| 1 |
What do I need to do differently to emerge glibc-2.3.4.20040619? |
| 2 |
|
| 3 |
I recently emerged gcc 3.3.4-r1, WITHOUT the 'hardened' flag. I'm trying to get everything compiled with ssp, but without ASLR (due to memory consumption concerns) for the moment. From config.log in glibc, I see that one of configure's tests failed, due to -nostdlib excluding the definitions for __guard and __stack_smash_handler. This caused glibc to think that -fexceptions fails for my gcc, later leading to failure when building libio. |
| 4 |
|
| 5 |
configure:6211: checking for gcc -fexceptions |
| 6 |
configure:6224: gcc -no-integrated-cpp -fstack-protector-all -O2 -march=i586 -m3dnow -mmmx -freorder-blocks |
| 7 |
-nostdlib -nostartfiles -fexceptions |
| 8 |
-o conftest conftest.c 1>&5 |
| 9 |
/var/tmp/portage/glibc-2.3.4.20040619/temp/ccgdsRzN.o(.text+0x8): In function `_start': |
| 10 |
: undefined reference to `__guard' |
| 11 |
/var/tmp/portage/glibc-2.3.4.20040619/temp/ccgdsRzN.o(.text+0x22): In function `_start': |
| 12 |
: undefined reference to `__stack_smash_handler' |
| 13 |
/var/tmp/portage/glibc-2.3.4.20040619/temp/ccgdsRzN.o(.text+0x48): In function `__throw': |
| 14 |
: undefined reference to `__guard' |
| 15 |
/var/tmp/portage/glibc-2.3.4.20040619/temp/ccgdsRzN.o(.text+0x62): In function `__throw': |
| 16 |
: undefined reference to `__stack_smash_handler' |
| 17 |
collect2: ld returned 1 exit status |
| 18 |
configure:6227: $? = 1 |
| 19 |
configure:6235: result: no |
| 20 |
|
| 21 |
>From http://www.gentoo.org/proj/en/hardened/propolice.xml, I see notes that __guard and __stack_smash_handler are moving(ed?) elsewhere, but: |
| 22 |
|
| 23 |
# readelf --syms /lib/libc-2.3.3.so | grep stack_smash |
| 24 |
336: 0001596e 485 FUNC GLOBAL DEFAULT 11 __stack_smash_handler@@GLIBC_2.3.2 |
| 25 |
|
| 26 |
|
| 27 |
Now I can't find any relevant links on the hardened Gentoo "homepage" for ASLR, propolice, hardened gcc, etc, so I'm wondering what docs I should be reading instead of posting here? I noticed that Google doesn't even show pages linking to the propolice.xml page I listed above. ??? |
| 28 |
|
| 29 |
Thanks for any and all tips, especially links so I can go RTFM .. or is the answer RTFC (C=code)? |
| 30 |
|
| 31 |
Oh, and if anyone is still reading this far .. I haven't been able to find docs that explain the impact of Jakub's prelink vs. Pax ASLR. I'm guessing that prelink significantly reduces overall system consumption of RAM (via shared objects using the same memory), while ASLR has the opposite effect? Or does ASLR only prevent processes from sharing the GOT for shared offset? I'll find out eventually when I build my next text system and add Pax, and then compare with my current system. However, I really prefer to understand the reasons more deeply. |
| 32 |
|
| 33 |
Thanks to all for the awesome hardened Gentoo flavor! |
Archives