Hello there,
this is a bit off-topic, however if someone could point me in the right
direction, I would appreciate it.
I am trying to build a toolchain based on the HLFS-SVN-20080603 (the
last html-version) but with updated packages according to LFS 6.4. Which
means:
gcc-4.3.2
binutils-2.18
glibc-2.8-20080929
So far, everything wored like a charm, however while testing my
butterfly toolchain there seems to be some problem with fortify source:
the fgets-overflow works like expected:
echo abcdefghijklm | ./fgets-overflow 14
*** buffer overflow detected ***: ./fgets-overflow terminated
======= Backtrace: [...]
however the strcpy-overflow does not:
cat > strcpy-overflow.c << "EOF"
> #include <string.h>
> int main()
> {
> char buf[2];
> strcpy(buf,"12345");
> return 0;
> }
> EOF
root:~# gcc -o strcpy-overflow strcpy-overflow.c -static -L/usr/lib/static
root:~#
[ there is no warning about overflowing the buffer while compilng ]
./strcpy-overflow
*** stack smashing detected ***: ./strcpy-overflow terminated
======= Backtrace: [ ...]
and the overflow seems to be detected by ssp, not fortify source.
even compiling with
gcc -o strcpy-overflow strcpy-overflow.c -static -L/usr/lib/static -Wall
-Wextra -D_FORTIFY_SOURCE=2
gives the same results.
I disabled libssp in the gcc build, since glibc provides it. Could this
be the reason? Or is gcc-4.3 the problem?
I attached gcc -dumpspecs for info...
thanks, thorsten
*asm:
%{v:-V} %{Qy:} %{!Qn:-Qy} %{n} %{T} %{Ym,*} %{Yd,*} %{Wa,*:%*}
*asm_debug:
%{gstabs*:--gstabs}%{!gstabs*:%{g*:--gdwarf2}}
%{fdebug-prefix-map=*:--debug-prefix-map %*}
*asm_final:
*asm_options:
%{--target-help:%:print-asm-header()} %a %Y %{c:%W{o*}%{!o*:-o %w%b%O}}%{!c:-o
%d%w%u%O}
*invoke_as:
%{!S:-o %|.s |
as %(asm_options) %|.s %A }
*cpp:
%{posix:-D_POSIX_SOURCE} %{pthread:-D_REENTRANT}
*cpp_options:
%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}
%{f*} %{g*:%{!g0:%{!fno-working-directory:-fworking-directory}}} %{O*} %{undef}
%{save-temps:-fpch-preprocess}
*cpp_debug_options:
%{d*}
*cpp_unique_options:
%{C|CC:%{!E:%eGCC does not support -C or -CC without -E}}
%{!D_FORTIFY_SOURCE=*:%{!U_FORTIFY_SOURCE:-D_FORTIFY_SOURCE=2}} %{!Q:-quiet}
%{nostdinc*} %{C} %{CC} %{v} %{I*&F*} %{P} %I %{MD:-MD %{!o:%b.d}%{o*:%.d%*}}
%{MMD:-MMD %{!o:%b.d}%{o*:%.d%*}} %{M} %{MM} %{MF*} %{MG} %{MP} %{MQ*} %{MT*}
%{!E:%{!M:%{!MM:%{!MT:%{!MQ:%{MD|MMD:%{o*:-MQ %*}}}}}}} %{remap}
%{g3|ggdb3|gstabs3|gcoff3|gxcoff3|gvms3:-dD} %{H} %C %{D*&U*&A*} %{i*} %Z %i
%{fmudflap:-D_MUDFLAP -include mf-runtime.h} %{fmudflapth:-D_MUDFLAP
-D_MUDFLAPTH -include mf-runtime.h} %{E|M|MM:%W{o*}}
*trad_capable_cpp:
cc1 -E %{traditional|ftraditional|traditional-cpp:-traditional-cpp}
*cc1:
%(cc1_cpu) %{profile:-p}
*cc1_options:
%{pg:%{fomit-frame-pointer:%e-pg and -fomit-frame-pointer are incompatible}}
%{fpic|fPIC|fpie|static|D__KERNEL__:-fno-PIE;shared|nostdlib|nostartfiles:-fno-PIE
-fPIC;fno-pic|fno-PIC|fno-pie|fno-PIE:;:-fPIE} %{static:%{pie:%e-static and
-pie are incompatible}} %1 %{!Q:-quiet} -dumpbase %B %{d*} %{m*} %{a*}
%{c|S:%{o*:-auxbase-strip %*}%{!o*:-auxbase %b}}%{!c:%{!S:-auxbase %b}} %{g*}
%{O*} %{W*&pedantic*} %{w} %{std*&ansi&trigraphs} %{v:-version} %{pg:-p} %{p}
%{f*} %{undef} %{Qn:-fno-ident} %{--help:--help} %{--target-help:--target-help}
%{--help=*:--help=%(VALUE)} %{!fsyntax-only:%{S:%W{o*}%{!o*:-o %b.s}}}
%{fsyntax-only:-o %j} %{-param*} %{fmudflap|fmudflapth:-fno-builtin
-fno-merge-constants} %{!O*:-O} %{coverage:-fprofile-arcs -ftest-coverage}
%{D__KERNEL__:-fno-stack-protector;!fno-stack-protector:-fstack-protector-all}
*cc1plus:
*link_gcc_c_sequence:
%{static:--start-group} %G %L %{static:--end-group}%{!static:%G}
*link_ssp:
%{fstack-protector:}
*endfile:
%{ffast-math|funsafe-math-optimizations:crtfastmath.o%s}
%{mpc32:crtprec32.o%s} %{mpc64:crtprec64.o%s} %{mpc80:crtprec80.o%s}
%{shared|pie:crtendS.o%s;static|nopie|pg|p|profile:crtend.o%s;:crtendS.o%s}
crtn.o%s
*link:
%{!static:--eh-frame-hdr} -m %(link_emulation) %{shared:-shared} %{!shared:
%{!ibcs: %{!static: %{rdynamic:-export-dynamic}
%{!dynamic-linker:-dynamic-linker %(dynamic_linker)}} %{static:-static}}}
*lib:
%{pthread:-lpthread} %{shared:-lc} %{!shared:%{mieee-fp:-lieee}
%{profile:-lc_p}%{!profile:-lc}}
*mfwrap:
%{static: %{fmudflap|fmudflapth: --wrap=malloc --wrap=free --wrap=calloc
--wrap=realloc --wrap=mmap --wrap=munmap --wrap=alloca} %{fmudflapth:
--wrap=pthread_create}} %{fmudflap|fmudflapth: --wrap=main}
*mflib:
%{fmudflap|fmudflapth: -export-dynamic}
*link_gomp:
*libgcc:
%{static|static-libgcc:-lgcc
-lgcc_eh}%{!static:%{!static-libgcc:%{!shared-libgcc:-lgcc --as-needed -lgcc_s
--no-as-needed}%{shared-libgcc:-lgcc_s%{!shared: -lgcc}}}}
*startfile:
%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;static|nopie:crt1.o%s;:
Scrt1.o%s}} crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;
nopie|pg|p|profile:crtbegin.o%s;:crtbeginS.o%s}
*switches_need_spaces:
*cross_compile:
0
*version:
4.3.2
*multilib:
. ;
*multilib_defaults:
*multilib_extra:
*multilib_matches:
*multilib_exclusions:
*multilib_options:
*linker:
collect2
*link_libgcc:
%D
*md_exec_prefix:
*md_startfile_prefix:
*md_startfile_prefix_1:
*startfile_prefix_spec:
*sysroot_spec:
--sysroot=%R
*sysroot_suffix_spec:
*sysroot_hdrs_suffix_spec:
*cc1_cpu:
%{mcpu=*:-mtune=%* %n`-mcpu=' is deprecated. Use `-mtune=' or '-march=' instead.
} %<mcpu=* %{mintel-syntax:-masm=intel %n`-mintel-syntax' is deprecated. Use
`-masm=intel' instead.
} %{mno-intel-syntax:-masm=att %n`-mno-intel-syntax' is deprecated. Use
`-masm=att' instead.
}%{march=native:%<march=native %:local_cpu_detect(arch)
%{!mtune=*:%<mtune=native %:local_cpu_detect(tune)}}
%{mtune=native:%<mtune=native %:local_cpu_detect(tune)}
*link_emulation:
elf_i386
*dynamic_linker:
%{muclibc:%{mglibc:%e-mglibc and -muclibc used
together}/lib/ld-uClibc.so.0;:/lib/ld-linux.so.2}
*link_command:
%{!fsyntax-only:%{!c:%{!M:%{!MM:%{!E:%{!S: %(linker) %l %{pie:-pie}
%{static|Bstatic|shared|Bshareable|i|r|pie|nopie:;:-pie} %{!static:%{!Bstatic:
%{norelro:-z norelro;:-z relro} %{nocombreloc:-z nocombreloc;:-z combreloc}
%{nonow:-z lazy;:-z now} }} %X %{o*} %{A} %{d} %{e*} %{m} %{N} %{n} %{r}
%{s} %{t} %{u*} %{x} %{z} %{Z} %{!A:%{!nostdlib:%{!nostartfiles:%S}}}
%{static:} %{L*} %(mfwrap) %(link_libgcc) %o
%{fopenmp|ftree-parallelize-loops=*:%:include(libgomp.spec)%(link_gomp)}
%(mflib) %{fprofile-arcs|fprofile-generate|coverage:-lgcov}
%{!nostdlib:%{!nodefaultlibs:%(link_ssp) %(link_gcc_c_sequence)}}
%{!A:%{!nostdlib:%{!nostartfiles:%E}}} %{T*} }}}}}}
--
http://linuxfromscratch.org/mailman/listinfo/hlfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
