On Wed, Oct 15, 2014 at 10:06:48PM -0400, Andrew Piskorski wrote: > All that seems to matter, is that nsthreadtest ALWAYS fails when I > configured with this: > --with-tcl=/usr/lib/tcl8.5 > And if I instead use Tcl 8.4 like this it works fine: > --with-tcl=/usr/lib/tcl8.4
I Compared the config.log files from those two cases. There are a bunch of differences in th egiant TCL_DEFS string. But for the C-level build stuff, the only non-obvious looking difference are these: TCL_VERSION='8.4' TCL_EXTRA_CFLAGS='-g -O2 -fno-unit-at-a-time -pipe ' TCL_LD_FLAGS='-Wl,-Bsymbolic-functions -Wl,--export-dynamic' TCL_VERSION='8.5' TCL_EXTRA_CFLAGS='-g -O2 -fno-unit-at-a-time -pipe -D_FORTIFY_SOURCE=2' TCL_LD_FLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--export-dynamic ' So 8.5 adds two options not present with 8.4, but I'm not sure if either of these actually get used by Naviserver: -D_FORTIFY_SOURCE=2 -Wl,-z,relro : Create an ELF "PT_GNU_RELRO" segment header in the object. Both use -O2, and I suspect they both may be effectively getting -D_FORTIFY_SOURCE=2 as well, because 'man gcc' says it's the default when using -O2: NOTE: In Ubuntu 8.10 and later versions, -D_FORTIFY_SOURCE=2 is set by default, and is activated when -O is set to 2 or higher. This enables additional compile-time and run-time checks for several libc functions. To disable, specify either -U_FORTIFY_SOURCE or -D_FORTIFY_SOURCE=0. $ gcc --version gcc (Ubuntu/Linaro 4.6.3-1ubuntu5) 4.6.3 The relro linker option is also for robustness/security: https://wiki.ubuntu.com/Security/Features#relro Built with RELRO Hardens ELF programs against loader memory area overwrites by having the loader mark any areas of the relocation table as read-only for any symbols resolved at load-time ("read-only relocations"). This reduces the area of possible GOT-overwrite-style memory corruption attacks. I don't think the relro flag from Tcl actually gets used anywhere in Naviserver. Just in case, I rebuilt with Tcl 8.5 and -D_FORTIFY_SOURCE= 1 and 0, but nsthreadtest still crashed in both cases. -- Andrew Piskorski <a...@piskorski.com> ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel
