| 1 |
This was using the completely out of the box standard 1.4 release live |
| 2 |
cd. I didn't unmask anything at all, just added stack protection to |
| 3 |
make.conf. This is an AthlonXP 2100 (MSI-KT3-Ultra2 w/512MB)Here are |
| 4 |
some of the options from make.conf |
| 5 |
|
| 6 |
CHOST=i686-pc-linux-gnu |
| 7 |
CFLAGS="-O3 -march=athlon-xp -fstack-protector -funroll-loops -pipe" |
| 8 |
|
| 9 |
Nothing unmasked or modified (ACCEPT_KEYWORDS commented out, etc) so |
| 10 |
this was all standard packages (gcc-3.2.3-r1 and glibc-2.3.2-r1). |
| 11 |
|
| 12 |
I don't see anything on bugs.gentoo.com for problems with pam and stack |
| 13 |
protection, just wanted to make sure I wasn't missing something before |
| 14 |
I submitted the bug. The gentoo propolice project website says that |
| 15 |
things should compile out of the box with the proper gcc/glibc used |
| 16 |
above. |
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
> On Fri, 2003-08-08 at 10:02, Boyd Waters wrote: |
| 21 |
> > security mailing lists wrote: |
| 22 |
> > > When building a system from the ground up using stack protection, |
| 23 |
> > > emerge system fails while building PAM. It complains the pam pwdb |
| 24 |
> > > module did not get built. |
| 25 |
> > > |
| 26 |
> > > If I rebuild pwdb without stack protection, though it compiled fine with |
| 27 |
> > > it the first time, I can then build pam with stack protection without |
| 28 |
> > > any problems. |
| 29 |
> > > |
| 30 |
> > > This was using the base CD and the normal install process with just |
| 31 |
> > > -fstack-protection added to /etc/make.conf before bootstrap (stage2) |
| 32 |
> > |
| 33 |
> > |
| 34 |
> > Curious... I did not run into this problem, building a system from |
| 35 |
> > ground up with GCC 3.3 -- |
| 36 |
> > |
| 37 |
> > I have an ebuild for a gcc-3.3 that uses the ProPolice patch from last |
| 38 |
> > week, which was a more-recent patch than the standard 3.3 that was in |
| 39 |
> > portage -- but I see that this is now gcc-3.3-r1 as of 04-August. |
| 40 |
> > |
| 41 |
> > Have you searched http://bugs.gentoo.org for this situation? It sounds |
| 42 |
> > like a good bug report to me! What type of processor are you using? What |
| 43 |
> > gcc/propolice version? |
| 44 |
> > |
| 45 |
> > -- boyd |
| 46 |
> > |
| 47 |
> > |
| 48 |
|
| 49 |
-- |
| 50 |
gentoo-hardened@g.o mailing list |
Archives