[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Introducing the hardening-wrapper package (was: Exim4 problems)
From: |
Svante Signell |
Subject: |
Re: Introducing the hardening-wrapper package (was: Exim4 problems) |
Date: |
Thu, 19 May 2011 01:18:48 +0200 |
On Tue, 2011-05-17 at 20:39 +0200, Svante Signell wrote:
> On Tue, 2011-05-17 at 19:47 +0200, Thomas Schwinge wrote:
> > Apparently there's something going very wrong for us, for some of the
> > hardening flags, such that GDB gets confused, SEGFAULTs arise, and all
> > what we've seen. Svante, sorry, I really didn't expect something like
> > that... (Welcome to the wonderful world of debugging.) The reason I
> > don't know yet. Perhaps some GCC specs oddity. Or something in glibc/in
> > the dynamic linker.
>
Yes, something is definitely different compared to other architectures
since the builds work there.
> > Next step, II: Figure out what's going wrong. Svante, interested? I
> > would begin as follows.
>
> Ill take a look. Thanks for discovering this mess. I should have seen it
> too :-(
I found out which environment variable triggers the segfault by
compiling exim4-4.76 several times:
I tried with simpler ones without success:
1) A small file trivial.c at the debian wiki):
2) A small test example at:
http://gcc.gnu.org/ml/gcc-bugs/2008-04/msg01075.html
Next step would be to find out the differences in configuration for
gcc, glibc, dynamic linker etc causing the segfault.
Main environment variable:
DEB_BUILD_HARDENING=1
Sub-variables:
export DEB_BUILD_HARDENING_FORMAT=1 : NO
export DEB_BUILD_HARDENING_FORTIFY=1 : YES, both with -O1 and -O2!
export DEB_BUILD_HARDENING_STACKPROTECTOR=1: NO
export DEB_BUILD_HARDENING_PIE=0 : NO
export DEB_BUILD_HARDENING_RELRO=0 : NO
export DEB_BUILD_HARDENING_BINDNOW=0 : NO
>From http://wiki.debian.org/Hardening: Code compiled with -Werror and
using memcpy/strcpy with qualifier overrides will fail with FORTIFY
enabled. See https://launchpad.net/bugs/217481
More info from the gcc patch introducing hardening, see
http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
- Re: Exim4 problems, (continued)
- Re: Exim4 problems, Thomas Schwinge, 2011/05/16
- Re: Exim4 problems, Svante Signell, 2011/05/16
- Re: Exim4 problems, Thomas Schwinge, 2011/05/16
- Re: Exim4 problems, Svante Signell, 2011/05/17
- Re: Exim4 problems, Svante Signell, 2011/05/17
- Re: Exim4 problems, Svante Signell, 2011/05/17
- Introducing the hardening-wrapper package (was: Exim4 problems), Thomas Schwinge, 2011/05/17
- Re: Introducing the hardening-wrapper package (was: Exim4 problems), Svante Signell, 2011/05/17
- Re: Introducing the hardening-wrapper package (was: Exim4 problems), Samuel Thibault, 2011/05/17
- Re: Introducing the hardening-wrapper package (was: Exim4 problems), Thomas Schwinge, 2011/05/18
- Re: Introducing the hardening-wrapper package (was: Exim4 problems),
Svante Signell <=
- Re: Introducing the hardening-wrapper package (was: Exim4 problems), Samuel Thibault, 2011/05/23
- Re: Introducing the hardening-wrapper package (was: Exim4 problems), Svante Signell, 2011/05/24
- Re: Introducing the hardening-wrapper package (was: Exim4 problems), Svante Signell, 2011/05/30
- Re: Introducing the hardening-wrapper package (was: Exim4 problems), Samuel Thibault, 2011/05/30
- Re: Introducing the hardening-wrapper package (was: Exim4 problems), Svante Signell, 2011/05/30
- Re: Introducing the hardening-wrapper package (was: Exim4 problems), Samuel Thibault, 2011/05/30
- Re: Introducing the hardening-wrapper package (was: Exim4 problems), Svante Signell, 2011/05/30
- Re: Introducing the hardening-wrapper package (was: Exim4 problems), Samuel Thibault, 2011/05/30
- Re: Introducing the hardening-wrapper package (was: Exim4 problems), Svante Signell, 2011/05/30
- Re: Introducing the hardening-wrapper package (was: Exim4 problems), Samuel Thibault, 2011/05/30