[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: unrandomize issue with glibc 2.36.9000 and _FORTIFY_SOURCE
From: |
Camm Maguire |
Subject: |
Re: unrandomize issue with glibc 2.36.9000 and _FORTIFY_SOURCE |
Date: |
Wed, 18 Jan 2023 11:27:10 -0500 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Greetings, and thanks as always for the heads up.
Do you have an estimate for when this libc and/or gcc-13 hits the fedora
release cycle?
Take care,
Jerry James <loganjerry@gmail.com> writes:
> A new snapshot of the upcoming glibc 2.37 (called 2.36.9000) has
> landed in Fedora, and now gcl 2.6.14 does this while running
> configure:
>
> checking for personality(ADDR_NO_RANDOMIZE) support... no
> checking that sbrk is (now) non-random... no
> Cannot build with randomized sbrk. Your options:
> - upgrade to a kernel/libc that knows about personality(ADDR_NO_RANDOMIZE)
> - recompile your kernel with CONFIG_COMPAT_BRK (if it has that option)
> - run sysctl kernel.randomize_va_space=0 before using gcl
> configure: error: exiting
>
> And config.log is full of errors:
>
> configure:8097: checking for personality(ADDR_NO_RANDOMIZE) support
> configure:8117: gcc -o conftest -O2 -fexceptions -g
> -grecord-gcc-switches -pipe -Wall -Werror=format-security
> -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS
> -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic
> -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
> -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -fsigned-char
> -pipe -fcommon -fno-builtin-malloc -fno-builtin-free -fno-PIE -fno-pie
> -fno-PIC -fno-pic -Wall -Wno-empty-body -Wno-unused-but-set-variable
> -I/usr/include/tirpc -Wl,-z,relro -Wl,--as-needed
> -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1
> -no-pie conftest.c >&5
> In file included from /usr/include/unistd.h:1214,
> from h/unrandomize.h:4,
> from conftest.c:64:
> /usr/include/bits/unistd.h: In function 'main':
> /usr/include/bits/unistd.h:36:1: error: nested function 'read' declared
> 'extern'
> 36 | read (int __fd, void *__buf, size_t __nbytes)
> | ^~~~
> /usr/include/bits/unistd.h:36:1: error: static declaration of 'read'
> follows non-static declaration
> /usr/include/unistd.h:371:16: note: previous declaration of 'read'
> with type 'ssize_t(int, void *, size_t)' {aka 'long int(int, void *,
> long unsigned int)'}
> 371 | extern ssize_t read (int __fd, void *__buf, size_t __nbytes) __wur
> | ^~~~
> /usr/include/bits/unistd.h:72:1: error: nested function 'pread'
> declared 'extern'
> 72 | pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset)
> | ^~~~~
> /usr/include/bits/unistd.h:72:1: error: static declaration of 'pread'
> follows non-static declaration
> /usr/include/unistd.h:389:16: note: previous declaration of 'pread'
> with type 'ssize_t(int, void *, size_t, __off_t)' {aka 'long
> int(int, void *, long unsigned int, long int)'}
> 389 | extern ssize_t pread (int __fd, void *__buf, size_t __nbytes,
> | ^~~~~
> /usr/include/bits/unistd.h:90:1: error: nested function 'pread64'
> declared 'extern'
> 90 | pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
> | ^~~~~~~
> /usr/include/bits/unistd.h:90:1: error: static declaration of
> 'pread64' follows non-static declaration
> /usr/include/unistd.h:422:16: note: previous declaration of 'pread64'
> with type 'ssize_t(int, void *, size_t, __off64_t)' {aka 'long
> int(int, void *, long unsigned int, long int)'}
> 422 | extern ssize_t pread64 (int __fd, void *__buf, size_t __nbytes,
> | ^~~~~~~
> In file included from /usr/include/features.h:490,
> from /usr/include/bits/libc-header-start.h:33,
> from /usr/include/stdio.h:27,
> from conftest.c:61:
> /usr/include/bits/unistd.h:116:1: error: nested function 'readlink'
> declared 'extern'
> 116 | __NTH (readlink (const char *__restrict __path, char *__restrict
> __buf,
> | ^~~~~
> /usr/include/bits/unistd.h:116:1: error: static declaration of
> 'readlink' follows non-static declaration
> /usr/include/unistd.h:838:16: note: previous declaration of 'readlink'
> with type 'ssize_t(const char * restrict, char * restrict, size_t)'
> {aka 'long int(const char * restrict, char * restrict, long unsigned
> int)'}
> 838 | extern ssize_t readlink (const char *__restrict __path,
>
>
> and so on. The problem is h/unrandomize.h, which starts with #include
> directives, then has code meant to be embedded in a function.
> Apparently the combination of that with -O2 and
> -Wp,-D_FORTIFY_SOURCE=3 (or 2) leads to the errors above. Here is the
> definition of read from /usr/include/bits/unistd.h, for example:
>
> __fortify_function __wur ssize_t
> read (int __fd, void *__buf, size_t __nbytes)
> {
> return __glibc_fortify (read, __nbytes, sizeof (char),
> __glibc_objsize0 (__buf),
> __fd, __buf, __nbytes);
> }
>
> I don't know offhand where or how __fortify_function or
> __glibc_fortify are defined, but note the "nested function" parts of
> the errors above. That read() function is a full definition, so when
> it appears inside a function body, that makes it a nested function,
> which makes it fail to match the unfortified function declaration.
>
> The attached patch may not be optimal, but seems to solve this
> problem. Then the GCC 13 prerelease version we are using seems to be
> causing another problem that I haven't had time to diagnose yet. More
> on that later.
--
Camm Maguire camm@maguirefamily.org
==========================================================================
"The earth is but one country, and mankind its citizens." -- Baha'u'llah