[gentoo-dev] impact of the propolice migration with glibc-2.3.2-r3 and gcc-3.2.3-r3 - requesting new livecd, stage1, stage2 and stage3 for all platforms but hppa - combo bug 25299 - gentoo-dev

From:	Alexander Gabert <pappy@g.o>
To:	gentoo-dev@g.o
Cc:	gentoo-hardened@g.o
Subject:	[gentoo-dev] impact of the propolice migration with glibc-2.3.2-r3 and gcc-3.2.3-r3 - requesting new livecd, stage1, stage2 and stage3 for all platforms but hppa - combo bug 25299
Date:	Tue, 02 Dec 2003 21:25:33
Message-Id:	`1070400384.9442.23.camel@camille.external`

1

Dear Gentoo developers,

2

3

when Dr. Etoh has finished working on the new updated propolice patches,

4

influenced by our extensive testing, which will then make it into the

5

-r4 versions of current glibc and gcc, i would like the responsible

6

rollout teams to create new livecd's and new stages 1-3 to get the final

7

steps of the gcc/glibc propolice migration done in the first quarter of

8

2004.

9

10

This includes normal environments as well as the hardened livecd and/or

11

stages for etdyn-ssp and selinux support.

12

13

All supported hardware platforms, except hppa where propolice cannot be

14

utilized due to an upgrowing stack, are affected by the last steps of

15

the propolice migration on Gentoo Linux.

16

17

At the moment, most if not all livecd and the stages found in the field

18

and on the mirrors contain a glibc without the guard symbols and a gcc

19

with the guard symbols in place.

20

21

When a user installs a fresh system, she or he has to obey certain baby

22

steps to create a working condition for using propolice either in

23

make.conf:CFLAGS or with the available hardened-gcc packages.

24

25

It is also important for ensuring gcc -static not failing with an error

26

message describing multiple occurrences of symbols, this error message

27

with running "gcc -static" may even happen without using the propolice

28

-fstack-protector in CFLAGS or having hardened-gcc on a system, it is

29

produced by the linker detecting multiple copies of the propolice object

30

and functions in glibc and libgcc during the final -static linking run

31

when the glibc has been compiled with the guard patch and the gcc in

32

place has not yet been compiled with the move-propolice-to-glibc patch.

33

34

recommended procedure for stage3:

35

= emerge sync (get the current portage tree from the internet)

36

- emerge glibc gcc (this will emerge glibc-2.3.2-r3 and gcc-3.2.3-r3)

37

- emerge =uv system

38

39

recommended procedure for stage2:

40

= emerge sync (get the current portage tree from the internet)

41

- emerge glibc gcc (this will emerge glibc-2.3.2-r3 and gcc-3.2.3-r3)

42

- emerge system

43

44

The updated glibc emerge will add the guard object and the necessary

45

functions from propolice to the glibc and the following gcc emerge will

46

remove the guard object and the corresponding functions.

47

48

Also because of the migration, users of stage1 can experience

49

bootstrap.sh problems due to the fact that the glibc may get emerged

50

after the gcc which will then lead to the situation that gcc has not

51

removed the propolice guard object and the setup functions due to a

52

glibc not found on the system that has the guard object.

53

54

When we can make sure that stage1 bootstrap.sh does the emerge of the

55

glibc before gcc gets emerged during bootstrapping, we are safe.

56

Otherwise subsequent emerges of ebuilds could fail with -static error

57

messages or in the case of hardened with -fstack-protector failing on

58

ebuilds.

59

60

Thanks for your attention and patience with the hardened team.

61

62

So far, the scanner script utilized in the gcc ebuild is generating only

63

true positives and is urging users to reinstall the components depending

64

on the __guard object in the libgcc before the gcc can be emerged.

65

This will prevent systems from getting inconsistent due to binaries like

66

python2.2 relying on the libgcc __guard object.

67

Please do not remove or tamper with this safety belt in the ebuild.

68

You can contact me and get information from the comments in the bug

69

25299 about the procedures necessary for the migration.

70

71

The author of PaX is preparing a propolice supported, text relocation

72

free, etdyn-based XFree86 server with a dynamic library  module loading

73

mechanism instead of the old ELF-based method.

74

75

Also, the emerging of openoffice with hardened-gcc -yet_exec using

76

propolice is not yet failing here with gcc ICE after some hours

77

compiling time, if this finally succeeds, gcc-3.3.2-r3 will be the first

78

known good gcc to compile openoffice with the propolice stack-protector.

79

80

I would like to give credit to the involved Gentoo developers and

81

testers, the upstream and related security specialists in the vicinity

82

of the Gentoo Hardened sub-projects for their ongoing commitment and

83

leading solution support in the sector of host-based userland hardening

84

- without the combined efforts and the widely available helping hands in

85

the whole Gentoo developer community, these advancements would have

86

never been possible.

87

88

Alexander

89

--

90

Alexander Gabert <pappy@g.o>

91

http://www.gentoo.org/proj/en/hardened

92

93

94

--

95

gentoo-dev@g.o mailing list

1	Dear Gentoo developers,
2
3	when Dr. Etoh has finished working on the new updated propolice patches,
4	influenced by our extensive testing, which will then make it into the
5	-r4 versions of current glibc and gcc, i would like the responsible
6	rollout teams to create new livecd's and new stages 1-3 to get the final
7	steps of the gcc/glibc propolice migration done in the first quarter of
8	2004.
9
10	This includes normal environments as well as the hardened livecd and/or
11	stages for etdyn-ssp and selinux support.
12
13	All supported hardware platforms, except hppa where propolice cannot be
14	utilized due to an upgrowing stack, are affected by the last steps of
15	the propolice migration on Gentoo Linux.
16
17	At the moment, most if not all livecd and the stages found in the field
18	and on the mirrors contain a glibc without the guard symbols and a gcc
19	with the guard symbols in place.
20
21	When a user installs a fresh system, she or he has to obey certain baby
22	steps to create a working condition for using propolice either in
23	make.conf:CFLAGS or with the available hardened-gcc packages.
24
25	It is also important for ensuring gcc -static not failing with an error
26	message describing multiple occurrences of symbols, this error message
27	with running "gcc -static" may even happen without using the propolice
28	-fstack-protector in CFLAGS or having hardened-gcc on a system, it is
29	produced by the linker detecting multiple copies of the propolice object
30	and functions in glibc and libgcc during the final -static linking run
31	when the glibc has been compiled with the guard patch and the gcc in
32	place has not yet been compiled with the move-propolice-to-glibc patch.
33
34	recommended procedure for stage3:
35	= emerge sync (get the current portage tree from the internet)
36	- emerge glibc gcc (this will emerge glibc-2.3.2-r3 and gcc-3.2.3-r3)
37	- emerge =uv system
38
39	recommended procedure for stage2:
40	= emerge sync (get the current portage tree from the internet)
41	- emerge glibc gcc (this will emerge glibc-2.3.2-r3 and gcc-3.2.3-r3)
42	- emerge system
43
44	The updated glibc emerge will add the guard object and the necessary
45	functions from propolice to the glibc and the following gcc emerge will
46	remove the guard object and the corresponding functions.
47
48	Also because of the migration, users of stage1 can experience
49	bootstrap.sh problems due to the fact that the glibc may get emerged
50	after the gcc which will then lead to the situation that gcc has not
51	removed the propolice guard object and the setup functions due to a
52	glibc not found on the system that has the guard object.
53
54	When we can make sure that stage1 bootstrap.sh does the emerge of the
55	glibc before gcc gets emerged during bootstrapping, we are safe.
56	Otherwise subsequent emerges of ebuilds could fail with -static error
57	messages or in the case of hardened with -fstack-protector failing on
58	ebuilds.
59
60	Thanks for your attention and patience with the hardened team.
61
62	So far, the scanner script utilized in the gcc ebuild is generating only
63	true positives and is urging users to reinstall the components depending
64	on the __guard object in the libgcc before the gcc can be emerged.
65	This will prevent systems from getting inconsistent due to binaries like
66	python2.2 relying on the libgcc __guard object.
67	Please do not remove or tamper with this safety belt in the ebuild.
68	You can contact me and get information from the comments in the bug
69	25299 about the procedures necessary for the migration.
70
71	The author of PaX is preparing a propolice supported, text relocation
72	free, etdyn-based XFree86 server with a dynamic library module loading
73	mechanism instead of the old ELF-based method.
74
75	Also, the emerging of openoffice with hardened-gcc -yet_exec using
76	propolice is not yet failing here with gcc ICE after some hours
77	compiling time, if this finally succeeds, gcc-3.3.2-r3 will be the first
78	known good gcc to compile openoffice with the propolice stack-protector.
79
80	I would like to give credit to the involved Gentoo developers and
81	testers, the upstream and related security specialists in the vicinity
82	of the Gentoo Hardened sub-projects for their ongoing commitment and
83	leading solution support in the sector of host-based userland hardening
84	- without the combined efforts and the widely available helping hands in
85	the whole Gentoo developer community, these advancements would have
86	never been possible.
87
88	Alexander
89	--
90	Alexander Gabert <pappy@g.o>
91	http://www.gentoo.org/proj/en/hardened
92
93
94	--
95	gentoo-dev@g.o mailing list

Gentoo Archives: gentoo-dev