Gentoo Archives: gentoo-dev

From: Alexander Gabert <pappy@g.o>
To: gentoo-dev@g.o
Cc: gentoo-hardened@g.o
Subject: [gentoo-dev] impact of the propolice migration with glibc-2.3.2-r3 and gcc-3.2.3-r3 - requesting new livecd, stage1, stage2 and stage3 for all platforms but hppa - combo bug 25299
Date: Tue, 02 Dec 2003 21:25:33
Message-Id: 1070400384.9442.23.camel@camille.external
1 Dear Gentoo developers,
3 when Dr. Etoh has finished working on the new updated propolice patches,
4 influenced by our extensive testing, which will then make it into the
5 -r4 versions of current glibc and gcc, i would like the responsible
6 rollout teams to create new livecd's and new stages 1-3 to get the final
7 steps of the gcc/glibc propolice migration done in the first quarter of
8 2004.
10 This includes normal environments as well as the hardened livecd and/or
11 stages for etdyn-ssp and selinux support.
13 All supported hardware platforms, except hppa where propolice cannot be
14 utilized due to an upgrowing stack, are affected by the last steps of
15 the propolice migration on Gentoo Linux.
17 At the moment, most if not all livecd and the stages found in the field
18 and on the mirrors contain a glibc without the guard symbols and a gcc
19 with the guard symbols in place.
21 When a user installs a fresh system, she or he has to obey certain baby
22 steps to create a working condition for using propolice either in
23 make.conf:CFLAGS or with the available hardened-gcc packages.
25 It is also important for ensuring gcc -static not failing with an error
26 message describing multiple occurrences of symbols, this error message
27 with running "gcc -static" may even happen without using the propolice
28 -fstack-protector in CFLAGS or having hardened-gcc on a system, it is
29 produced by the linker detecting multiple copies of the propolice object
30 and functions in glibc and libgcc during the final -static linking run
31 when the glibc has been compiled with the guard patch and the gcc in
32 place has not yet been compiled with the move-propolice-to-glibc patch.
34 recommended procedure for stage3:
35 = emerge sync (get the current portage tree from the internet)
36 - emerge glibc gcc (this will emerge glibc-2.3.2-r3 and gcc-3.2.3-r3)
37 - emerge =uv system
39 recommended procedure for stage2:
40 = emerge sync (get the current portage tree from the internet)
41 - emerge glibc gcc (this will emerge glibc-2.3.2-r3 and gcc-3.2.3-r3)
42 - emerge system
44 The updated glibc emerge will add the guard object and the necessary
45 functions from propolice to the glibc and the following gcc emerge will
46 remove the guard object and the corresponding functions.
48 Also because of the migration, users of stage1 can experience
49 problems due to the fact that the glibc may get emerged
50 after the gcc which will then lead to the situation that gcc has not
51 removed the propolice guard object and the setup functions due to a
52 glibc not found on the system that has the guard object.
54 When we can make sure that stage1 does the emerge of the
55 glibc before gcc gets emerged during bootstrapping, we are safe.
56 Otherwise subsequent emerges of ebuilds could fail with -static error
57 messages or in the case of hardened with -fstack-protector failing on
58 ebuilds.
60 Thanks for your attention and patience with the hardened team.
62 So far, the scanner script utilized in the gcc ebuild is generating only
63 true positives and is urging users to reinstall the components depending
64 on the __guard object in the libgcc before the gcc can be emerged.
65 This will prevent systems from getting inconsistent due to binaries like
66 python2.2 relying on the libgcc __guard object.
67 Please do not remove or tamper with this safety belt in the ebuild.
68 You can contact me and get information from the comments in the bug
69 25299 about the procedures necessary for the migration.
71 The author of PaX is preparing a propolice supported, text relocation
72 free, etdyn-based XFree86 server with a dynamic library module loading
73 mechanism instead of the old ELF-based method.
75 Also, the emerging of openoffice with hardened-gcc -yet_exec using
76 propolice is not yet failing here with gcc ICE after some hours
77 compiling time, if this finally succeeds, gcc-3.3.2-r3 will be the first
78 known good gcc to compile openoffice with the propolice stack-protector.
80 I would like to give credit to the involved Gentoo developers and
81 testers, the upstream and related security specialists in the vicinity
82 of the Gentoo Hardened sub-projects for their ongoing commitment and
83 leading solution support in the sector of host-based userland hardening
84 - without the combined efforts and the widely available helping hands in
85 the whole Gentoo developer community, these advancements would have
86 never been possible.
88 Alexander
89 --
90 Alexander Gabert <pappy@g.o>
94 --
95 gentoo-dev@g.o mailing list