Re: [gentoo-hardened] Problems compiling xen - please help...

Thu, 02 Feb 2006 09:27:32 -0800 

On Thu, 02 Feb 2006 15:03:53 +0000
Ed W <[EMAIL PROTECTED]> wrote:

> I am trying to get Xen running under a hardened kernel.  The machine
> is currently booted with "selinux=1 enforcing=0".  I am having
> trouble compiling:

File a bug.  These unresolved symbols indicate those files have been
compiled with the stack protector on, as can be seen from the
compilation lines. However while the ebuild does do the 'filter-flags
-fPIE -fstack-protector' the build is ignoring CFLAGS for some of its
compilations.

An alternative for now, is to switch to the -hardenednopiessp variant
of your compiler and build it with that.

> gcc -DDEBUG -D_ACPI_ -DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc 
> -Wall -fno-builtin -O2 -msoft-float -m32 -march=i686 -D__ASSEMBLY__ 
> -DDEBUG -D_ACPI_ -DTEXTADDR=0x000D0000 -c trap.S
> gcc -DDEBUG -D_ACPI_ -DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc 
> -Wall -fno-builtin -O2 -msoft-float -m32 -march=i686 -c vm86.c
> gcc -DDEBUG -D_ACPI_ -DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc 
> -Wall -fno-builtin -O2 -msoft-float -m32 -march=i686 -c setup.c
> gcc -DDEBUG -D_ACPI_ -DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc 
> -Wall -fno-builtin -O2 -msoft-float -m32 -march=i686 -c util.c
> cpp -P -DDEBUG -D_ACPI_ -DTEXTADDR=0x000D0000 vmxassist.ld >
> vmxassist.tmp ld -o vmxassist -m elf_i386 -nostdlib --fatal-warnings
> -N -T vmxassist.tmp head.o trap.o vm86.o setup.o util.o
> vm86.o: In function `address':
> vm86.c:(.text+0x19): undefined reference to `__guard'
> vm86.c:(.text+0x56): undefined reference to `__stack_smash_handler'
> vm86.o: In function `trace':
> vm86.c:(.text+0xe9): undefined reference to `__guard'
> vm86.c:(.text+0x141): undefined reference to `__guard'
> vm86.c:(.text+0x15d): undefined reference to `__stack_smash_handler'
> vm86.o: In function `getreg':
> vm86.c:(.text+0x278): undefined reference to `__guard'
> vm86.o: In function `.L23':
> ...etc...
> 
> 
> I have tried various combinations of compiler using gcc-config.
> Neither gcc-3.4.4 or gcc-3.3.6 seem to do any better, hardened or not
> 
> I suspect that this could be a problem with the compiler still using 
> some hardend profile despite me asking for a non-hardened gcc?  Can 
> anyone please help debug this
> 
> Ed W


-- 
Kevin F. Quinn

Attachment: signature.asc
Description: PGP signature

Reply via email to