From: Ned Ludd <solar@gentoo.org>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] Problems compiling xen - please help...
Date: Thu, 02 Feb 2006 10:48:22 -0500 [thread overview]
Message-ID: <1138895302.24052.25.camel@localhost> (raw)
In-Reply-To: <43E21F59.9070709@wildgooses.com>
On Thu, 2006-02-02 at 15:03 +0000, Ed W wrote:
> I am trying to get Xen running under a hardened kernel. The machine is
> currently booted with "selinux=1 enforcing=0". I am having trouble
> compiling:
>
>
> gcc -DDEBUG -D_ACPI_ -DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc
> -Wall -fno-builtin -O2 -msoft-float -m32 -march=i686 -D__ASSEMBLY__
> -DDEBUG -D_ACPI_ -DTEXTADDR=0x000D0000 -c trap.S
> gcc -DDEBUG -D_ACPI_ -DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc
> -Wall -fno-builtin -O2 -msoft-float -m32 -march=i686 -c vm86.c
> gcc -DDEBUG -D_ACPI_ -DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc
> -Wall -fno-builtin -O2 -msoft-float -m32 -march=i686 -c setup.c
> gcc -DDEBUG -D_ACPI_ -DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc
> -Wall -fno-builtin -O2 -msoft-float -m32 -march=i686 -c util.c
> cpp -P -DDEBUG -D_ACPI_ -DTEXTADDR=0x000D0000 vmxassist.ld > vmxassist.tmp
> ld -o vmxassist -m elf_i386 -nostdlib --fatal-warnings -N -T
> vmxassist.tmp head.o trap.o vm86.o setup.o util.o
> vm86.o: In function `address':
> vm86.c:(.text+0x19): undefined reference to `__guard'
> vm86.c:(.text+0x56): undefined reference to `__stack_smash_handler'
> vm86.o: In function `trace':
> vm86.c:(.text+0xe9): undefined reference to `__guard'
> vm86.c:(.text+0x141): undefined reference to `__guard'
> vm86.c:(.text+0x15d): undefined reference to `__stack_smash_handler'
> vm86.o: In function `getreg':
> vm86.c:(.text+0x278): undefined reference to `__guard'
> vm86.o: In function `.L23':
> ...etc...
That points at a faultly build system. Normally __guard &
__stack_smash_handler are symbols provided to userland. For kernels the
hardened specs have a rule to not add ssp. It uses !D__KERNEL__
and or uses the --nostdlib rules.
Chances are it needs to use -nostdlib for all the object code it
creates.
Now if your just lazy and dont want to fix xen itself then just switch
over to a set of set of vanilla specs. Compile whatever then switch
back. if that fails then include some ssp stubs to it. Same way
that's done in udev.
> I have tried various combinations of compiler using gcc-config. Neither
> gcc-3.4.4 or gcc-3.3.6 seem to do any better, hardened or not
>
> I suspect that this could be a problem with the compiler still using
> some hardend profile despite me asking for a non-hardened gcc? Can
> anyone please help debug this
>
> Ed W
--
Ned Ludd <solar@gentoo.org>
Gentoo Linux
--
gentoo-hardened@gentoo.org mailing list
next prev parent reply other threads:[~2006-02-02 15:50 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-02 15:03 [gentoo-hardened] Problems compiling xen - please help Ed W
2006-02-02 15:48 ` Ned Ludd [this message]
2006-02-02 15:53 ` Ed W
2006-02-02 17:02 ` Ed W
2006-02-04 10:16 ` Peter S. Mazinger
2006-02-02 17:34 ` Kevin F. Quinn (Gentoo)
2006-02-02 17:52 ` Ed W
2006-02-02 17:59 ` Ed W
2006-02-02 18:18 ` Ned Ludd
2006-02-02 19:35 ` Kevin F. Quinn (Gentoo)
2006-02-02 20:35 ` Ned Ludd
2006-02-02 21:41 ` Kevin F. Quinn (Gentoo)
2006-02-04 10:12 ` Peter S. Mazinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1138895302.24052.25.camel@localhost \
--to=solar@gentoo.org \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox