Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Cannot emerge glibc-2.15-r2 with CFLAGS: -fstack-protector-a
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
dummys
n00b
n00b


Joined: 15 Sep 2012
Posts: 16

PostPosted: Sat Sep 15, 2012 10:54 pm    Post subject: Cannot emerge glibc-2.15-r2 with CFLAGS: -fstack-protector-a Reply with quote

Hi everybody,

I got a problem while emerge -e world with glibc.
It's on gentoo hardened with stage3-hardened on today.
Anyone got an idea ?
It's a Xen x64 VM.

Code:
make[2]: Leaving directory `/var/tmp/portage/sys-libs/glibc-2.15-r2/work/glibc-2.15/nss'
make[1]: *** [nss/others] Error 2
make[1]: Leaving directory `/var/tmp/portage/sys-libs/glibc-2.15-r2/work/glibc-2.15'
make: *** [all] Error 2
emake failed
 * ERROR: sys-libs/glibc-2.15-r2 failed (compile phase):
 *   make for x86 failed
 *
 * Call stack:
 *           ebuild.sh, line   85:  Called src_compile
 *         environment, line 3612:  Called eblit-run 'src_compile'
 *         environment, line  975:  Called eblit-glibc-src_compile
 *   src_compile.eblit, line  213:  Called src_compile
 *         environment, line 3612:  Called eblit-run 'src_compile'
 *         environment, line  975:  Called eblit-glibc-src_compile
 *   src_compile.eblit, line  221:  Called toolchain-glibc_src_compile
 *   src_compile.eblit, line  132:  Called die
 * The specific snippet of code:
 *         emake || die "make for ${ABI} failed"
 *
 * If you need support, post the output of `emerge --info '=sys-libs/glibc-2.15-r2'`,
 * the complete build log and the output of `emerge -pqv '=sys-libs/glibc-2.15-r2'`.
 * The complete build log is located at '/var/tmp/portage/sys-libs/glibc-2.15-r2/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/sys-libs/glibc-2.15-r2/temp/environment'.
 * Working directory: '/var/tmp/portage/sys-libs/glibc-2.15-r2/work/build-x86-x86_64-pc-linux-gnu-nptl'
 * S: '/var/tmp/portage/sys-libs/glibc-2.15-r2/work/glibc-2.15'
Back to top
View user's profile Send private message
VoidMage
Watchman
Watchman


Joined: 14 Oct 2006
Posts: 5674

PostPosted: Sun Sep 16, 2012 1:15 am    Post subject: Reply with quote

Mind posting the actual error ?
Back to top
View user's profile Send private message
dummys
n00b
n00b


Joined: 15 Sep 2012
Posts: 16

PostPosted: Sun Sep 16, 2012 7:27 pm    Post subject: Reply with quote

What did you mean ? This is the error I get.
Back to top
View user's profile Send private message
megabaks
Apprentice
Apprentice


Joined: 22 Jan 2012
Posts: 253
Location: Russia && Saint-Petersburg

PostPosted: Sun Sep 16, 2012 10:33 pm    Post subject: Reply with quote

dummys wrote:
What did you mean ? This is the error I get.
Error2? without Error1? WUT o_O
Back to top
View user's profile Send private message
dummys
n00b
n00b


Joined: 15 Sep 2012
Posts: 16

PostPosted: Sun Sep 16, 2012 10:59 pm    Post subject: Reply with quote

Oh ok sorry. Actually i don't have the build.log because now it's working, i have removed the -fstack-protector-all in my CFLAGS...

If anyone has an idea how to keep it, i'm open :D
Back to top
View user's profile Send private message
zorry
Developer
Developer


Joined: 30 Mar 2008
Posts: 364
Location: Umeå The north part of scandinavia

PostPosted: Tue Sep 18, 2012 1:28 pm    Post subject: Reply with quote

dummys wrote:
Oh ok sorry. Actually i don't have the build.log because now it's working, i have removed the -fstack-protector-all in my CFLAGS...

If anyone has an idea how to keep it, i'm open :D

If you runing a hardened toolchain all the needed hardened is set by the compile like -fPIE, -pie and -fstack-protector-all.
You don't need to set them in the CFLAGs.....
_________________
gcc version 4.6.2 (Gentoo Hardened 4.6.2 p1.1, pie-0.5.0)
Back to top
View user's profile Send private message
dummys
n00b
n00b


Joined: 15 Sep 2012
Posts: 16

PostPosted: Tue Sep 18, 2012 1:32 pm    Post subject: Reply with quote

Ok great. But in the documentation of PaX in gentoo hardened is written :


Code:
Note: In newer versions of SSP, it is possible to apply SSP to all functions, adding protection to functions whose buffer would normally be below the size limit for SSP. This is enabled via the CFLAG -fstack-protector-all.
Back to top
View user's profile Send private message
zorry
Developer
Developer


Joined: 30 Mar 2008
Posts: 364
Location: Umeå The north part of scandinavia

PostPosted: Wed Sep 19, 2012 1:26 pm    Post subject: Reply with quote

dummys wrote:
Ok great. But in the documentation of PaX in gentoo hardened is written :


Code:
Note: In newer versions of SSP, it is possible to apply SSP to all functions, adding protection to functions whose buffer would normally be below the size limit for SSP. This is enabled via the CFLAG -fstack-protector-all.

Do I need to pass any flags to LDFLAGS/CFLAGS in order to turn on hardened building?
_________________
gcc version 4.6.2 (Gentoo Hardened 4.6.2 p1.1, pie-0.5.0)
Back to top
View user's profile Send private message
dummys
n00b
n00b


Joined: 15 Sep 2012
Posts: 16

PostPosted: Thu Sep 20, 2012 8:32 pm    Post subject: Reply with quote

ok zorry you right. thanks for your answer. Can you help me to harden my paxtest ? I have enabled xen profile in pax mode : security and paxtest give me almost all vulnerable. That's why i play with cflag first...
Did you have an idea ?
thanks in advance.
regards
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum