| 1 |
On Tue, 2003-11-18 at 08:45, Peter S. Mazinger wrote: |
| 2 |
> On 18 Nov 2003, Ned Ludd wrote: |
| 3 |
> |
| 4 |
> > http://www.research.ibm.com/trl/projects/security/ssp/ |
| 5 |
> I didn't meant the original one, the needed modifications to remove |
| 6 |
> guard/smash from libgcc (the original one adds it to libgcc, but the |
| 7 |
> changes of gentoo put it into glibc. Or should it be present in libc and |
| 8 |
> libgcc? |
| 9 |
|
| 10 |
IMO that symbol should not be provided by libgcc.a. |
| 11 |
I think todays security update of glibc happens to fix all this. |
| 12 |
|
| 13 |
> |
| 14 |
> Peter |
| 15 |
> |
| 16 |
> |
| 17 |
> > On Mon, 2003-11-17 at 13:37, Peter S. Mazinger wrote: |
| 18 |
> > > On 17 Nov 2003, Ned Ludd wrote: |
| 19 |
> > > |
| 20 |
> > > > On Sun, 2003-11-16 at 19:46, Peter S. Mazinger wrote: |
| 21 |
> > > > > On 12 Nov 2003, Ned Ludd wrote: |
| 22 |
> > > > > |
| 23 |
> > > > > > On Wed, 2003-11-12 at 16:31, Peter S. Mazinger wrote: |
| 24 |
> > > > > > > There are problems building some of the binaries with propolice enabled |
| 25 |
> > > > > > > gcc, mainly the .hidden support in binutils has to be "hidden" from gcc, |
| 26 |
> > > > > > > but as I can see (read), the glibc version does not work flawlessly |
| 27 |
> > > > > > > either. |
| 28 |
> > > > > > > |
| 29 |
> > > > > > Have you successfully used ssp with uclibc? |
| 30 |
> > > > > It worked (somehow, not quite correct, and some packages where not |
| 31 |
> > > > > rebuildable) at the time where uClibc had support for LIBGCC_FUNCTIONS |
| 32 |
> > > > > (adding functions from libgcc to libc) This was the only way I got a |
| 33 |
> > > > > system running it (__guard and __smash... where added to libc). Since then |
| 34 |
> > > > > I cannot modify buildroot so that I get a system running, segfaults on all |
| 35 |
> > > > > the line (tested only with gcc-3.3.x and protector 3.3-5). I think the |
| 36 |
> > > > > solution would be to add the needed functions to uClibc (and remove them |
| 37 |
> > > > > from libgcc!!!). |
| 38 |
> > > > |
| 39 |
> > > > One of the hardened-gcc version introduced guard symbols to libgcc.a. |
| 40 |
> > > > I'm pretty sure this no longer should be the case if your running ~arch |
| 41 |
> > > > as they are in fact getting introduced into glibc. |
| 42 |
> > > > If you care to hack the functionaly into uClibc I'll point you at the |
| 43 |
> > > > glibc version from etoh http://dev.gentoo.org/~solar/ssp/guard.c |
| 44 |
> > > Where do I find the modified protector patch for gcc? |
| 45 |
> > > |
| 46 |
> > > Peter |
| 47 |
> > |
| 48 |
-- |
| 49 |
Ned Ludd <solar@g.o> |
| 50 |
Gentoo Linux Developer |
Archives