1 |
> > configure:6211: checking for gcc -fexceptions |
2 |
> > configure:6224: gcc -no-integrated-cpp -fstack-protector-all -O2 - |
3 |
> > march=i586 -m3dnow -mmmx -freorder-blocks |
4 |
> > -nostdlib -nostartfiles -fexceptions |
5 |
> > -o conftest conftest.c 1>&5 |
6 |
> > /var/tmp/portage/glibc-2.3.4.20040619/temp/ccgdsRzN.o(.text+0x8): In |
7 |
> > function `_start': |
8 |
> > : undefined reference to `__guard' |
9 |
> > /var/tmp/portage/glibc-2.3.4.20040619/temp/ccgdsRzN.o(.text+0x22): In |
10 |
> > function `_start': |
11 |
> > : undefined reference to `__stack_smash_handler' |
12 |
> > /var/tmp/portage/glibc-2.3.4.20040619/temp/ccgdsRzN.o(.text+0x48): In |
13 |
> > function `__throw': |
14 |
> > : undefined reference to `__guard' |
15 |
> > /var/tmp/portage/glibc-2.3.4.20040619/temp/ccgdsRzN.o(.text+0x62): In |
16 |
> > function `__throw': |
17 |
> > : undefined reference to `__stack_smash_handler' |
18 |
> > collect2: ld returned 1 exit status |
19 |
> > configure:6227: $? = 1 |
20 |
> > configure:6235: result: no |
21 |
|
22 |
the above is the result of using -fstack-protector-all (which enables |
23 |
ssp in gcc and will create the __guard/__stack_smash_handler references) |
24 |
and -nostdlib that will prevent linking to libc (where these symbols |
25 |
normally resolv). i wonder how that -fstack-protector-all ended up |
26 |
there since you're not using a hardened gcc. |
27 |
|
28 |
> > Oh, and if anyone is still reading this far .. I haven't been able to |
29 |
> > find docs that explain the impact of Jakub's prelink vs. Pax ASLR. |
30 |
> > I'm guessing that prelink significantly reduces overall system |
31 |
> > consumption of RAM (via shared objects using the same memory), while |
32 |
> > ASLR has the opposite effect? Or does ASLR only prevent processes |
33 |
> > from sharing the GOT for shared offset? I'll find out eventually when |
34 |
> > I build my next text system and add Pax, and then compare with my |
35 |
> > current system. However, I really prefer to understand the reasons |
36 |
> > more deeply. |
37 |
|
38 |
prelink doesn't significantly reduce physical memory usage, rather |
39 |
it speeds up runtime linking (by mapping shared libraries at the same |
40 |
virtual addresses hence saving on runtime relocation). there will be |
41 |
some memory savings for shared libraries whose .got is large enough |
42 |
to spread over several physical pages, but that's hardly measurable |
43 |
to the .data and other sections (not to mention the stack/heap) that |
44 |
constitute the major part of a task's physical memory usage (as in, |
45 |
physical memory that has to be instantiated per task and is not shared |
46 |
between them). |
47 |
|
48 |
PaX doesn't affect physical memory usage much, only the stack and the |
49 |
brk() managed heap will take up to one extra page each. the extra virtual |
50 |
memory usage is almost the same, one page for the stack and 16 pages |
51 |
for the brk() heap. what really changes under PaX (and what is at odds |
52 |
with prelink) is the random start addresses of various address regions |
53 |
(heap/stack/libs/etc) and the gaps between them (i.e., the maximum size |
54 |
of a mapping that'd fit in there). |
55 |
|
56 |
|
57 |
-- |
58 |
gentoo-hardened@g.o mailing list |