| 1 |
Thank you for reporting this. A fix for this problem with pam & cracklib |
| 2 |
is being worked on right now by the hardened team. We will post |
| 3 |
something to the gentoo-hardened mailing list when this is ready. |
| 4 |
|
| 5 |
|
| 6 |
On Fri, 2003-08-08 at 12:27, security mailing lists wrote: |
| 7 |
> This was using the completely out of the box standard 1.4 release live |
| 8 |
> cd. I didn't unmask anything at all, just added stack protection to |
| 9 |
> make.conf. This is an AthlonXP 2100 (MSI-KT3-Ultra2 w/512MB)Here are |
| 10 |
> some of the options from make.conf |
| 11 |
> |
| 12 |
> CHOST=i686-pc-linux-gnu |
| 13 |
> CFLAGS="-O3 -march=athlon-xp -fstack-protector -funroll-loops -pipe" |
| 14 |
> |
| 15 |
> Nothing unmasked or modified (ACCEPT_KEYWORDS commented out, etc) so |
| 16 |
> this was all standard packages (gcc-3.2.3-r1 and glibc-2.3.2-r1). |
| 17 |
> |
| 18 |
> I don't see anything on bugs.gentoo.com for problems with pam and stack |
| 19 |
> protection, just wanted to make sure I wasn't missing something before |
| 20 |
> I submitted the bug. The gentoo propolice project website says that |
| 21 |
> things should compile out of the box with the proper gcc/glibc used |
| 22 |
> above. |
| 23 |
> |
| 24 |
> |
| 25 |
> |
| 26 |
> > On Fri, 2003-08-08 at 10:02, Boyd Waters wrote: |
| 27 |
> > > security mailing lists wrote: |
| 28 |
> > > > When building a system from the ground up using stack protection, |
| 29 |
> > > > emerge system fails while building PAM. It complains the pam pwdb |
| 30 |
> > > > module did not get built. |
| 31 |
> > > > |
| 32 |
> > > > If I rebuild pwdb without stack protection, though it compiled fine with |
| 33 |
> > > > it the first time, I can then build pam with stack protection without |
| 34 |
> > > > any problems. |
| 35 |
> > > > |
| 36 |
> > > > This was using the base CD and the normal install process with just |
| 37 |
> > > > -fstack-protection added to /etc/make.conf before bootstrap (stage2) |
| 38 |
> > > |
| 39 |
> > > |
| 40 |
> > > Curious... I did not run into this problem, building a system from |
| 41 |
> > > ground up with GCC 3.3 -- |
| 42 |
> > > |
| 43 |
> > > I have an ebuild for a gcc-3.3 that uses the ProPolice patch from last |
| 44 |
> > > week, which was a more-recent patch than the standard 3.3 that was in |
| 45 |
> > > portage -- but I see that this is now gcc-3.3-r1 as of 04-August. |
| 46 |
> > > |
| 47 |
> > > Have you searched http://bugs.gentoo.org for this situation? It sounds |
| 48 |
> > > like a good bug report to me! What type of processor are you using? What |
| 49 |
> > > gcc/propolice version? |
| 50 |
> > > |
| 51 |
> > > -- boyd |
| 52 |
> > > |
| 53 |
> > > |
| 54 |
> |
| 55 |
> -- |
| 56 |
> gentoo-hardened@g.o mailing list |
| 57 |
-- |
| 58 |
Ned Ludd <solar@g.o> |
| 59 |
Gentoo Linux Developer (Hardened) |
| 60 |
|
| 61 |
|
| 62 |
-- |
| 63 |
gentoo-hardened@g.o mailing list |
Archives