tests in 5.9. cocoon toolchain

Robert Connolly robert at linuxfromscratch.org
Wed Feb 13 15:53:04 PST 2008


On Wednesday February 13 2008 12:27:51 pm Petr Cerny wrote:
> Robert Connolly wrote:
> > On Tuesday February 12 2008 11:20:57 am Petr Cerny wrote:
> >> Hi,
> >>
> >> I'm a little bit confused by the section of important tests in 5.9.
> >> (Version SVN-20080118) - should:
> >>
> >> $gcc -o strcat-overflow strcat-overflow.c -U_FORTIFY_SOURCE
> >>
> >> really produce stack-smashing-protected binary (as indicated by stated
> >> output)? I'd rather expect it producing a non-protected program, which
> >> is exactly what happens for my build (not by-the-book as I'm trying
> >> x86-64).
> >
> > The -U_FORTIFY_SOURCE does not disable stack protection. If the program
> > does a segmentation fault then ssp isn't on by default for you. Retry
> > with -fstack-protector-all just to see if it works. I don't think you
> > applied the gcc-fstack_protector patch. The ssp patch should work for
> > every architecture (the fpie patch probably doesn't work for x86-64).
>
> Thanks for prompt answer. Meanwhile, I've made myself clear the
> difference between ssp and _FORTIFY_SOURCE - which was the cause of
> misunderstanfing in this case. The stack-smashing protector works for me
> in 64bit binary however, I had to supply the test program much longer
> string (about 25bytes) - maybe stack is differently organized or aligned
> on x86-64 or some additional registers get stored between the canary and
> the string?

I think it has more to do with libc than gcc, but I'm just guessing.

> As for the fpie patch: is there some (simple) way to test whether it
> works for x86-64? (It will probably require some update as there are
> some sections which modify only "32bit parts" of gcc).

readelf -ld strcat-overflow | \
    grep -E 'Shared object|TEXTREL'

If it's not working, the patch should be pretty simple. Try to tell me if 
gcc/config/ia64/linux.h is a file you use, instead of 
gcc/config/i386/linux.h. The patch for both files will be the same. I'll add 
the x86-64 difference if you can test it.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20080213/f7666614/attachment.sig>


More information about the hlfs-dev mailing list