* [gentoo-user] python: stack smashing attack
@ 2006-01-20 19:39 El Nino
2006-01-20 22:26 ` Richard Fish
0 siblings, 1 reply; 5+ messages in thread
From: El Nino @ 2006-01-20 19:39 UTC (permalink / raw
To: gentoo-user
Dear my friends,
i just try to issue '#emerge -e world' but it stoped by giving
following error... please help me to solve this problem.
#emerge info
Gentoo Base System version 1.12.0_pre14
Portage 2.1_pre3-r1 (default-linux/x86/2005.0, gcc-3.4.5,
glibc-2.3.6-r2, 2.6.15-gentoo-r1 i686)
=================================================================
System uname: 2.6.15-gentoo-r1 i686 Pentium III (Coppermine)
dev-lang/python: 2.3.4-r1, 2.4.2
sys-apps/sandbox: 1.2.17
sys-devel/autoconf: 2.13, 2.59-r7
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils: 2.16.1-r1
sys-devel/libtool: 1.5.22
virtual/os-headers: 2.6.11-r3
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium3 -O3 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env
/usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env
/usr/kde/3.5/share/config /usr/kde/3.5/shutdown
/usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/bind
/var/qmail/alias /var/qmail/control /var/vpopmail/domains
/var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/gconf /etc/splash /etc/terminfo /etc/env.d"
CXXFLAGS="-march=pentium3 -O3 -pipe"
DISTDIR="/home/storage/public/gentoo/distfiles"
FEATURES="autoconfig candy ccache distcc distlocks sandbox sfperms
strict userpriv usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LINGUAS="si en"
MAKEOPTS="-j2"
PKGDIR="/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://134.68.220.97/gentoo-portage"
USE="x86 16bit X a52 aac aalib acl acpi activefilter aliaschain alsa
apache2 apm asf async audiofile avi bash-completion berkdb
bitmap-fonts bl bluetooth bmp browserplugin bzip2 cdparanoia cdr
chroot cjk cnamefix crypt css cups curl customlog dbus dga dhcp
directfb divx4linux dlloader dpms dts dv dvb edl eds emboss encode
exif expat extraengine fam fame fax fb fbcon fbdev ffmpeg firefox flac
flash foomaticdb fortran fpx gd gdbm ggi gif gimp glut gmail gmp
gnutls gpgme gphoto2 gpm graphviz gstreamer gtk gtk2 gtkhtml hal hpn
id3 idn ieee1394 imagemagick imap imlib ipalias irda java javascript
jbig jikes jpeg jpeg2 jpeg2k justify kde kdgraphics kerberos lame lcd
lcms ldap libcaca libclamav libg++ libwww lirc logmail logrotate lzo
mad maildir mailwrapper md5sum mhash mikmod mime ming mjpeg mmap mmx
mng mono motif mozcalendar mozdevelop mozilla mozsvg mp3 mp4live mpeg
mpeg2 mpi mplayer multipleip musepack musicbrainz mysql nas ncurses
network nfs nis nls nntp nptl nptlonly nsplugin oav odbc ogg oggvorbis
openal openexr opengl oss pam pam_chroot pam_console pcre pdflib perl
player png pop ppds python qmail qt quicktime quotas readline real
roundrobin rtc samba scanner sdl shorten slang smime smp smtp sndfile
socks5 spamassassin speex spell spf sqlite sse sse-filters ssl
stencil-buffer svg svga swat sysfs syslog tcltk tcpd tetex tga theora
threads tiff tools truetype truetype-fonts type1-fonts ucs2 udev
underscores unicode usb utf8 v4l v4l2 vcd vhosts vidix vorbis
win32codecs winbind wmf xanim xine xml xml2 xmms xprint xv xvid xvmc
zeroconf zlib elibc_glibc kernel_linux linguas_si linguas_en
userland_GNU video_cards_ati"
Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, PORTDIR_OVERLAY
#emerge -e world
.....
........
..........
>>> checksums files ;-) files/debianutils-2.14.1-no-bs-namespace.patch
>>> checksums src_uri ;-) debianutils_2.15.tar.gz
>>> emerge (109 of 908) sys-apps/portage-2.1_pre3-r1 to /
>>> Previously fetched file: portage-2.1_pre3.tar.bz2 size ;-)
>>> Previously fetched file: portage-2.1_pre3.tar.bz2 MD5 ;-)
>>> checksums files ;-) portage-2.0.53.ebuild
>>> checksums files ;-) portage-2.1_pre3-r1.ebuild
python: stack smashing attack in function sha_done()
Aborted
--
...
"The future lies ahead."
_______________________
< Have you mooed today? >
----------------------------------------
\ ^__^
\ (oo) \_______
(__) \ )\/\
| |-----w |
| | | |
2.6.14-gentoo-r2-sinhalese-r1.0
(((o)))~--~--~--~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Proud to be a Sinhalese.
SINHALESE ARE GENIUSES OF IRRIGATION
http://easyweb.easynet.co.uk/~sydney/sinhales.htm
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] python: stack smashing attack
2006-01-20 19:39 [gentoo-user] python: " El Nino
@ 2006-01-20 22:26 ` Richard Fish
2006-01-20 23:29 ` Ryan Viljoen
0 siblings, 1 reply; 5+ messages in thread
From: Richard Fish @ 2006-01-20 22:26 UTC (permalink / raw
To: gentoo-user
On 1/20/06, El Nino <adaptit@gmail.com> wrote:
> Dear my friends,
>
> i just try to issue '#emerge -e world' but it stoped by giving
> following error... please help me to solve this problem.
There are a few bug reports of "stack smashing" problems on
bugs.gentoo.org, most seem to be related to using hardended profiles.
Strange, I don't see gcc-hardened or a hardened profile in your emerge
info output....however you are using distcc. So, are all of your
distcc hosts using the same version of gcc, or are any of them
"hardened"?
-Richard
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] python: stack smashing attack
2006-01-20 22:26 ` Richard Fish
@ 2006-01-20 23:29 ` Ryan Viljoen
0 siblings, 0 replies; 5+ messages in thread
From: Ryan Viljoen @ 2006-01-20 23:29 UTC (permalink / raw
To: gentoo-user
> info output....however you are using distcc. So, are all of your
> distcc hosts using the same version of gcc, or are any of them
> "hardened"?
I had a similar problem with distcc. Not a stack smashing attack
though. Distcc should not be used to emerge any core packages such as
python, portage, gcc etc. The compilation of python went wrong and
hence rendered my system useless. I ended up having to reinstall
unfortunately since my emerge was broke even typing emerge threw up
errors.
So let this serve as a warning to those thinking of using distcc. Make
sure your compilers are the same and that you are not emerging
critical packages.
--
Ryan Viljoen Bsc(Eng) (Electrical)
"Facts are stubborn things, but statistics are more pliable."
- Mark Twain
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
* [gentoo-user] python stack smashing attack
@ 2006-02-27 17:32 El Nino
2006-02-27 17:46 ` Richard Fish
0 siblings, 1 reply; 5+ messages in thread
From: El Nino @ 2006-02-27 17:32 UTC (permalink / raw
To: gentoo-user
dear friends,
yesterday i sync my portage. but after it completed i can't compile
some applications, its always saying following error. please help me
to solv this. i sync the portage today but still same result.
python: stack smashing attack in function sha_done()
Aborted
#emerge info
Gentoo Base System version 1.12.0_pre15
*** Deprecated use of action 'info', use '--info' instead
Portage 2.1_pre5 (default-linux/x86/2005.0, gcc-3.4.5, glibc-2.3.6-r2,
2.6.15-gentoo-r5-ait227a i686)
=================================================================
System uname: 2.6.15-gentoo-r5-ait227a i686 Pentium III (Coppermine)
dev-lang/python: 2.3.4-r1, 2.4.2
sys-apps/sandbox: 1.2.17
sys-devel/autoconf: 2.13, 2.59-r7
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils: 2.16.1-r1
sys-devel/libtool: 1.5.22
virtual/os-headers: 2.6.11-r3
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium3 -O3 -pipe -fstack-protector"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env
/usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env
/usr/kde/3.5/share/config /usr/kde/3.5/shutdown
/usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/bind
/var/qmail/alias /var/qmail/control /var/vpopmail/domains
/var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/gconf /etc/splash /etc/terminfo
/etc/texmf/web2c /etc/env.d"
CXXFLAGS="-march=pentium3 -O3 -pipe -fstack-protector"
DISTDIR="/home/storage/public/gentoo/distfiles"
FEATURES="autoconfig candy ccache distcc distlocks sandbox sfperms
strict userpriv usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LINGUAS="si en"
MAKEOPTS="-j2"
PKGDIR="/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://134.68.220.97/gentoo-portage"
USE="x86 16bit X a52 aac aalib acl acpi activefilter aliaschain alsa
apache2 apm asf async audiofile avi bash-completion berkdb
bitmap-fonts bl bluetooth browserplugin bzip2 cdparanoia cdr chroot
cjk clamav cnamefix cracklib crypt css cups curl customlog dbus dga
dhcp directfb divx4linux dlloader dpms dts dv dvb edl eds emboss
encode exif extraengine fame fax fb fbcon fbdev ffmpeg firefox flac
flash foomaticdb fortran fpx gd gdbm ggi gif gimp glut gmail gmp
gnutls gpgme gphoto2 gpm graphviz gstreamer gtk gtk2 gtkhtml hal hpn
id3 idn ieee1394 imagemagick imap imlib immqt ipalias ipv6 irda java
javascript jbig jikes jpeg jpeg2 jpeg2k justify kde kdgraphics
kerberos lame lcd lcms ldap libcaca libclamav libg++ libwww lirc
logmail logrotate lzo mad maildir mailwrapper md5sum mikmod mime mjpeg
mmap mmx mng mono motif mozcalendar mozdevelop mozilla mozsvg mp3
mp4live mpeg mpeg2 mpi mplayer multipleip musepack musicbrainz mysql
nas ncurses network nfs nis nls nntp nptl nptlonly nsplugin oav odbc
ogg oggvorbis openexr opengl oss pam pam_chroot pam_console pcmcia
pdflib perl player png pop posix ppds python qmail qt quicktime quotas
readline real roundrobin rtc samba scanner sdl shorten smime smp smtp
sndfile socks5 spamassassin speex spell spf sqlite sse sse-filters ssl
stencil-buffer svg svga swat sysfs syslog tcpd tetex tga theora
threads tiff tools truetype truetype-fonts type1-fonts ucs2
underscores unicode usb utf8 v4l v4l2 vcd vhosts vidix virus-scan
vorbis win32codecs winbind wmf xanim xine xml xml2 xmlreader xmms xpm
xprint xv xvid xvmc zeroconf zip zlib elibc_glibc kernel_linux
linguas_si linguas_en userland_GNU video_cards_ati"
Unset: ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LANG, LC_ALL, LDFLAGS,
PORTDIR_OVERLAY
--
...
"The future lies ahead."
_______________________
< Have you mooed today? >
----------------------------------------
\ ^__^
\ (oo) \_______
(__) \ )\/\
| |-----w |
| | | |
2.6.15-gentoo-r1-sinhalese-jan201
(((o)))~--~--~--~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Proud to be a Sinhalese.
SINHALESE ARE GENIUSES OF IRRIGATION
http://easyweb.easynet.co.uk/~sydney/sinhales.htm
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] python stack smashing attack
2006-02-27 17:32 [gentoo-user] python stack smashing attack El Nino
@ 2006-02-27 17:46 ` Richard Fish
0 siblings, 0 replies; 5+ messages in thread
From: Richard Fish @ 2006-02-27 17:46 UTC (permalink / raw
To: gentoo-user
On 2/27/06, El Nino <adaptit@gmail.com> wrote:
> yesterday i sync my portage. but after it completed i can't compile
> some applications, its always saying following error. please help me
> to solv this. i sync the portage today but still same result.
>
> python: stack smashing attack in function sha_done()
> Aborted
>
<snip>
> FEATURES="autoconfig candy ccache distcc distlocks sandbox sfperms
> strict userpriv usersandbox"
Do all of your distcc hosts use the same version of gcc?
Does this work if you do "FEATURES=-distcc emerge ..."
-Richard
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2006-02-27 17:57 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-02-27 17:32 [gentoo-user] python stack smashing attack El Nino
2006-02-27 17:46 ` Richard Fish
-- strict thread matches above, loose matches on Subject: below --
2006-01-20 19:39 [gentoo-user] python: " El Nino
2006-01-20 22:26 ` Richard Fish
2006-01-20 23:29 ` Ryan Viljoen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox