On Wed, Oct 15, 2014 at 10:06:48PM -0400, Andrew Piskorski wrote:

> All that seems to matter, is that nsthreadtest ALWAYS fails when I
> configured with this:
>   --with-tcl=/usr/lib/tcl8.5
> And if I instead use Tcl 8.4 like this it works fine:
>   --with-tcl=/usr/lib/tcl8.4

I Compared the config.log files from those two cases.  There are a
bunch of differences in th egiant TCL_DEFS string.

But for the C-level build stuff, the only non-obvious looking
difference are these:

TCL_VERSION='8.4' 
TCL_EXTRA_CFLAGS='-g -O2 -fno-unit-at-a-time -pipe ' 
TCL_LD_FLAGS='-Wl,-Bsymbolic-functions -Wl,--export-dynamic' 
 
TCL_VERSION='8.5' 
TCL_EXTRA_CFLAGS='-g -O2 -fno-unit-at-a-time -pipe -D_FORTIFY_SOURCE=2' 
TCL_LD_FLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--export-dynamic ' 

So 8.5 adds two options not present with 8.4, but I'm not sure if
either of these actually get used by Naviserver:

  -D_FORTIFY_SOURCE=2

  -Wl,-z,relro : Create an ELF "PT_GNU_RELRO" segment header in the object.

Both use -O2, and I suspect they both may be effectively getting
-D_FORTIFY_SOURCE=2 as well, because 'man gcc' says it's the default
when using -O2:

  NOTE: In Ubuntu 8.10 and later versions, -D_FORTIFY_SOURCE=2 is set by
  default, and is activated when -O is set to 2 or higher.  This enables
  additional compile-time and run-time checks for several libc functions.
  To disable, specify either -U_FORTIFY_SOURCE or -D_FORTIFY_SOURCE=0.

  $ gcc --version
  gcc (Ubuntu/Linaro 4.6.3-1ubuntu5) 4.6.3

The relro linker option is also for robustness/security:

  https://wiki.ubuntu.com/Security/Features#relro

  Built with RELRO

  Hardens ELF programs against loader memory area overwrites by having
  the loader mark any areas of the relocation table as read-only for any
  symbols resolved at load-time ("read-only relocations"). This reduces
  the area of possible GOT-overwrite-style memory corruption attacks.

I don't think the relro flag from Tcl actually gets used anywhere in Naviserver.

Just in case, I rebuilt with Tcl 8.5 and -D_FORTIFY_SOURCE= 1 and 0,
but nsthreadtest still crashed in both cases.

-- 
Andrew Piskorski <a...@piskorski.com>

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel

Reply via email to