1 |
Thank you for reporting this. A fix for this problem with pam & cracklib |
2 |
is being worked on right now by the hardened team. We will post |
3 |
something to the gentoo-hardened mailing list when this is ready. |
4 |
|
5 |
|
6 |
On Fri, 2003-08-08 at 12:27, security mailing lists wrote: |
7 |
> This was using the completely out of the box standard 1.4 release live |
8 |
> cd. I didn't unmask anything at all, just added stack protection to |
9 |
> make.conf. This is an AthlonXP 2100 (MSI-KT3-Ultra2 w/512MB)Here are |
10 |
> some of the options from make.conf |
11 |
> |
12 |
> CHOST=i686-pc-linux-gnu |
13 |
> CFLAGS="-O3 -march=athlon-xp -fstack-protector -funroll-loops -pipe" |
14 |
> |
15 |
> Nothing unmasked or modified (ACCEPT_KEYWORDS commented out, etc) so |
16 |
> this was all standard packages (gcc-3.2.3-r1 and glibc-2.3.2-r1). |
17 |
> |
18 |
> I don't see anything on bugs.gentoo.com for problems with pam and stack |
19 |
> protection, just wanted to make sure I wasn't missing something before |
20 |
> I submitted the bug. The gentoo propolice project website says that |
21 |
> things should compile out of the box with the proper gcc/glibc used |
22 |
> above. |
23 |
> |
24 |
> |
25 |
> |
26 |
> > On Fri, 2003-08-08 at 10:02, Boyd Waters wrote: |
27 |
> > > security mailing lists wrote: |
28 |
> > > > When building a system from the ground up using stack protection, |
29 |
> > > > emerge system fails while building PAM. It complains the pam pwdb |
30 |
> > > > module did not get built. |
31 |
> > > > |
32 |
> > > > If I rebuild pwdb without stack protection, though it compiled fine with |
33 |
> > > > it the first time, I can then build pam with stack protection without |
34 |
> > > > any problems. |
35 |
> > > > |
36 |
> > > > This was using the base CD and the normal install process with just |
37 |
> > > > -fstack-protection added to /etc/make.conf before bootstrap (stage2) |
38 |
> > > |
39 |
> > > |
40 |
> > > Curious... I did not run into this problem, building a system from |
41 |
> > > ground up with GCC 3.3 -- |
42 |
> > > |
43 |
> > > I have an ebuild for a gcc-3.3 that uses the ProPolice patch from last |
44 |
> > > week, which was a more-recent patch than the standard 3.3 that was in |
45 |
> > > portage -- but I see that this is now gcc-3.3-r1 as of 04-August. |
46 |
> > > |
47 |
> > > Have you searched http://bugs.gentoo.org for this situation? It sounds |
48 |
> > > like a good bug report to me! What type of processor are you using? What |
49 |
> > > gcc/propolice version? |
50 |
> > > |
51 |
> > > -- boyd |
52 |
> > > |
53 |
> > > |
54 |
> |
55 |
> -- |
56 |
> gentoo-hardened@g.o mailing list |
57 |
-- |
58 |
Ned Ludd <solar@g.o> |
59 |
Gentoo Linux Developer (Hardened) |
60 |
|
61 |
|
62 |
-- |
63 |
gentoo-hardened@g.o mailing list |