View previous topic :: View next topic |
Author |
Message |
dummys n00b
Joined: 15 Sep 2012 Posts: 16
|
Posted: Sat Sep 15, 2012 10:54 pm Post subject: Cannot emerge glibc-2.15-r2 with CFLAGS: -fstack-protector-a |
|
|
Hi everybody,
I got a problem while emerge -e world with glibc.
It's on gentoo hardened with stage3-hardened on today.
Anyone got an idea ?
It's a Xen x64 VM.
Code: | make[2]: Leaving directory `/var/tmp/portage/sys-libs/glibc-2.15-r2/work/glibc-2.15/nss'
make[1]: *** [nss/others] Error 2
make[1]: Leaving directory `/var/tmp/portage/sys-libs/glibc-2.15-r2/work/glibc-2.15'
make: *** [all] Error 2
emake failed
[31;01m*[0m ERROR: sys-libs/glibc-2.15-r2 failed (compile phase):
[31;01m*[0m make for x86 failed
[31;01m*[0m
[31;01m*[0m Call stack:
[31;01m*[0m ebuild.sh, line 85: Called src_compile
[31;01m*[0m environment, line 3612: Called eblit-run 'src_compile'
[31;01m*[0m environment, line 975: Called eblit-glibc-src_compile
[31;01m*[0m src_compile.eblit, line 213: Called src_compile
[31;01m*[0m environment, line 3612: Called eblit-run 'src_compile'
[31;01m*[0m environment, line 975: Called eblit-glibc-src_compile
[31;01m*[0m src_compile.eblit, line 221: Called toolchain-glibc_src_compile
[31;01m*[0m src_compile.eblit, line 132: Called die
[31;01m*[0m The specific snippet of code:
[31;01m*[0m emake || die "make for ${ABI} failed"
[31;01m*[0m
[31;01m*[0m If you need support, post the output of `emerge --info '=sys-libs/glibc-2.15-r2'`,
[31;01m*[0m the complete build log and the output of `emerge -pqv '=sys-libs/glibc-2.15-r2'`.
[31;01m*[0m The complete build log is located at '/var/tmp/portage/sys-libs/glibc-2.15-r2/temp/build.log'.
[31;01m*[0m The ebuild environment file is located at '/var/tmp/portage/sys-libs/glibc-2.15-r2/temp/environment'.
[31;01m*[0m Working directory: '/var/tmp/portage/sys-libs/glibc-2.15-r2/work/build-x86-x86_64-pc-linux-gnu-nptl'
[31;01m*[0m S: '/var/tmp/portage/sys-libs/glibc-2.15-r2/work/glibc-2.15' |
|
|
Back to top |
|
|
VoidMage Watchman
Joined: 14 Oct 2006 Posts: 6196
|
Posted: Sun Sep 16, 2012 1:15 am Post subject: |
|
|
Mind posting the actual error ? |
|
Back to top |
|
|
dummys n00b
Joined: 15 Sep 2012 Posts: 16
|
Posted: Sun Sep 16, 2012 7:27 pm Post subject: |
|
|
What did you mean ? This is the error I get. |
|
Back to top |
|
|
megabaks Apprentice
Joined: 22 Jan 2012 Posts: 253 Location: Russia && Saint-Petersburg
|
Posted: Sun Sep 16, 2012 10:33 pm Post subject: |
|
|
dummys wrote: | What did you mean ? This is the error I get. | Error2? without Error1? WUT o_O |
|
Back to top |
|
|
dummys n00b
Joined: 15 Sep 2012 Posts: 16
|
Posted: Sun Sep 16, 2012 10:59 pm Post subject: |
|
|
Oh ok sorry. Actually i don't have the build.log because now it's working, i have removed the -fstack-protector-all in my CFLAGS...
If anyone has an idea how to keep it, i'm open |
|
Back to top |
|
|
zorry Developer
Joined: 30 Mar 2008 Posts: 380 Location: Umeå The north part of scandinavia
|
Posted: Tue Sep 18, 2012 1:28 pm Post subject: |
|
|
dummys wrote: | Oh ok sorry. Actually i don't have the build.log because now it's working, i have removed the -fstack-protector-all in my CFLAGS...
If anyone has an idea how to keep it, i'm open |
If you runing a hardened toolchain all the needed hardened is set by the compile like -fPIE, -pie and -fstack-protector-all.
You don't need to set them in the CFLAGs..... _________________ gcc version 6.1.0 (Gentoo Hardened 6.1.0 p1.1) |
|
Back to top |
|
|
dummys n00b
Joined: 15 Sep 2012 Posts: 16
|
Posted: Tue Sep 18, 2012 1:32 pm Post subject: |
|
|
Ok great. But in the documentation of PaX in gentoo hardened is written :
Code: | Note: In newer versions of SSP, it is possible to apply SSP to all functions, adding protection to functions whose buffer would normally be below the size limit for SSP. This is enabled via the CFLAG -fstack-protector-all. |
|
|
Back to top |
|
|
zorry Developer
Joined: 30 Mar 2008 Posts: 380 Location: Umeå The north part of scandinavia
|
Posted: Wed Sep 19, 2012 1:26 pm Post subject: |
|
|
dummys wrote: | Ok great. But in the documentation of PaX in gentoo hardened is written :
Code: | Note: In newer versions of SSP, it is possible to apply SSP to all functions, adding protection to functions whose buffer would normally be below the size limit for SSP. This is enabled via the CFLAG -fstack-protector-all. |
|
Do I need to pass any flags to LDFLAGS/CFLAGS in order to turn on hardened building? _________________ gcc version 6.1.0 (Gentoo Hardened 6.1.0 p1.1) |
|
Back to top |
|
|
dummys n00b
Joined: 15 Sep 2012 Posts: 16
|
Posted: Thu Sep 20, 2012 8:32 pm Post subject: |
|
|
ok zorry you right. thanks for your answer. Can you help me to harden my paxtest ? I have enabled xen profile in pax mode : security and paxtest give me almost all vulnerable. That's why i play with cflag first...
Did you have an idea ?
thanks in advance.
regards |
|
Back to top |
|
|
|