| 1 |
> > configure:6211: checking for gcc -fexceptions |
| 2 |
> > configure:6224: gcc -no-integrated-cpp -fstack-protector-all -O2 - |
| 3 |
> > march=i586 -m3dnow -mmmx -freorder-blocks |
| 4 |
> > -nostdlib -nostartfiles -fexceptions |
| 5 |
> > -o conftest conftest.c 1>&5 |
| 6 |
> > /var/tmp/portage/glibc-2.3.4.20040619/temp/ccgdsRzN.o(.text+0x8): In |
| 7 |
> > function `_start': |
| 8 |
> > : undefined reference to `__guard' |
| 9 |
> > /var/tmp/portage/glibc-2.3.4.20040619/temp/ccgdsRzN.o(.text+0x22): In |
| 10 |
> > function `_start': |
| 11 |
> > : undefined reference to `__stack_smash_handler' |
| 12 |
> > /var/tmp/portage/glibc-2.3.4.20040619/temp/ccgdsRzN.o(.text+0x48): In |
| 13 |
> > function `__throw': |
| 14 |
> > : undefined reference to `__guard' |
| 15 |
> > /var/tmp/portage/glibc-2.3.4.20040619/temp/ccgdsRzN.o(.text+0x62): In |
| 16 |
> > function `__throw': |
| 17 |
> > : undefined reference to `__stack_smash_handler' |
| 18 |
> > collect2: ld returned 1 exit status |
| 19 |
> > configure:6227: $? = 1 |
| 20 |
> > configure:6235: result: no |
| 21 |
|
| 22 |
the above is the result of using -fstack-protector-all (which enables |
| 23 |
ssp in gcc and will create the __guard/__stack_smash_handler references) |
| 24 |
and -nostdlib that will prevent linking to libc (where these symbols |
| 25 |
normally resolv). i wonder how that -fstack-protector-all ended up |
| 26 |
there since you're not using a hardened gcc. |
| 27 |
|
| 28 |
> > Oh, and if anyone is still reading this far .. I haven't been able to |
| 29 |
> > find docs that explain the impact of Jakub's prelink vs. Pax ASLR. |
| 30 |
> > I'm guessing that prelink significantly reduces overall system |
| 31 |
> > consumption of RAM (via shared objects using the same memory), while |
| 32 |
> > ASLR has the opposite effect? Or does ASLR only prevent processes |
| 33 |
> > from sharing the GOT for shared offset? I'll find out eventually when |
| 34 |
> > I build my next text system and add Pax, and then compare with my |
| 35 |
> > current system. However, I really prefer to understand the reasons |
| 36 |
> > more deeply. |
| 37 |
|
| 38 |
prelink doesn't significantly reduce physical memory usage, rather |
| 39 |
it speeds up runtime linking (by mapping shared libraries at the same |
| 40 |
virtual addresses hence saving on runtime relocation). there will be |
| 41 |
some memory savings for shared libraries whose .got is large enough |
| 42 |
to spread over several physical pages, but that's hardly measurable |
| 43 |
to the .data and other sections (not to mention the stack/heap) that |
| 44 |
constitute the major part of a task's physical memory usage (as in, |
| 45 |
physical memory that has to be instantiated per task and is not shared |
| 46 |
between them). |
| 47 |
|
| 48 |
PaX doesn't affect physical memory usage much, only the stack and the |
| 49 |
brk() managed heap will take up to one extra page each. the extra virtual |
| 50 |
memory usage is almost the same, one page for the stack and 16 pages |
| 51 |
for the brk() heap. what really changes under PaX (and what is at odds |
| 52 |
with prelink) is the random start addresses of various address regions |
| 53 |
(heap/stack/libs/etc) and the gaps between them (i.e., the maximum size |
| 54 |
of a mapping that'd fit in there). |
| 55 |
|
| 56 |
|
| 57 |
-- |
| 58 |
gentoo-hardened@g.o mailing list |
Archives