| 1 |
On Wed, 07 Jun 2006 11:18:06 -0400, Kevin F. Quinn |
| 2 |
<kevquinn-aBrp7R+bbdUdnm+yROfE0A@××××××××××××.org> wrote: |
| 3 |
|
| 4 |
THANK YOU for quickly replying to this newbie question! |
| 5 |
|
| 6 |
> First thing to do is to run kdesktop_lock from a terminal, and see |
| 7 |
> whether the error is the same. |
| 8 |
|
| 9 |
Got this: |
| 10 |
|
| 11 |
kdesktop_lock: stack smashing attack in function virtual void |
| 12 |
QWidget::create(WId, bool, bool)() |
| 13 |
Aborted |
| 14 |
|
| 15 |
|
| 16 |
> Also do: |
| 17 |
> |
| 18 |
> readelf -d $(which kdesktop_lock) |
| 19 |
> |
| 20 |
> and see which QT version it links to - if the rpath |
| 21 |
> includes /usr/qt/3/lib then it's linking to QT3 not QT4. |
| 22 |
> |
| 23 |
|
| 24 |
Got this: |
| 25 |
|
| 26 |
~ $ readelf -d $(which kdesktop_lock) |
| 27 |
|
| 28 |
Dynamic section at offset 0x2d7d8 contains 66 entries: |
| 29 |
Tag Type Name/Value |
| 30 |
0x00000001 (NEEDED) Shared library: [libXau.so.6] |
| 31 |
0x00000001 (NEEDED) Shared library: [libgcc_s.so.1] |
| 32 |
0x00000001 (NEEDED) Shared library: [libkio.so.4] |
| 33 |
0x00000001 (NEEDED) Shared library: [libkdeui.so.4] |
| 34 |
0x00000001 (NEEDED) Shared library: [libkdesu.so.4] |
| 35 |
0x00000001 (NEEDED) Shared library: |
| 36 |
[libkwalletclient.so.1] |
| 37 |
0x00000001 (NEEDED) Shared library: [libkdecore.so.4] |
| 38 |
0x00000001 (NEEDED) Shared library: [libDCOP.so.4] |
| 39 |
0x00000001 (NEEDED) Shared library: [libresolv.so.2] |
| 40 |
0x00000001 (NEEDED) Shared library: [libutil.so.1] |
| 41 |
0x00000001 (NEEDED) Shared library: |
| 42 |
[libart_lgpl_2.so.2] |
| 43 |
0x00000001 (NEEDED) Shared library: [libidn.so.11] |
| 44 |
0x00000001 (NEEDED) Shared library: [libkdefx.so.4] |
| 45 |
0x00000001 (NEEDED) Shared library: [libqt-mt.so.3] |
| 46 |
0x00000001 (NEEDED) Shared library: [libmng.so.1] |
| 47 |
0x00000001 (NEEDED) Shared library: [liblcms.so.1] |
| 48 |
0x00000001 (NEEDED) Shared library: [libjpeg.so.62] |
| 49 |
0x00000001 (NEEDED) Shared library: [libXrandr.so.2] |
| 50 |
0x00000001 (NEEDED) Shared library: [libXcursor.so.1] |
| 51 |
0x00000001 (NEEDED) Shared library: [libXft.so.2] |
| 52 |
0x00000001 (NEEDED) Shared library: |
| 53 |
[libfontconfig.so.1] |
| 54 |
0x00000001 (NEEDED) Shared library: [libfreetype.so.6] |
| 55 |
0x00000001 (NEEDED) Shared library: [libexpat.so.0] |
| 56 |
0x00000001 (NEEDED) Shared library: [libpng.so.3] |
| 57 |
0x00000001 (NEEDED) Shared library: [libXrender.so.1] |
| 58 |
0x00000001 (NEEDED) Shared library: [libz.so.1] |
| 59 |
0x00000001 (NEEDED) Shared library: [libfam.so.0] |
| 60 |
0x00000001 (NEEDED) Shared library: [libstdc++.so.6] |
| 61 |
0x00000001 (NEEDED) Shared library: |
| 62 |
[libXxf86misc.so.1] |
| 63 |
0x00000001 (NEEDED) Shared library: [libGLU.so.1] |
| 64 |
0x00000001 (NEEDED) Shared library: [libGL.so.1] |
| 65 |
0x00000001 (NEEDED) Shared library: [libSM.so.6] |
| 66 |
0x00000001 (NEEDED) Shared library: [libICE.so.6] |
| 67 |
0x00000001 (NEEDED) Shared library: [libXmu.so.6] |
| 68 |
0x00000001 (NEEDED) Shared library: [libXt.so.6] |
| 69 |
0x00000001 (NEEDED) Shared library: [libXext.so.6] |
| 70 |
0x00000001 (NEEDED) Shared library: [libXi.so.6] |
| 71 |
0x00000001 (NEEDED) Shared library: [libdl.so.2] |
| 72 |
0x00000001 (NEEDED) Shared library: [libpthread.so.0] |
| 73 |
0x00000001 (NEEDED) Shared library: [libX11.so.6] |
| 74 |
0x00000001 (NEEDED) Shared library: [libm.so.6] |
| 75 |
0x00000001 (NEEDED) Shared library: [libc.so.6] |
| 76 |
0x0000000f (RPATH) Library rpath: |
| 77 |
[/usr/kde/3.5/lib:/usr/qt/3/lib:/usr/lib/gcc/i686-pc-linux-gnu/3.4.6:/usr/lib/opengl/xorg-x11/lib:/usr/lib] |
| 78 |
0x0000001d (RUNPATH) Library runpath: |
| 79 |
[/usr/kde/3.5/lib:/usr/qt/3/lib:/usr/lib/gcc/i686-pc-linux-gnu/3.4.6:/usr/lib/opengl/xorg-x11/lib:/usr/lib] |
| 80 |
0x0000000c (INIT) 0xa400 |
| 81 |
0x0000000d (FINI) 0x29ba0 |
| 82 |
0x00000004 (HASH) 0x188 |
| 83 |
0x00000005 (STRTAB) 0x39e8 |
| 84 |
0x00000006 (SYMTAB) 0x1358 |
| 85 |
0x0000000a (STRSZ) 17950 (bytes) |
| 86 |
0x0000000b (SYMENT) 16 (bytes) |
| 87 |
0x00000015 (DEBUG) 0x0 |
| 88 |
0x00000003 (PLTGOT) 0x2ea08 |
| 89 |
0x00000002 (PLTRELSZ) 2760 (bytes) |
| 90 |
0x00000014 (PLTREL) REL |
| 91 |
0x00000017 (JMPREL) 0x9938 |
| 92 |
0x00000011 (REL) 0x8588 |
| 93 |
0x00000012 (RELSZ) 5040 (bytes) |
| 94 |
0x00000013 (RELENT) 8 (bytes) |
| 95 |
0x0000001e (FLAGS) BIND_NOW |
| 96 |
0x6ffffffb (FLAGS_1) Flags: NOW |
| 97 |
0x6ffffffe (VERNEED) 0x84d8 |
| 98 |
0x6fffffff (VERNEEDNUM) 3 |
| 99 |
0x6ffffff0 (VERSYM) 0x8006 |
| 100 |
0x6ffffffa (RELCOUNT) 171 |
| 101 |
0x00000000 (NULL) 0x0 |
| 102 |
|
| 103 |
|
| 104 |
So IIUC, |
| 105 |
|
| 106 |
1. It is indeed using the qt 3 directory; which means 3.3.6.r-1 libraries, |
| 107 |
and your patch will then still work!? I -guess- that I copy the "edit" |
| 108 |
notes from your bugzilla patch, insert it into a file named |
| 109 |
"qt-3.3.6-r1-dirty-ssp.patch"; put that into |
| 110 |
/usr/portage/x11-libs/qt/files, and then reemerge qt!? (I just noticed |
| 111 |
that my first attempt at this was deleted - I guess by portage - do I have |
| 112 |
to put the name of this patch into some sort of manifest?) |
| 113 |
|
| 114 |
2. If I have the 4.1.2 qt version, why are the 3x libraries still around? |
| 115 |
|
| 116 |
3. (IIRC, I recompiled KDE* after installing the new QT - yet KDE still |
| 117 |
uses 3.) |
| 118 |
|
| 119 |
> No... Are you sure it's using qt-4? qt major versions are slotted and |
| 120 |
> from qt3 to qt4 the library names have changed. |
| 121 |
|
| 122 |
4. What does "slotted" mean, please? (webopedia and google didn't help |
| 123 |
:-( ) |
| 124 |
|
| 125 |
> Report any findings on the same bug. |
| 126 |
> |
| 127 |
>> TIA (newbie) |
| 128 |
> |
| 129 |
> |
| 130 |
|
| 131 |
Thanks AGAIN!!! newbie |
| 132 |
-- |
| 133 |
gentoo-hardened@g.o mailing list |
Archives