gmane.linux.gentoo.hardened

Jan Klod | 25 Oct 20:44

Failure when "switching" to hardened-gentoo profile

Hello.

I was trying to make a switch form normal, freshly installed gentoo to
hardened like described in PaX quickstart.
http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml Though, that
guide is missing to inform about when should I boot hardened-sources.
Not sure if after "emerge binutils gcc virtual/libc" or "emerge -e
world", but I got this error, which persists:

============================================================================
*** stack smashing detected ***: cc1 - terminated
cc1: stack smashing attack in function ix86_split_to_parts - terminated
Report to http://bugs.gentoo.org/
i686-pc-linux-gnu-gcc: Internal error: Killed (program cc1)
Please submit a full bug report.
See <URL:http://bugs.gentoo.org/> for instructions.
make[2]: *** [/var/tmp/portage/sys-libs/glibc-2.6.1/work/build-default-i686-pc-linux-gnu-nptl/math/s_catanl.o]
Error 1
make[2]: Leaving directory
`/var/tmp/portage/sys-libs/glibc-2.6.1/work/glibc-2.6.1/math'
make[1]: *** [math/others] Error 2
make[1]: Leaving directory
`/var/tmp/portage/sys-libs/glibc-2.6.1/work/glibc-2.6.1'
make: *** [all] Error 2
 *
 * ERROR: sys-libs/glibc-2.6.1 failed.
 * Call stack:
 *               ebuild.sh, line   49:  Called src_compile
 *             environment, line 3350:  Called eblit-run 'src_compile'
 *             environment, line 1075:  Called eblit-glibc-src_compile

(Continue reading)

headers

Mike Edenfield | 25 Oct 21:12

Re: Failure when "switching" to hardened-gentoo profile

Jan Klod wrote:
> Hello.
> 
> I was trying to make a switch form normal, freshly installed gentoo to
> hardened like described in PaX quickstart.
> http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml Though, that
> guide is missing to inform about when should I boot hardened-sources.
> Not sure if after "emerge binutils gcc virtual/libc" or "emerge -e
> world", but I got this error, which persists:
> 
> ============================================================================
> *** stack smashing detected ***: cc1 - terminated
> cc1: stack smashing attack in function ix86_split_to_parts - terminated
> Report to http://bugs.gentoo.org/
> i686-pc-linux-gnu-gcc: Internal error: Killed (program cc1)
> Please submit a full bug report.
> See <URL:http://bugs.gentoo.org/> for instructions.
> make[2]: *** [/var/tmp/portage/sys-libs/glibc-2.6.1/work/build-default-i686-pc-linux-gnu-nptl/math/s_catanl.o]
> Error 1
> make[2]: Leaving directory
> `/var/tmp/portage/sys-libs/glibc-2.6.1/work/glibc-2.6.1/math'
> make[1]: *** [math/others] Error 2
> make[1]: Leaving directory
> `/var/tmp/portage/sys-libs/glibc-2.6.1/work/glibc-2.6.1'
> make: *** [all] Error 2
>  *
>  * ERROR: sys-libs/glibc-2.6.1 failed.
>  * Call stack:
>  *               ebuild.sh, line   49:  Called src_compile
>  *             environment, line 3350:  Called eblit-run 'src_compile'

(Continue reading)

headers

Jan Klod | 25 Oct 21:45

Re: Failure when "switching" to hardened-gentoo profile

I did already exactly that, and glibc failed in first step!
What else should I check??

On 10/25/08, Mike Edenfield <kutulu@...> wrote:
> Jan Klod wrote:
>> Hello.
>>
>> I was trying to make a switch form normal, freshly installed gentoo to
>> hardened like described in PaX quickstart.
>> http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml Though, that
>> guide is missing to inform about when should I boot hardened-sources.
>> Not sure if after "emerge binutils gcc virtual/libc" or "emerge -e
>> world", but I got this error, which persists:
>>
>> ============================================================================
>> *** stack smashing detected ***: cc1 - terminated
>> cc1: stack smashing attack in function ix86_split_to_parts - terminated
>> Report to http://bugs.gentoo.org/
>> i686-pc-linux-gnu-gcc: Internal error: Killed (program cc1)
>> Please submit a full bug report.
>> See <URL:http://bugs.gentoo.org/> for instructions.
>> make[2]: ***
>> [/var/tmp/portage/sys-libs/glibc-2.6.1/work/build-default-i686-pc-linux-gnu-nptl/math/s_catanl.o]
>> Error 1
>> make[2]: Leaving directory
>> `/var/tmp/portage/sys-libs/glibc-2.6.1/work/glibc-2.6.1/math'
>> make[1]: *** [math/others] Error 2
>> make[1]: Leaving directory
>> `/var/tmp/portage/sys-libs/glibc-2.6.1/work/glibc-2.6.1'
>> make: *** [all] Error 2

(Continue reading)

headers

pageexec | 25 Oct 23:00

Re: Failure when "switching" to hardened-gentoo profile

On 25 Oct 2008 at 21:44, Jan Klod wrote:

> Hello.
> 
> I was trying to make a switch form normal, freshly installed gentoo to
> hardened like described in PaX quickstart.
> http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml Though, that
> guide is missing to inform about when should I boot hardened-sources.
> Not sure if after "emerge binutils gcc virtual/libc" or "emerge -e
> world", but I got this error, which persists:
> 
> ============================================================================
> *** stack smashing detected ***: cc1 - terminated
> cc1: stack smashing attack in function ix86_split_to_parts - terminated

i don't know if you're supposed to use ssp on gcc itself, but apparently it
caught some bug, whether that's some miscompilation or a real bug in gcc, i
can't tell from this, but it's worth a look. if you just want to finish your
install, you should recompile gcc itself without using ssp during compilation
(that can be tricky, i don't know where the specs file comes from in that 
case).

headers

Magnus Granberg | 26 Oct 02:55

Re: Failure when "switching" to hardened-gentoo profile

pageexec@... skrev:
> On 25 Oct 2008 at 21:44, Jan Klod wrote:
>
>   
>> Hello.
>>
>> I was trying to make a switch form normal, freshly installed gentoo to
>> hardened like described in PaX quickstart.
>> http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml Though, that
>> guide is missing to inform about when should I boot hardened-sources.
>> Not sure if after "emerge binutils gcc virtual/libc" or "emerge -e
>> world", but I got this error, which persists:
>>
>> ============================================================================
>> *** stack smashing detected ***: cc1 - terminated
>> cc1: stack smashing attack in function ix86_split_to_parts - terminated
>>     
>
> i don't know if you're supposed to use ssp on gcc itself, but apparently it
> caught some bug, whether that's some miscompilation or a real bug in gcc, i
> can't tell from this, but it's worth a look. if you just want to finish your
> install, you should recompile gcc itself without using ssp during compilation
> (that can be tricky, i don't know where the specs file comes from in that 
> case).
>
>
>   
What is your emerge --info?

(Continue reading)

headers

"Javier =?iso | 26 Oct 09:53

Re: Failure when "switching" to hardened-gentoo profile

Maybe you have put a global -fstack-protector or -fstack-protector-all
in your CFLAGS when compiling gcc, omit this since is not needed, just
use the specs for this package. If you did this you will find (too)
that glibc doesn't compile at all with -fstack-protector-all. In any
case it could be a bug in gcc, try to update it.

2008/10/26 Magnus Granberg <zorry@...>:
> pageexec@... skrev:
>> On 25 Oct 2008 at 21:44, Jan Klod wrote:
>>
>>
>>> Hello.
>>>
>>> I was trying to make a switch form normal, freshly installed gentoo to
>>> hardened like described in PaX quickstart.
>>> http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml Though, that
>>> guide is missing to inform about when should I boot hardened-sources.
>>> Not sure if after "emerge binutils gcc virtual/libc" or "emerge -e
>>> world", but I got this error, which persists:
>>>
>>> ============================================================================
>>> *** stack smashing detected ***: cc1 - terminated
>>> cc1: stack smashing attack in function ix86_split_to_parts - terminated
>>>
>>
>> i don't know if you're supposed to use ssp on gcc itself, but apparently it
>> caught some bug, whether that's some miscompilation or a real bug in gcc, i
>> can't tell from this, but it's worth a look. if you just want to finish your
>> install, you should recompile gcc itself without using ssp during compilation
>> (that can be tricky, i don't know where the specs file comes from in that

(Continue reading)