[gentoo-embedded] hardened gcc-4.1 and uclibc

[gentoo-embedded] hardened gcc-4.1 and uclibc

[Natanael Copa]

Hi,

I tried to upgrade my uclibc/hardened to gcc-4.1 today but it failed. I
discovered the the hardened flag was unset.

is i possible to run hardened uclibc with gcc or should I just drop that
for now? should gcc-4.1 be masked in the uclibc/hardened profile?

Thanks!

--
Natanael Copa

-- 
gentoo-embedded@gentoo.org mailing list

Re: [gentoo-embedded] hardened gcc-4.1 and uclibc

[Mike Frysinger]

[-- Attachment #1: Type: text/plain, Size: 365 bytes --]

On Monday 18 September 2006 16:41, Natanael Copa wrote:
> I tried to upgrade my uclibc/hardened to gcc-4.1 today but it failed. I
> discovered the the hardened flag was unset.

fixed in cvs

> is i possible to run hardened uclibc with gcc or should I just drop that
> for now? should gcc-4.1 be masked in the uclibc/hardened profile?

should be OK to run ...
-mike

[-- Attachment #2: Type: application/pgp-signature, Size: 827 bytes --]

Re: [gentoo-embedded] hardened gcc-4.1 and uclibc

[René Rhéaume]

> On Monday 18 September 2006 16:41, Natanael Copa wrote:
> > is i possible to run hardened uclibc with gcc or should I just drop that
> > for now? should gcc-4.1 be masked in the uclibc/hardened profile?
Where are hardened uclibc stages ? I did not find them on the download mirrors.
-- 
gentoo-embedded@gentoo.org mailing list

Re: [gentoo-embedded] hardened gcc-4.1 and uclibc

[Natanael Copa]

On Sat, 2006-09-23 at 00:13 -0400, Mike Frysinger wrote:
> On Monday 18 September 2006 16:41, Natanael Copa wrote:
> > I tried to upgrade my uclibc/hardened to gcc-4.1 today but it failed. I
> > discovered the the hardened flag was unset.
> 
> fixed in cvs
> 
> > is i possible to run hardened uclibc with gcc or should I just drop that
> > for now? should gcc-4.1 be masked in the uclibc/hardened profile?
> 
> should be OK to run ...

I get this:

Calculating dependencies... done!
[ebuild  NS   ] sys-devel/gcc-4.1.1  USE="(-altivec) -bootstrap -build
-doc -fortran -gcj -gtk (-hardened) -ip28 -ip32r10k -mudflap (-multilib)
-multislot (-n32) (-n64) (-nls) -nocxx -objc -objc++ -objc-gc -test
-vanilla" 0 kB

Note the (-hardened)

al-1.5 / # emerge --info | grep hard
Portage 2.1.1 (uclibc/x86/hardened, gcc-3.4.6, uclibc-0.9.28-r0,
2.6.18-gentoo i686)
USE="x86 X509 bitmap-fonts bri bzip2 cli cracklib dlloader dri
elibc_uclibc encode expat extensions hardened input_devices_evdev
input_devices_keyboard input_devices_mouse iproute2 ipv6 jpeg
kernel_linux mad minimal ncurses netboot ogg oss pci pcmcia pic png pppd
readline reflection rrdtool sensord session snmp speex spl ssl tdb
truetype truetype-fonts type1-fonts uclibc uclibc++ udev usb
userland_GNU userlocales video_cards_dummy video_cards_fbdev
video_cards_v4l winbind wordexp xorg zlib"


> -mike

-- 
gentoo-embedded@gentoo.org mailing list

Re: [gentoo-embedded] hardened gcc-4.1 and uclibc

[Mike Frysinger]

[-- Attachment #1: Type: text/plain, Size: 441 bytes --]

On Saturday 23 September 2006 10:40, Natanael Copa wrote:
> I get this:
>
> Calculating dependencies... done!
> [ebuild  NS   ] sys-devel/gcc-4.1.1  USE="(-altivec) -bootstrap -build
> -doc -fortran -gcj -gtk (-hardened) -ip28 -ip32r10k -mudflap (-multilib)
> -multislot (-n32) (-n64) (-nls) -nocxx -objc -objc++ -objc-gc -test
> -vanilla" 0 kB

prob because i added gcc/hardened to default-linux/package.use.mask

should be fixed now
-mike

[-- Attachment #2: Type: application/pgp-signature, Size: 827 bytes --]

Re: [gentoo-embedded] hardened gcc-4.1 and uclibc

[Natanael Copa]

On Sat, 2006-09-23 at 10:55 -0400, Mike Frysinger wrote:
> On Saturday 23 September 2006 10:40, Natanael Copa wrote:
> > I get this:
> >
> > Calculating dependencies... done!
> > [ebuild  NS   ] sys-devel/gcc-4.1.1  USE="(-altivec) -bootstrap -build
> > -doc -fortran -gcj -gtk (-hardened) -ip28 -ip32r10k -mudflap (-multilib)
> > -multislot (-n32) (-n64) (-nls) -nocxx -objc -objc++ -objc-gc -test
> > -vanilla" 0 kB
> 
> prob because i added gcc/hardened to default-linux/package.use.mask
> 
> should be fixed now

Its still not fixed. Note the (-hardened)

al-1.5 / # emerge -pv gcc

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild  NS   ] sys-devel/gcc-4.1.1  USE="(-altivec) -bootstrap -build
-doc -fortran -gcj -gtk (-hardened) -ip28 -ip32r10k -mudflap (-multilib)
-multislot (-n32) (-n64) (-nls) -nocxx -objc -objc++ -objc-gc -test
-vanilla" 0 kB

Total size of downloads: 0 kB
al-1.5 / # emerge -pv \<gcc-4

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R   ] sys-devel/gcc-3.4.6-r1  USE="(-altivec) -bootstrap
-boundschecking -build -doc -fortran -gcj -gtk (-hardened*) -ip28
-ip32r10k (-multilib) -multislot (-n32) (-n64) (-nls) -nocxx -nopie
-nossp -objc -test% -vanilla" 12,330 kB

Total size of downloads: 12,330 kB


I removed it from default-linux/package.use.mask manually but the
compile died with a stacksmashing attack. I'm not sure if I should
report it on bugzilla, since it says that its not supported.

stage1/xgcc -Bstage1/ -B/usr/i386-gentoo-linux-uclibc/bin/ -c   -march=i386 -pipe -O2 -fprofile-generate -DIN_GCC   -W -Wall -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -pedantic -Wno-long-long -Wno-variadic-macros -Wold-style-definition -Wmissing-format-attribute     -DHAVE_CONFIG_H -I. -I. -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc/. -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc/../include -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc/../libcpp/include     genrtl.c -o genrtl.o
stage1/xgcc -Bstage1/ -B/usr/i386-gentoo-linux-uclibc/bin/ -c   -march=i386 -pipe -O2 -fprofile-generate -DIN_GCC   -W -Wall -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -pedantic -Wno-long-long -Wno-variadic-macros -Wold-style-definition -Wmissing-format-attribute     -DHAVE_CONFIG_H -I. -I. -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc/. -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc/../include -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc/../libcpp/include     /var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc/ggc-common.c -o ggc-common.o
stage1/cc1: stack smashing attack in function ix86_split_to_parts()
xgcc: Internal error: Killed (program cc1)
Please submit a full bug report.
See <URL:http://bugs.gentoo.org/> for instructions.
make[2]: *** [ggc-common.o] Error 1
make[2]: Leaving directory `/var/tmp/portage/gcc-4.1.1/work/build/gcc'
make[1]: *** [stageprofile_build] Error 2
make[1]: Leaving directory `/var/tmp/portage/gcc-4.1.1/work/build/gcc'
make: *** [profiledbootstrap] Error 2


-- 
gentoo-embedded@gentoo.org mailing list

Re: [gentoo-embedded] hardened gcc-4.1 and uclibc

[Mike Frysinger]

[-- Attachment #1: Type: text/plain, Size: 138 bytes --]

On Saturday 23 September 2006 18:46, Natanael Copa wrote:
> Its still not fixed. Note the (-hardened)

should be fixed now for real
-mike

[-- Attachment #2: Type: application/pgp-signature, Size: 827 bytes --]

Re: [gentoo-embedded] hardened gcc-4.1 and uclibc

[Natanael Copa]

On Mon, 2006-09-25 at 09:52 -0400, Mike Frysinger wrote:
> On Saturday 23 September 2006 18:46, Natanael Copa wrote:
> > Its still not fixed. Note the (-hardened)
> 
> should be fixed now for real

I reported a bug on it but got the reponse: "not supported"
https://bugs.gentoo.org/show_bug.cgi?id=149292

I took a quick look at ix86_split_to_parts() but debugging compilers is
not really my thing. I could not see nything obvious that could cause a
stack smash.

:-(


> -mike

-- 
gentoo-embedded@gentoo.org mailing list

Re: [gentoo-embedded] hardened gcc-4.1 and uclibc

[Peter S. Mazinger]

On Sun, 24 Sep 2006, Natanael Copa wrote:

> On Sat, 2006-09-23 at 10:55 -0400, Mike Frysinger wrote:
> > On Saturday 23 September 2006 10:40, Natanael Copa wrote:
> > > I get this:
> > >
> > > Calculating dependencies... done!
> > > [ebuild  NS   ] sys-devel/gcc-4.1.1  USE="(-altivec) -bootstrap -build
> > > -doc -fortran -gcj -gtk (-hardened) -ip28 -ip32r10k -mudflap (-multilib)
> > > -multislot (-n32) (-n64) (-nls) -nocxx -objc -objc++ -objc-gc -test
> > > -vanilla" 0 kB
> > 
> > prob because i added gcc/hardened to default-linux/package.use.mask
> > 
> > should be fixed now
> 
> Its still not fixed. Note the (-hardened)
> 
> al-1.5 / # emerge -pv gcc
> 
> These are the packages that would be merged, in order:
> 
> Calculating dependencies... done!
> [ebuild  NS   ] sys-devel/gcc-4.1.1  USE="(-altivec) -bootstrap -build
> -doc -fortran -gcj -gtk (-hardened) -ip28 -ip32r10k -mudflap (-multilib)
> -multislot (-n32) (-n64) (-nls) -nocxx -objc -objc++ -objc-gc -test
> -vanilla" 0 kB
> 
> Total size of downloads: 0 kB
> al-1.5 / # emerge -pv \<gcc-4
> 
> These are the packages that would be merged, in order:
> 
> Calculating dependencies... done!
> [ebuild   R   ] sys-devel/gcc-3.4.6-r1  USE="(-altivec) -bootstrap
> -boundschecking -build -doc -fortran -gcj -gtk (-hardened*) -ip28
> -ip32r10k (-multilib) -multislot (-n32) (-n64) (-nls) -nocxx -nopie
> -nossp -objc -test% -vanilla" 12,330 kB
> 
> Total size of downloads: 12,330 kB
> 
> 
> I removed it from default-linux/package.use.mask manually but the
> compile died with a stacksmashing attack. I'm not sure if I should
> report it on bugzilla, since it says that its not supported.
> 
> stage1/xgcc -Bstage1/ -B/usr/i386-gentoo-linux-uclibc/bin/ -c   -march=i386 -pipe -O2 -fprofile-generate -DIN_GCC   -W -Wall -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -pedantic -Wno-long-long -Wno-variadic-macros -Wold-style-definition -Wmissing-format-attribute     -DHAVE_CONFIG_H -I. -I. -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc/. -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc/../include -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc/../libcpp/include     genrtl.c -o genrtl.o
> stage1/xgcc -Bstage1/ -B/usr/i386-gentoo-linux-uclibc/bin/ -c   -march=i386 -pipe -O2 -fprofile-generate -DIN_GCC   -W -Wall -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -pedantic -Wno-long-long -Wno-variadic-macros -Wold-style-definition -Wmissing-format-attribute     -DHAVE_CONFIG_H -I. -I. -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc/. -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc/../include -I/var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc/../libcpp/include     /var/tmp/portage/gcc-4.1.1/work/gcc-4.1.1/gcc/ggc-common.c -o ggc-common.o
> stage1/cc1: stack smashing attack in function ix86_split_to_parts()
> xgcc: Internal error: Killed (program cc1)
> Please submit a full bug report.
> See <URL:http://bugs.gentoo.org/> for instructions.
> make[2]: *** [ggc-common.o] Error 1
> make[2]: Leaving directory `/var/tmp/portage/gcc-4.1.1/work/build/gcc'
> make[1]: *** [stageprofile_build] Error 2
> make[1]: Leaving directory `/var/tmp/portage/gcc-4.1.1/work/build/gcc'
> make: *** [profiledbootstrap] Error 2

hardened for gcc-4.x is not done at all (not even for a glibc env), 
the above bug can be solved though by adapting the patch applied to 
gcc-3.4, search toolchain.eclass for ix86_split_to_parts (that comment is 
wrong there and the conditions as well, the patch is needed in any case, 
if the building compiler is hardened.

Peter

-- 
Peter S. Mazinger <ps dot m at gmx dot net>           ID: 0xA5F059F2
Key fingerprint = 92A4 31E1 56BC 3D5A 2D08  BB6E C389 975E A5F0 59F2

-- 
gentoo-embedded@gentoo.org mailing list