| 1 |
Much thanks Brandon! I appreciate your effort to work past my vagueness. |
| 2 |
|
| 3 |
> Brandon Hale <tseng@g.o> wrote: |
| 4 |
> On Sun, 2004-07-18 at 09:22 -0700, wrote: |
| 5 |
> What do I need to do differently to emerge glibc-2.3.4.20040619? |
| 6 |
> |
| 7 |
> I recently emerged gcc 3.3.4-r1, WITHOUT the 'hardened' flag. I'm |
| 8 |
> trying to get everything compiled with ssp, but without ASLR (due to |
| 9 |
> memory consumption concerns) for the moment. From config.log in |
| 10 |
> glibc, I see that one of configure's tests failed, due to -nostdlib |
| 11 |
> excluding the definitions for __guard and __stack_smash_handler. This |
| 12 |
> caused glibc to think that -fexceptions fails for my gcc, later |
| 13 |
> leading to failure when building libio. |
| 14 |
|
| 15 |
By "without ASLR" I imagine you mean one of two things. Either you mean |
| 16 |
without PIE, which helps ASLR, or literally without ASLR, which is part |
| 17 |
of the kernel and has nothing to do with GCC. |
| 18 |
|
| 19 |
I am concerned about total RAM consumed by all processes using the address space layout randomization feature available when using a kernel with Pax. I have suspicions that such processes consume substantially more RAM, due primarily to the inability to share common segments (listed in /proc/*/maps) that have been randomized (i.e. different GOTs), but I'm really reaching here since I haven't studied the code and have found scant information on the relationship of shared segments, GOTs, and starting addresses. |
| 20 |
|
| 21 |
> With the first, I'll admit that PIE executables seem to be slightly |
| 22 |
> larger (acceptably, imo). but I am not aware of an additional strain on |
| 23 |
> memory. Correct me here, Solar? |
| 24 |
> |
| 25 |
> Are you passing -nostdlib in CFLAGS, or is that coming from the Makefile |
| 26 |
> in this following bit? Please file a proper bug report with this log and |
| 27 |
> `emerge info`, along with any other relevant information to |
| 28 |
> http://bugs.gentoo.org/ |
| 29 |
> Thanks :) |
| 30 |
|
| 31 |
Ohh, ok .. will do. I wasn't really sure this is a bug. I just hate to pester the developers, if I did something wrong in the way I emerge'd gcc and glibc. |
| 32 |
|
| 33 |
glibc's configure script added the -nostdlib flag. |
| 34 |
|
| 35 |
> The current implementation in our toolchain (PIE) is similar to ET_DYN |
| 36 |
> conceptually, but implemented later, largely by RedHat and input from |
| 37 |
> other players. You'll want to look around the toolchain mailinglist |
| 38 |
> archives. |
| 39 |
|
| 40 |
Ahhh ... this explains a lot. Sometimes I have trouble sorting out what I've read on hardened Gentoo project pages months ago and the new stuff on the list .. sometimes I'm not clear on what is no longer relevant or replaced. Now, I see a lot of what I read previously no longer applies (or at least not in the same way). |
Archives