it the case for you.
You can't attach actions to SIG_KILL (not permitted for sigaction, as you say). All that means, is that you don't have to remove any actions added previously by the process. SIG_ABRT on the other hand may have user-land code attached to it, hence the need to remove any such handlers before sending the signal. The idea being we want to be sure that the stack smash actually kills the process, and to avoid stack smashes in SIG_ABRT handlers causing a nasty loop. The reason for using SIG_ABRT is that it causes a core dump, useful for determining where and why the stack smash occurred. With SIG_KILL, you don't get anything. BTW; stuff in the pipeline from feedback so far, and from my own re-examination of the code: 1) the SIG_ABRT stuff added some calls to other functions, which I was trying to avoid; it'll need a little more work. Using __sigfillset instead of sigfillset eliminates the call there, and the sigaction call will be replaced by the appropriate syscall. 2) To be decided - whether to: a) install the upstream __libc_message() handler for non-hardened users b) have the SIG_ABRT handler on USE=debug (SIG_KILL normally), or to always install the SIG_ABRT handler
you could use INLINE/INTERNAL_SYSCALL(...) instead of syscallx(), the compatible compatible version is not correct, something like this would be more correct: void __stack_smash_handler(char func[], int attribute_unused damaged) attribute_noreturn; ...() { static const char msg[] = ": stack smashing attack in function "; signal_handling_blocking(); write(STDERR_FILENO, __progname, strlen(__progname)); write(STDERR_FILENO, message, strlen(message)); write(STDERR_FILENO, func, strlen(func)); abrt_kill_code(); see ssp.c in uClibc's svn.
on another note: why do you not use __x()|__libc_x() instead of x() (ex.sigaction) those are intended for internal use?
Using sigaction() was an error - I changed it to an in-line syscall (similarly sigfillset() -> __sigfillset()); the code is now all in-line (at least on x86). I've had a quick look into INLINE/INTERNAL_SYSCALL (didn't know they existed). They generate calls through a redirection table _dl_sysinfo, which seems to be the "vsyscall" page, but I'm getting out of my depth there. Is it sensible to worry about corruption of that table (which would subvert the handler)?
Comment on attachment 102913 [details, diff] bind-now pt_chown patch - can be omitted for hardened (comment from ebuild if you do) no, all lazy binding issues will be handled via Bug 71609 ... putting -Wl,-z,now into LDFLAGS for packages is not going to be done
#include <stdio.h> void __stack_chk_fail(void) __attribute__ ((weakref)); void __stack_chk_fail(void) __attribute__ ((alias ("__stack_smash_handler"))); int main (void) { printf ("before\n"); __stack_smash_handler (); printf ("after\n"); return (0); } AMD64 devbox pappy@miranda /tmp $ /usr/x86_64-pc-linux-gnu/gcc-bin/4.1.1/gcc -o strong strong.c; ./strong before *** stack smashing detected ***: ./strong terminated Aborted gcc version 4.1.1 (Gentoo 4.1.1) AMD64 devbox pappy@miranda /tmp $ gcc -o strong strong.c && ./strong strong.c:3: warning: `weakref' attribute directive ignored before *** stack smashing detected ***: ./strong terminated Aborted gcc version 3.4.6 (Gentoo 3.4.6-r1, ssp-3.4.5-1.0, pie-8.7.9) luna(ppc32) tmp $ gcc -o strong strong.c && ./strong strong.c:3: warning: `weakref' attribute directive ignored before strong: stack smashing attack in function Segmentation fault gcc version 3.4.4 (Gentoo Hardened 3.4.4-r1, HTB-3.4.4-1.00, ssp-3.4.4-1.0, pie-8.7.8) i gotta resolve this segfault... but i think it's because we are not giving the right args to the original stack smashing function in the testcase... :P INTEL x86 machine pappy@apocalypse /tmp $ gcc -o strong strong.c && ./strong before *** stack smashing detected ***: ./strong terminated Aborted gcc version 4.1.1 (Gentoo 4.1.1) as you can obviously see (and test for yourself) this works on x86 gcc-4.x, amd64 gcc-3.4.6+gcc-4.1.1, ppc32 gcc-3.4.4 for both cases: new glibc without __stack_smash_handler, old glibc with __stack_smash_handler. Awaiting your input on that. Alex
Post Scriptum: sparc has the same results as ppc32 regarding to the segfault of the stack smash handling function (i think it's the nullpointer dereferencing of the string holding the function name in the stack smash handler function) tomcat tmp # gcc -o strong strong.c strong.c:3: warning: `weakref' attribute directive ignored tomcat tmp # ./strong before strong: stack smashing attack in function Segmentation fault gcc version 3.4.5 (Gentoo 3.4.5, ssp-3.4.5-1.0, pie-8.7.9) TIA Alex
I wouldn't change the delivered message for __stack_smash_handler, else software relying on it won't catch it, it should stay as it was earlier
(In reply to comment #134) > i gotta resolve this segfault... but i think it's because we are not giving the > right args to the original stack smashing function in the testcase... :P I think you're probably right. I've updated the handler in svn so that the __stack_smash_handler() function behaves as it did in older versions. Most code is common - but it now generates the same message it used to, as Peter suggested, and deals with the parameters properly. The updated handler generates the new-style message if the 'func' is NULL - so if the segfaults are due to dereferencing a NULL pointer that should be resolved. However I think calling __stack_smash_handler without parameters could have any address on the stack, it's just NULL for the case where there's no old data on the stack from previous call trees. We don't need to worry about that though, since gcc-3.x will never generate the call without the correct parameters. > as you can obviously see (and test for yourself) this works on x86 gcc-4.x, > amd64 gcc-3.4.6+gcc-4.1.1, ppc32 gcc-3.4.4 for both cases: new glibc without > __stack_smash_handler, old glibc with __stack_smash_handler. Great; thanks for the testing. I'm just checking the new code works; I'll attach it here when that's done.
could anyone check if the generated are ok? I have built gcc-4.1.1-r3 and all *.specs are the same.
Created attachment 103032 [details] Hardened Gentoo SSP handler, take 2 Modifications: a) Uses INTERNAL_SYSCALL (syscalls via vsyscall table). b) Now outputs both old and new style messages (comments, please - reason for having old style message is to support existing syslog monitoring). c) Quite a bit of clean-up. Other items to be dealt with, one way or another, raised along the way: 1) dietlibc - mike suggested ditching that - do we (hardened) no longer support it (did we ever)? 2) whether to have only the new handler in this file, and have the ebuild copy it in conditionally.
Created attachment 103033 [details] 2.4-r4 ebuild - for take 2
reassingning to hardened and accepting bug, changing description
the patch used earlier to get the PIC version of libiberty.a is not enough for >=4.0.2, you need sed -i 's:^PICFLAG.*:PICFLAG = -fPIC:' ${S}/libiberty/Makefile.in
you cant really take toolchain out of the loop considering we're the ones going to be actually folding the patches back in
*shrug*
./freenode/#gentoo-dev.log-21:16 <@vapier> pappy-: i dont see why you need all that cruft when an alias to the function upstream has implemented works just as well ./freenode/#gentoo-dev.log-21:16 <+pappy-> vapier: it works not on all setups. ./freenode/#gentoo-dev.log-21:16 <+pappy-> vapier: the bug says it and i can show you setups where it fails to compile. ./freenode/#gentoo-dev.log:21:17 <@vapier> then you fix it, you dont re-implement the old handler ... ./freenode/#gentoo-dev.log-21:18 <+pappy-> vapier: thanks for your help. This is a patch of toolchain, gcc and glibc modifications for the hardened project. It is enabled with USE=hardened. If you don't like the patch: don't enable the use flag. Critics might say it "reimplements the old handler". However, this isn't the case. Our project is responsible for and our users depend on us to provide safe, stable and backwards compatible means of supporting SSP and PIE for the userland. The impact of SSP and PIE on main Gentoo userland has always been low because people using hardened could sufficiently set up and maintain systems with these technologies. For this reason we decided to put the focus on supporting the old stack smash handler function, the message it generates and it's original debugging behaviour. We even added functionality based on "debug" use flag. See the patch for more information. Alex
Issues we have with the aliased-to-upstream handler: 1) Support for the glibc-2.3 error message: <app>: stack smashing attack in <function> which users may be looking for with log monitoring software. Supporting the <function> bit when called from gcc-3 executables doesn't hurt It'll fade out eventually once people build everything with gcc-4 since that information simply isn't available from the call made by gcc-4. My suggestion would be to support both during glibc-2.4, and drop to just the new style messages in glibc-2.5 (or maybe from 2.6). 2) Compilation issues with aliasing some platforms/gcc versions I suspect this is due to not using latest stable gcc-3 on affected platforms. I only reproduced it when messing about with building glibc itself with ssp enabled.
Created attachment 103441 [details] Hardened Gentoo SSP handler, take 3 Changes: 1) hardened handler only - coped by ebuild conditional on USE=hardened 2) Use of SIGABRT managed by -DSSP_SMASH_DUMPS_CORE added by ebuild conditional on USE=debug 3) Issues both old and new-style smash errors to stderr and syslog, for transition. 4) Some code tidy-up
Created attachment 103442 [details] 2.4-r4 ebuild - for take 3
*** Bug 161071 has been marked as a duplicate of this bug. ***
Hi, when will this feature get into portage? I'd really like to convert some servers to hardened soon.
Real soon now, I hope. Some glibc test failures that had been a worry were resolved over the weekend, which was the last stumbling block for me. I'll be proposing the changes to toolchain over the next few days. For a preview, checkout the pieworld branch of my overlay: svn checkout http://overlays.gentoo.org/svn/dev/kevquinn/hardened/toolchain/branches/pieworld
Any updates on this? We would still like to start using hardened.
glibc-2.5-r2+ is the only thing supported now on hardened
Then why does emerge want to downgrade glibc from 2.4-r4 to 2.3.6-r5 when I switch to the hardened 2007.0 profile?
I'm having the same problem. ############ emerge --info ################## omc-server ~ # emerge --info Portage 2.1.2.7 (hardened/x86/2.6, gcc-4.1.1, glibc-2.4-r3, 2.6.18-hardened-r6 i686) ================================================================= System uname: 2.6.18-hardened-r6 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz Gentoo Base System release 1.12.9 Timestamp of tree: Mon, 21 May 2007 08:50:01 +0000 dev-lang/python: 2.4.4-r4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -march=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://mirror.uni-c.dk/pub/gentoo/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://gentoo.virginmedia.com/ http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/ " MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="berkdb crypt hardened midi nls pam pic readline ssl tcpd urandom x86 xorg zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
The new glibc is still masked. Likely on purpose, but why? omc-server ~ # eix glibc [D] sys-libs/glibc Available versions: (2.2) 2.2.5-r10 2.3.2-r12 2.3.5-r3 2.3.6-r5 [M]2.4-r4 [M]2.5-r2 **2.6 Installed versions: 2.4-r3(2.2)(17:29:10 08/03/06)(-build -glibc-omitfp -hardened -multilib nls nptl nptlonly -profile -selinux) Homepage: http://www.gnu.org/software/libc/libc.html Description: GNU libc6 (also called glibc2) C library
Because it needs the new hardened gcc stuff to build properly, and we haven't merged that yet.
(In reply to comment #158) > Because it needs the new hardened gcc stuff to build properly, and we haven't > merged that yet. Kevin, To avoid confusion here can you explain this in a bit more detail as glibc-2.5.r2 will merge 100% fine using an gcc-3.x toolchain and ssp continues to work. Please clarify what you mean.
(In reply to comment #159) > (In reply to comment #158) > > Because it needs the new hardened gcc stuff to build properly, and we haven't > > merged that yet. > > > Kevin, > To avoid confusion here can you explain this in a bit more detail as > glibc-2.5.r2 will merge 100% fine using an gcc-3.x toolchain and ssp > continues to work. Please clarify what you mean. To be honest, I've forgotten why, and can't think of any reason why it might be a problem now. I just tried it on a fresh x86 chroot, and I agree it seems fine on x86, although I haven't rebuilt world with it. If you want to unmask it on x86 (and other arches if you've tried it on them, the tests give sensible results and you think it's ok) I won't object - however I'm likely to be off-line for a week or so (moving house, combined with useless monopoly telecoms provider) and won't be able to field any support queries in that time.