* [gentoo-hardened] stack smashing attack while compiling qt on amd64
@ 2005-12-11 16:09 Nicolas MASSE
2005-12-11 19:20 ` pageexec
0 siblings, 1 reply; 5+ messages in thread
From: Nicolas MASSE @ 2005-12-11 16:09 UTC (permalink / raw
To: gentoo-hardened
Hello,
I tried to compile qt-4.0.1 on my amd64 box and the build failed with :
for /tmp/portage/qt-4.0.1/work/qt-x11-opensource-src-4.0.1/examples/linguist/arrowpad/arrowpad.pro
(linux-g++-64)
/tmp/portage/qt-4.0.1/work/qt-x11-opensource-src-4.0.1/bin/qmake
-spec /tmp/portage/qt-4.0.1/work/qt-x11-opensource-src-4.0.1/mkspecs/linux-g++-64
-o /tmp/portage/qt-4.0.1/work/qt-x11-opensource-src-4.0.1/./examples/linguist/arrowpad /tmp/portage/qt-4.0.1/work/qt-x11-opensource-src-4.0.1/examples/linguist/arrowpad/arrowpad.pro
qmake: stack smashing attack in function virtual bool
UnixMakefileGenerator::findLibraries()()
./configure: line 3901: 1293 Aborted QTDIR="$outpath"
$QMAKE_EXEC
NOTE: This platform does not support runtime library paths, using
-no-rpath.
Qt is now configured for building. Just run 'gmake'.
Once everything is built, you must run 'gmake install'.
Qt will be installed into /usr/lib64/qt4
To reconfigure, run 'gmake confclean' and 'configure'.
make: *** No rule to make target `sub-tools-all-ordered'. Stop.
!!! ERROR: x11-libs/qt-4.0.1 failed.
!!! Function src_compile, Line 144, Exitcode 2
!!! (no error message)
!!! If you need support, post the topmost build error, NOT this status
message.
Does anyone experienced this ? Do you think this is amd64 specific ?
My make.profile : ../var/portage/profiles/hardened/amd64
My kernel : 2.6.13-hardened-r2
Best regards.
Nicolas MASSE
--
gentoo-hardened@gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-hardened] stack smashing attack while compiling qt on amd64
2005-12-11 16:09 [gentoo-hardened] stack smashing attack while compiling qt on amd64 Nicolas MASSE
@ 2005-12-11 19:20 ` pageexec
2005-12-11 19:52 ` Nicolas MASSE
0 siblings, 1 reply; 5+ messages in thread
From: pageexec @ 2005-12-11 19:20 UTC (permalink / raw
To: gentoo-hardened
On 11 Dec 2005 at 17:09, Nicolas MASSE wrote:
> qmake: stack smashing attack in function virtual bool
> UnixMakefileGenerator::findLibraries()()
[...]
> Does anyone experienced this ? Do you think this is amd64 specific ?
is it reproducible? if yes, someone can debug it and see if it's
an application bug or that of SSP (it's known to generate bad
code for C++ apps sometimes.)
--
gentoo-hardened@gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-hardened] stack smashing attack while compiling qt on amd64
2005-12-11 19:20 ` pageexec
@ 2005-12-11 19:52 ` Nicolas MASSE
2005-12-11 20:12 ` pageexec
0 siblings, 1 reply; 5+ messages in thread
From: Nicolas MASSE @ 2005-12-11 19:52 UTC (permalink / raw
To: gentoo-hardened
On Sunday 11 December 2005 20:20, pageexec@freemail.hu wrote:
> On 11 Dec 2005 at 17:09, Nicolas MASSE wrote:
> > qmake: stack smashing attack in function virtual bool
> > UnixMakefileGenerator::findLibraries()()
>
> [...]
>
> > Does anyone experienced this ? Do you think this is amd64 specific ?
>
> is it reproducible? if yes, someone can debug it and see if it's
> an application bug or that of SSP (it's known to generate bad
> code for C++ apps sometimes.)
Yes, the bug is always reproductible. Should I fill a bug report ?
Since I'm an IT student, maybe can I try to debug the program, with some help
however...
Nicolas MASSE
--
gentoo-hardened@gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-hardened] stack smashing attack while compiling qt on amd64
2005-12-11 19:52 ` Nicolas MASSE
@ 2005-12-11 20:12 ` pageexec
2005-12-11 22:29 ` Nicolas MASSE
0 siblings, 1 reply; 5+ messages in thread
From: pageexec @ 2005-12-11 20:12 UTC (permalink / raw
To: gentoo-hardened
On 11 Dec 2005 at 20:52, Nicolas MASSE wrote:
> Yes, the bug is always reproductible. Should I fill a bug report ?
yes, at least for tracking purposes (i doubt we'll fix it though
per se, it's either a qt or ssp bug).
> Since I'm an IT student, maybe can I try to debug the program, with some help
> however...
ok, i'll give you a few ideas then. start building qt and when it
crashes, note the last command that was executed, change to the
directory it was run from and execute this command yourself, just
to see it abort again. if that works, then you should run the
command inside gdb and when it aborts and gdb gets control back,
you can do the usual hunt for the cause (look at the stack backtrace,
stack content, set breakpoints, rerun the app, etc).
--
gentoo-hardened@gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-hardened] stack smashing attack while compiling qt on amd64
2005-12-11 20:12 ` pageexec
@ 2005-12-11 22:29 ` Nicolas MASSE
0 siblings, 0 replies; 5+ messages in thread
From: Nicolas MASSE @ 2005-12-11 22:29 UTC (permalink / raw
To: gentoo-hardened
On Sunday 11 December 2005 21:12, pageexec@freemail.hu wrote:
> On 11 Dec 2005 at 20:52, Nicolas MASSE wrote:
> > Yes, the bug is always reproductible. Should I fill a bug report ?
>
> yes, at least for tracking purposes (i doubt we'll fix it though
> per se, it's either a qt or ssp bug).
>
I filled a bug report (#115237)
Nicolas MASSE
--
gentoo-hardened@gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-12-11 22:33 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-12-11 16:09 [gentoo-hardened] stack smashing attack while compiling qt on amd64 Nicolas MASSE
2005-12-11 19:20 ` pageexec
2005-12-11 19:52 ` Nicolas MASSE
2005-12-11 20:12 ` pageexec
2005-12-11 22:29 ` Nicolas MASSE
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox