* [Bug libc/7065] Support building glibc with -fstack-protector or -fstack-protector-all
2008-12-04 0:39 [Bug libc/7065] New: Support building glibc with -fstack-protector or -fstack-protector-all nix at esperi dot org dot uk
@ 2008-12-04 0:47 ` drepper at redhat dot com
2008-12-04 0:54 ` nix at esperi dot org dot uk
` (9 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: drepper at redhat dot com @ 2008-12-04 0:47 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2008-12-04 00:44 -------
Never going to happen.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
http://sourceware.org/bugzilla/show_bug.cgi?id=7065
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/7065] Support building glibc with -fstack-protector or -fstack-protector-all
2008-12-04 0:39 [Bug libc/7065] New: Support building glibc with -fstack-protector or -fstack-protector-all nix at esperi dot org dot uk
2008-12-04 0:47 ` [Bug libc/7065] " drepper at redhat dot com
@ 2008-12-04 0:54 ` nix at esperi dot org dot uk
2008-12-04 0:57 ` nix at esperi dot org dot uk
` (8 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: nix at esperi dot org dot uk @ 2008-12-04 0:54 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From nix at esperi dot org dot uk 2008-12-04 00:53 -------
test environment: 2.6.27.7 kernel+headers, glibc 2.8, GCC 4.3.3 20081121
(prerelease), binutils 2.19.
config flags (my standard set for this machine):
/usr/packages/glibc/2.9/configure --prefix=/usr --enable-shared \
--enable-profile --disable-bounded --enable-bind-now \
--enable-add-ons=nptl,libidn --enable-kernel=2.6.25 \
--enable-check-abi=warn --enable-omitfp \
--enable-stackguard-randomization TIMEOUTFACTOR=5
Below, PASS means 'baseline test failures only'. (I also compared
configure output to verify that -fstack-protector addition did not
change the results of any configure tests, and verified that the
appropriate -fstack-protector actually appeared in gcc commandlines at
the appropriate times.)
baseline: PASS, by definition
patch applied, no flags specified: PASS
-fstack-protector in CFLAGS: PASS
-fstack-protector-all in CFLAGS: one failure due to #7066, buffer overrun
--without-stack-protector: PASS
--with-stack-protector: PASS
--with-stack-protector=all: one failure due to #7066, buffer overrun
Test failures for baseline (unpatched):
math/test-ildoubl.out:
testing long double (inline functions)
Failure: Test: expm1 (1) == M_El - 1.0
Result:
is: 1.71828182845904523532e+00 0xd.bf0a8b14576953500000p-3
should be: 1.71828182845904523543e+00 0xd.bf0a8b14576953600000p-3
difference: 1.08420217248550443401e-19 0x8.00000000000000000000p-66
ulp : 1.0000
max.ulp : 0.0000
Maximal error of `expm1'
is : 1 ulp
accepted: 0 ulp
Test suite completed:
3618 test cases plus 3005 tests for exception flags executed.
2 errors occurred.
elf/check-localplt.out:
--- ../scripts/data/localplt-i386-linux-gnu.data 2006-01-11
21:06:19.000000000 +0000
+++ - 2008-11-30 20:52:09.962033876 +0000
@@ -1,4 +1,5 @@
libc.so: _Unwind_Find_FDE
+libc.so: __bzero
libc.so: calloc
libc.so: free
libc.so: malloc
(This looks like something missing from localplt-i386-linux-gnu.data to
me, not a bug.)
(Holes in test coverage: not tested with a GCC too old to support
-fstack-protector. Static testing not performed: see #7064.)
--
http://sourceware.org/bugzilla/show_bug.cgi?id=7065
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/7065] Support building glibc with -fstack-protector or -fstack-protector-all
2008-12-04 0:39 [Bug libc/7065] New: Support building glibc with -fstack-protector or -fstack-protector-all nix at esperi dot org dot uk
2008-12-04 0:47 ` [Bug libc/7065] " drepper at redhat dot com
2008-12-04 0:54 ` nix at esperi dot org dot uk
@ 2008-12-04 0:57 ` nix at esperi dot org dot uk
2008-12-05 0:32 ` zorry at ume dot nu
` (7 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: nix at esperi dot org dot uk @ 2008-12-04 0:57 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From nix at esperi dot org dot uk 2008-12-04 00:55 -------
Created an attachment (id=3087)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=3087&action=view)
stack protector support for glibc
This is posted at the request of Carlos O'Donell. TBH I don't care if it
doesn't go upstream, although given that it's already found a buffer overrun in
glibc I'd find that surprising. I'm more interested in distros picking it up.
(And 'never going to happen' is a peculiar statement. It has 'happened'. The
patch *exists*.)
--
http://sourceware.org/bugzilla/show_bug.cgi?id=7065
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/7065] Support building glibc with -fstack-protector or -fstack-protector-all
2008-12-04 0:39 [Bug libc/7065] New: Support building glibc with -fstack-protector or -fstack-protector-all nix at esperi dot org dot uk
` (2 preceding siblings ...)
2008-12-04 0:57 ` nix at esperi dot org dot uk
@ 2008-12-05 0:32 ` zorry at ume dot nu
2008-12-10 17:10 ` rsa at us dot ibm dot com
` (6 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: zorry at ume dot nu @ 2008-12-05 0:32 UTC (permalink / raw)
To: glibc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |zorry at ume dot nu
http://sourceware.org/bugzilla/show_bug.cgi?id=7065
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/7065] Support building glibc with -fstack-protector or -fstack-protector-all
2008-12-04 0:39 [Bug libc/7065] New: Support building glibc with -fstack-protector or -fstack-protector-all nix at esperi dot org dot uk
` (3 preceding siblings ...)
2008-12-05 0:32 ` zorry at ume dot nu
@ 2008-12-10 17:10 ` rsa at us dot ibm dot com
2008-12-10 18:52 ` rsa at us dot ibm dot com
` (5 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: rsa at us dot ibm dot com @ 2008-12-10 17:10 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From rsa at us dot ibm dot com 2008-12-10 17:09 -------
Nix
A failure in elf/check-localplt.out as indicated by a new symbol in
scripts/data/localplt-i386-linux-gnu.data means that libc proper is invoking the
new symbol via the plt when in-fact it should be making a direct invocation to a
libc internal symbol. There are very few conditions under which this is allowed
(notably those cases where we allow libc functionality to be overridden).
I've looked through the code and it appears that the sunrpc code is the only
relevant code which uses __bzero. I don't think there's an internal hidden
version of the symbol. So these calls to __bzero probably shouldn't be there.
Instead, they should use memset. Or perhaps that patch which you're using uses
__bzero?
In order to verify, one can look at the symbol table:
objdump -DR libc.so > libc.dis
Search libc.dis for:
__bzero@plt
You should see a plt call stub, e.g.
00016198 <__bzero@plt>:
16198: ff a3 0c 00 00 00 jmp *0xc(%ebx)
1619e: 68 00 00 00 00 push $0x0
161a3: e9 e0 ff ff ff jmp 16188 <h_errno+0x16168>
Now search for: "call 16198"
call 16198 <__bzero@plt>
This should bring you to the disassembly of the function which invoked __bzero
via the PLT. You can then go into the C source file and replace this with a
memset. Do this for all calls to the address for __bzero.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=7065
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/7065] Support building glibc with -fstack-protector or -fstack-protector-all
2008-12-04 0:39 [Bug libc/7065] New: Support building glibc with -fstack-protector or -fstack-protector-all nix at esperi dot org dot uk
` (4 preceding siblings ...)
2008-12-10 17:10 ` rsa at us dot ibm dot com
@ 2008-12-10 18:52 ` rsa at us dot ibm dot com
2008-12-13 19:04 ` nix at esperi dot org dot uk
` (4 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: rsa at us dot ibm dot com @ 2008-12-10 18:52 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From rsa at us dot ibm dot com 2008-12-10 18:51 -------
Here's a more thorough write-up of the same thing I just posted:
http://sources.redhat.com/glibc/wiki/Testing/Check-localplt
Invocation of __bzero() by the sunrpc code is acceptable since that code is in a
different library than libc.so so access via the PLT is expected.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=7065
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/7065] Support building glibc with -fstack-protector or -fstack-protector-all
2008-12-04 0:39 [Bug libc/7065] New: Support building glibc with -fstack-protector or -fstack-protector-all nix at esperi dot org dot uk
` (5 preceding siblings ...)
2008-12-10 18:52 ` rsa at us dot ibm dot com
@ 2008-12-13 19:04 ` nix at esperi dot org dot uk
2008-12-14 11:34 ` atoth at atoth dot sote dot hu
` (3 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: nix at esperi dot org dot uk @ 2008-12-13 19:04 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From nix at esperi dot org dot uk 2008-12-13 19:02 -------
Nice description, Ryan :)
A lot of the sunrpc code *does* land in libc (all the client code). Notably,
bindresvport(), clnt_create(), clnt_broadcast(), universal() (called from
registerrpc() via a callback from svc_register()), svctcp_create(),
svcudp_bufcreate(), and key_gendes(), _des_crypt() (obviously used for
DES-encrypted SunRPC), all explicitly call __bzero() and land in libc.
Almost certainly these would use memset() were the SunRPC code not ancient
Sun-derived gunge with a 1986 copyright date...
--
http://sourceware.org/bugzilla/show_bug.cgi?id=7065
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/7065] Support building glibc with -fstack-protector or -fstack-protector-all
2008-12-04 0:39 [Bug libc/7065] New: Support building glibc with -fstack-protector or -fstack-protector-all nix at esperi dot org dot uk
` (6 preceding siblings ...)
2008-12-13 19:04 ` nix at esperi dot org dot uk
@ 2008-12-14 11:34 ` atoth at atoth dot sote dot hu
2008-12-14 14:01 ` xake at rymdraket dot net
` (2 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: atoth at atoth dot sote dot hu @ 2008-12-14 11:34 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From atoth at atoth dot sote dot hu 2008-12-14 11:32 -------
Keep it going, guys.
To Ulrich Drepper:
How do you mean: "Never going to happen."?!
I always keen on people ignoring security measures.
Regards,
Dw.
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |atoth at atoth dot sote dot
| |hu
Status|RESOLVED |REOPENED
Resolution|WONTFIX |
http://sourceware.org/bugzilla/show_bug.cgi?id=7065
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/7065] Support building glibc with -fstack-protector or -fstack-protector-all
2008-12-04 0:39 [Bug libc/7065] New: Support building glibc with -fstack-protector or -fstack-protector-all nix at esperi dot org dot uk
` (7 preceding siblings ...)
2008-12-14 11:34 ` atoth at atoth dot sote dot hu
@ 2008-12-14 14:01 ` xake at rymdraket dot net
2008-12-27 3:15 ` vapier at gentoo dot org
2009-06-04 22:25 ` robert at linuxfromscratch dot org
10 siblings, 0 replies; 12+ messages in thread
From: xake at rymdraket dot net @ 2008-12-14 14:01 UTC (permalink / raw)
To: glibc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |xake at rymdraket dot net
http://sourceware.org/bugzilla/show_bug.cgi?id=7065
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/7065] Support building glibc with -fstack-protector or -fstack-protector-all
2008-12-04 0:39 [Bug libc/7065] New: Support building glibc with -fstack-protector or -fstack-protector-all nix at esperi dot org dot uk
` (8 preceding siblings ...)
2008-12-14 14:01 ` xake at rymdraket dot net
@ 2008-12-27 3:15 ` vapier at gentoo dot org
2009-06-04 22:25 ` robert at linuxfromscratch dot org
10 siblings, 0 replies; 12+ messages in thread
From: vapier at gentoo dot org @ 2008-12-27 3:15 UTC (permalink / raw)
To: glibc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |toolchain at gentoo dot org
http://sourceware.org/bugzilla/show_bug.cgi?id=7065
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/7065] Support building glibc with -fstack-protector or -fstack-protector-all
2008-12-04 0:39 [Bug libc/7065] New: Support building glibc with -fstack-protector or -fstack-protector-all nix at esperi dot org dot uk
` (9 preceding siblings ...)
2008-12-27 3:15 ` vapier at gentoo dot org
@ 2009-06-04 22:25 ` robert at linuxfromscratch dot org
10 siblings, 0 replies; 12+ messages in thread
From: robert at linuxfromscratch dot org @ 2009-06-04 22:25 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From robert at linuxfromscratch dot org 2009-06-04 22:25 -------
I've been using a compromise. Glibc's programs can be compiled
with -fstack-protector-all, or whatever other options you may want
(-D_FORTIFY_SOURCE=2, -fPIE, etc), but not the libraries. I use the configparms
file and set build-programs=no to build the libraries
without -fstack-protector, then remove build-programs=no and add 'CFLAGS
+= -fstack-protector-all' to configparms. No patches needed, test suites pass
(remove -fstack-protector during the test suite), no crashes.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=7065
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 12+ messages in thread