1 |
On Thu, 8 Jul 2004, Alexander Gabert wrote: |
2 |
|
3 |
> pageexec@××××××××.hu wrote: |
4 |
> |
5 |
> >>Duplicate symbol __i686.get_pc_thunk.bx in /usr/X11R6/lib/modules/fo |
6 |
> >>p.a:bitmapmod.o |
7 |
> >>Also defined in /usr/X11R6/lib/modules/fonts/libbitmap.a |
8 |
> >> |
9 |
> >>The only way I have been able to fix it is to recompile gcc without the |
10 |
> >>hardened use flag and then recompile xfree. Does anyone have any idea |
11 |
> >>how I can run a hardened system and still use X? |
12 |
> >> |
13 |
> >> |
14 |
> > |
15 |
> >first of all, even if you can compile X with the elf loader (as in |
16 |
> >your case above) it would not work under PaX, you have to use a |
17 |
> >static server or the dlloader for that. latter is work in progress |
18 |
> >(or lots of manual work) so that leaves a static server for now, and |
19 |
> >if you need 3rd party binary drivers then you can't do even that, you |
20 |
> >have to disable PaX on your X server. |
21 |
> > |
22 |
> >second, the above error is the result of hardened gcc forcefully |
23 |
> >compiling the .o files of libbitmap.a with -fPIC and some problem |
24 |
> >in the elfloader that doesn't take into account that the symbol |
25 |
> >in question is marked as hidden and thus should not be visible |
26 |
> >outside of a .o file let alone generate duplicate symbol errors. |
27 |
> > |
28 |
> > |
29 |
> dear pipacs, |
30 |
> i talked to solar about this today and had the same assumption: the gcc |
31 |
> is "spreading" something like that into the object files which does not |
32 |
> belong there normally... but my assumption was a mere compiler error or |
33 |
> sth. your explanation makes even more sense than that. |
34 |
> Do you think the problem is with the new hardened gcc specs that |
35 |
> automatically adds -fPIC if no -fPIC is found? |
36 |
> This flipflop logic may be the cause for the .a library getting misbuilt |
37 |
> as PIC with the gcc internal preparation function showing up in the |
38 |
> object files... |
39 |
|
40 |
we do not enforce -fPIC, the enforcement is -fPIE (it should be somehow |
41 |
different, not usable in shared libs) |
42 |
|
43 |
Peter |
44 |
|
45 |
-- |
46 |
Peter S. Mazinger <ps dot m at gmx dot net> ID: 0xA5F059F2 |
47 |
Key fingerprint = 92A4 31E1 56BC 3D5A 2D08 BB6E C389 975E A5F0 59F2 |
48 |
|
49 |
|
50 |
____________________________________________________________________ |
51 |
Miert fizetsz az internetert? Korlatlan, ingyenes internet hozzaferes a FreeStarttol. |
52 |
Probald ki most! http://www.freestart.hu |
53 |
|
54 |
-- |
55 |
gentoo-hardened@g.o mailing list |