Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Prelink on Hardened
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
bens
n00b
n00b


Joined: 03 Mar 2004
Posts: 37
Location: MIT

PostPosted: Fri Feb 25, 2005 10:03 pm    Post subject: Prelink on Hardened Reply with quote

I'm running Gentoo with the hardened use-flag on a hardened-dev-sources kernel. Prelink isn't working.

Details:
I'd like to use prelink, and the prelink documentation says that I can. All I need to do is disable "Randomize mmap base" (RANDMMAP) for ld-2.3.4.so. I did that from a livecd.
After rebooting, I ran prelink -amR, and nothing got prelinked. Instead, I got 2458 lines that look like
Code:
prelink: /bin/lsmod: Dependency tracing failed
prelink: /bin/netstat: Dependency tracing failed
prelink: /bin/mktemp: Dependency tracing failed
prelink: /bin/setfacl: Dependency tracing failed

Absolutely nothing got prelinked, and no errors other than "Dependency tracing failed" were reported.
Code:
plan9 root # prelink -p
0 objects found in prelink cache `/etc/prelink.cache'

I believe my glibc is compiled correctly:
Code:
plan9 root # equery uses glibc
[ Searching for packages matching glibc... ]
[ Colour Code : set unset ]
[ Legend    : Left column  (U) - USE flags from make.conf              ]
[           : Right column (I) - USE flags packages was installed with ]
[ Found these USE variables for sys-libs/glibc-2.3.4.20040808-r1 ]
 U I
 + + nls         : <unknown>
 + + pic         : Build Position Independent Code. Needed for prelink or the hardened toolchain
 - - build       : !!internal use only!! DO NOT SET THIS FLAG YOURSELF!, used for creating build images and the first half of bootstrapping.
 + + nptl        : Enable support for Native POSIX Threads Library, the new threading module (requires linux-2.6 or better usually)
 - - erandom     : Enable erandom/frandom support in glibc for ssp
 + + hardened    : activate default security enhancements for toolchain (gcc, glibc, binutils)
 - - multilib    : On 64bit systems, if you want to be able to compile 32bit and 64bit binaries
 - - debug       : Tells configure and the makefiles to build for debugging. Effects vary across packages, but generally it will at least add -g to CFLAGS. Remember to set FEATURES=nostrip too
 - - userlocales : build only the locales specified in /etc/locales.build
 - - debug       : Tells configure and the makefiles to build for debugging. Effects vary across packages, but generally it will at least add -g to CFLAGS. Remember to set FEATURES=nostrip too

(Notice the "+ + pic")
I definitely made the change to ld-2.3.4.so:
Code:
plan9 lib # paxctl -v ld-2.3.4.so
PaX control v0.2
Copyright 2004 PaX Team <pageexec@freemail.hu>

- PaX flags: -------x-e-r [ld-2.3.4.so]
        RANDEXEC is disabled
        EMUTRAMP is disabled
        RANDMMAP is disabled

So how do I make prelink prelink?
Back to top
View user's profile Send private message
bens
n00b
n00b


Joined: 03 Mar 2004
Posts: 37
Location: MIT

PostPosted: Sun Feb 27, 2005 3:28 pm    Post subject: Getting closer Reply with quote

I'm getting closer: doing a stack trace led me to /lib/ld-linux.so.2, which is getting killed instantly under hardened. I don't know why.
See the new thread:
https://forums.gentoo.org/viewtopic-t-300991.html
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum