Unable to build a working "static" 1.19.3 build under uclibc hardened

Mon, 20 Aug 2012 12:47:19 -0700

Hi, I'm still trying to understand the details or figure out how to get a backtrace, but although I can build a working dynamically linked busybox 1.19.3, whenever I build the same config with "static" config set I get a binary which behaves very strangely, in particular dying whenever a sub process is used, or exiting the main executable: 

# /tmp/busybox sh /tmp/test.sh
Killed (core dumped)

# cat /tmp/test.sh
#!/bin/sh
echo abcd | grep debug
The specifics of the build environment are a gentoo x86 chroot, running uclibc 0.9.33.1, and a hardened gcc and toolchain. Kernel has PAX and grsec enabled
Running up a busybox shell with this binary and then running any command with a pipe (|) seems to cause the core dump message, then a second attempt locks up the shell and trying to kill -9 the process from another shell worryingly seems to take quite a significant number of seconds before the task dies, something like a few 10s of seconds perhaps. 

I see in my log files:
[5882184.345386] PAX: From 192.168.105.65: execution attempt in: (null), 00000000-00000000 00000000 [5882184.345391] PAX: terminating task: /tmp/busybox(busybox):20169, uid/euid: 0/0, PC: (nil), SP: 00000000fdba1bc4 [5882184.345393] PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? [5882184.345415] PAX: bytes at SP-8: 0814ee3408138eb8 fdba1d280804faaa 08138eb8fdba1bc0 ffffffff00000000 fdba1d28080a9805 080b4efb00000001 0000000008138eb8 0815fdbcffffffff 0815fdac026176ba 08138eb8080a97d3 00000018080b18d3
Same build without static works fine (I notice that toggling static toggles PIE - is this significant? I presume it makes no sense to have a PIE enabled static executable..?)
I have previously successfully built a static 1.18.3 executable, but foolishly can't lay my hands on the .config now... I'm just trying to build various previous versions to see if this is a regression in 1.19, but wanted to ask if there were any known regressions here, or if I'm overlooking some obvious build process error that would be significant with a hardened + static build? I'm not even sure of a sensible way to get the core dump under gdb at the moment? 

Thanks for any pointers

Ed W
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox

Reply via email to