View previous topic :: View next topic |
Author |
Message |
pbienst Retired Dev
Joined: 29 May 2002 Posts: 70 Location: Belgium
|
Posted: Tue Jul 02, 2002 12:02 am Post subject: Important security warning for people using gcc 3.1 |
|
|
If you compiled your system using gcc 3.1 at -O3, login or su will accept any random password!
The solution is to unmerge pam and pam-login, lower the optimisation to -O2, than then re-emerge them.
Make sure to check your machine! |
|
Back to top |
|
|
trapni Retired Dev
Joined: 16 May 2002 Posts: 251 Location: Germany/Berlin
|
Posted: Tue Jul 02, 2002 12:33 am Post subject: |
|
|
That's not true, I've exactly to machines running Gentoo 1.3(a and b) compiled with gcc3.1 and O3 of course. I tested it now on both via login and su, it fails.
It must be a different problem.
Regards,
Christian Parpart |
|
Back to top |
|
|
rac Bodhisattva
Joined: 30 May 2002 Posts: 6553 Location: Japanifornia
|
Posted: Tue Jul 02, 2002 1:03 am Post subject: |
|
|
Unable to reproduce this with sys-libs/pam-0.75-r6 compiled with -march=athlon -mmmx -m3dnow -O3 on a first-generation Athlon or using -march=k6 -mmmx -O3 on a K6. _________________ For every higher wall, there is a taller ladder |
|
Back to top |
|
|
dook43 Tux's lil' helper
Joined: 11 Jun 2002 Posts: 116 Location: Baton Rouge, LA
|
Posted: Tue Jul 02, 2002 2:23 am Post subject: |
|
|
I couldn't reproduce this either.
CFLAGS="-march=athlon-tbird -m3dnow -mmmx -O3 -pipe"
CXXFLAGS="-march=athlon-tbird -m3dnow -mmmx -O3 -pipe" _________________ "We who are about to die salute you!" |
|
Back to top |
|
|
mkennedy Retired Dev
Joined: 30 May 2002 Posts: 35 Location: Texas
|
|
Back to top |
|
|
rac Bodhisattva
Joined: 30 May 2002 Posts: 6553 Location: Japanifornia
|
Posted: Tue Jul 02, 2002 5:17 am Post subject: |
|
|
Has anybody managed to reproduce the bug yet? _________________ For every higher wall, there is a taller ladder |
|
Back to top |
|
|
therobot Apprentice
Joined: 07 Jun 2002 Posts: 256 Location: Canada
|
Posted: Tue Jul 02, 2002 7:12 am Post subject: |
|
|
I don't have that happening either. |
|
Back to top |
|
|
trapni Retired Dev
Joined: 16 May 2002 Posts: 251 Location: Germany/Berlin
|
Posted: Tue Jul 02, 2002 7:16 am Post subject: |
|
|
rac wrote: | Has anybody managed to reproduce the bug yet? | Well, what about the original auther of this thread? I'd like to hear some comments from him, since it seems that really no one else can reproduce that bug.
I have C[XXFLAGS="-march=athlon-mp -m3dnow -mmmx -msse -mfpmath=sse -O3 -pipe"
And don't get that bug either |
|
Back to top |
|
|
hanno n00b
Joined: 28 Apr 2002 Posts: 15
|
Posted: Tue Jul 02, 2002 10:10 am Post subject: fake? |
|
|
I have also tested it and as expected, no bug there.
I think it's either a fake or the person has terribly misconfigurated his system (although i can't imagine how you could configure your system like that). |
|
Back to top |
|
|
Niek Apprentice
Joined: 14 May 2002 Posts: 236 Location: Houten, The Netherlands
|
Posted: Tue Jul 02, 2002 11:19 am Post subject: |
|
|
Hmmz, I've tested it here, but I can't reproduce it. Login and su do not accept random passwords. |
|
Back to top |
|
|
pbienst Retired Dev
Joined: 29 May 2002 Posts: 70 Location: Belgium
|
Posted: Tue Jul 02, 2002 12:37 pm Post subject: |
|
|
Well, it seems that we're at least two who had the same problem with the same solution:
https://forums.gentoo.org/viewtopic.php?t=6143&highlight=
Perhaps there's some additional variable as well which caused it to appear on ours systems but not on yours. |
|
Back to top |
|
|
shawnf n00b
Joined: 23 Apr 2002 Posts: 8 Location: seattle,wa
|
Posted: Tue Jul 02, 2002 6:33 pm Post subject: |
|
|
hand raised.
PAM compiled with
"-march=pentium3 -O3 -pipe -mfpmath=sse -funroll-all-loops -fomit-frame-pointer -ffast-math -fprefetch-loop-arrays"
no password needed to get into system
PAM compiled with
"-march=pentium3 -O3 -pipe -mfpmath=sse"
password needed
I have verified this twice.
pbienst,
What flags did you use? |
|
Back to top |
|
|
pbienst Retired Dev
Joined: 29 May 2002 Posts: 70 Location: Belgium
|
Posted: Tue Jul 02, 2002 10:33 pm Post subject: |
|
|
shawnf wrote: | pbienst,
What flags did you use? |
I used "-O3 -march=pentium3 -funroll-all-loops -fomit-frame-pointer -ffast-math -mfpmath=sse -pipe"
Keeping the same flags, but changing -O3 to -O2 solved the problem. |
|
Back to top |
|
|
rac Bodhisattva
Joined: 30 May 2002 Posts: 6553 Location: Japanifornia
|
Posted: Wed Jul 03, 2002 12:41 am Post subject: |
|
|
According to the GCC 3.1 documentation, the difference between -O2 and -O3 is -finline-functions and -frename-registers. So could it be an unhealthy interaction between one of those and either -funroll-all-loops or -fomit-frame-pointer? Perhaps also only on P3 arch? _________________ For every higher wall, there is a taller ladder |
|
Back to top |
|
|
delta407 Bodhisattva
Joined: 23 Apr 2002 Posts: 2876 Location: Chicago, IL
|
Posted: Wed Jul 03, 2002 1:01 am Post subject: |
|
|
It's probably not a function inlining or loop unrolling thing... hmm...
Does this happen when -ffast-math is disabled? _________________ I don't believe in witty sigs. |
|
Back to top |
|
|
shawnf n00b
Joined: 23 Apr 2002 Posts: 8 Location: seattle,wa
|
Posted: Wed Jul 03, 2002 3:30 am Post subject: |
|
|
after some trial an error i am not able to reproduce this error when i take out "-funroll-all-loops" but leave in "-O3"
so
"-march=pentium3 -O3 -pipe -mfpmath=sse -fomit-frame-pointer -ffast-math -fprefetch-loop-arrays"
=OK
"-march=pentium3 -O3 -pipe -mfpmath=sse -funroll-all-loops -fomit-frame-pointer -ffast-math -fprefetch-loop-arrays"
=BAD |
|
Back to top |
|
|
Erik Andersson n00b
Joined: 19 Apr 2002 Posts: 27 Location: Sweden
|
Posted: Fri Jul 05, 2002 2:11 pm Post subject: |
|
|
From the GCC manual:
-funroll-loops
Unroll loops whose number of iterations can be determined at compile time or upon entry to the loop. -funroll-loops implies both -fstrength-reduce and -frerun-cse-after-loop. This option makes code larger, and may or may not make it run faster.
-funroll-all-loops
Unroll all loops, even if their number of iterations is uncertain when the loop is entered. This usually makes programs run more slowly. -funroll-all-loops implies the same options as -funroll-loops
Since it usually makes it slower why did you use it in the first place? |
|
Back to top |
|
|
|