[Please keep both <bug-hurd@gnu.org> and <grub-devel@gnu.org> in the recipients list.]
Hello! For some time, GCC now offers the following feature: info Gcc #v+ `-fstack-protector' Emit extra code to check for buffer overflows, such as stack smashing attacks. This is done by adding a guard variable to functions with vulnerable objects. This includes functions that call alloca, and functions with buffers larger than 8 bytes. The guards are initialized when a function is entered and then checked when the function exits. If a guard check fails, an error message is printed and the program exits. #v- I now happen to be running a GCC 4.1 installation which has that one enabled by default. Unfortunately, building GNU Mach and GRUB2 (didn't check GRUB legacy) is affected by that: GRUB2 #v+ [...] gcc -o kernel.exec kernel_img-kern_i386_pc_startup.o kernel_img-kern_main.o kernel_img-kern_device.o kernel_img-kern_disk.o kernel_img-kern_dl.o kernel_img-kern_file.o kernel_img-kern_fs.o kernel_img-kern_err.o kernel_img-kern_misc.o kernel_img-kern_mm.o kernel_img-kern_loader.o kernel_img-kern_rescue.o kernel_img-kern_term.o kernel_img-kern_i386_dl.o kernel_img-kern_i386_pc_init.o kernel_img-kern_parser.o kernel_img-kern_partition.o kernel_img-kern_env.o kernel_img-disk_i386_pc_biosdisk.o kernel_img-term_i386_pc_console.o kernel_img-symlist.o -nostdlib -Wl,-N,-Ttext,8200 -fno-builtin -mrtd -mregparm=3 -m32 kernel_img-kern_device.o: In function `grub_device_iterate': ../kern/device.c:142: undefined reference to `__stack_chk_fail' kernel_img-kern_disk.o: In function `grub_disk_write': ../kern/disk.c:553: undefined reference to `__stack_chk_fail' kernel_img-kern_misc.o: In function `grub_vsprintf': ../kern/misc.c:897: undefined reference to `__stack_chk_fail' kernel_img-kern_rescue.o: In function `grub_rescue_cmd_cat': ../kern/rescue.c:169: undefined reference to `__stack_chk_fail' kernel_img-kern_i386_pc_init.o: In function `grub_machine_set_prefix': ../kern/i386/pc/init.c:239: undefined reference to `__stack_chk_fail' kernel_img-kern_parser.o:../kern/parser.c:230: more undefined references to `__stack_chk_fail' follow collect2: ld returned 1 exit status make: *** [kernel.exec] Error 1 #v- GNU Mach #v+ [...] ld -u _start -r -o gnumach.o --start-group libkernel.a liblinux.a liblinux_pcmcia_cs_modules.a liblinux_pcmcia_cs_clients.a liblinux_pcmcia_cs_wireless.a nm -u gnumach.o | sed 's/ *U *//;s/^_*//' | sort -u > gnumach-undef sed '/^memcpy$/d; /^memmove$/d; /^memset$/d; /^bcopy$/d; /^bzero$/d; /^strchr$/d; /^strstr$/d; /^strsep$/d; /^strpbrk$/d; /^strtok$/d; /^htonl$/d; /^htons$/d; /^ntohl$/d; /^ntohs$/d; /^etext$/d; /^edata$/d; /^end$/d;' gnumach-undef > gnumach-undef-bad if test -s gnumach-undef-bad; \ then cat gnumach-undef-bad; exit 2; else true; fi stack_chk_fail make[2]: *** [clib-routines.o] Error 2 make[2]: Leaving directory `/fs/data/mount/home/thomas/tmp/source/gnumach/gnumach-1-branch/build' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/fs/data/mount/home/thomas/tmp/source/gnumach/gnumach-1-branch/build' make: *** [all] Error 2 #v- Is it feasible to have the `-fstack-protector' functionality in GNU Mach and GRUB2 (and how to do that, then) or shall we unconditionally pass `-fno-stack-protector' if available? Regards, Thomas
signature.asc
Description: Digital signature
_______________________________________________ Bug-hurd mailing list Bug-hurd@gnu.org http://lists.gnu.org/mailman/listinfo/bug-hurd