Jan Klod wrote:
Hello.
I was trying to make a switch form normal, freshly installed gentoo to
hardened like described in PaX quickstart.
http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml Though, that
guide is missing to inform about when should I boot hardened-sources.
Not sure if after "emerge binutils gcc virtual/libc" or "emerge -e
world", but I got this error, which persists:
============================================================================
*** stack smashing detected ***: cc1 - terminated
cc1: stack smashing attack in function ix86_split_to_parts - terminated
Report to http://bugs.gentoo.org/
i686-pc-linux-gnu-gcc: Internal error: Killed (program cc1)
Please submit a full bug report.
See <URL:http://bugs.gentoo.org/> for instructions.
make[2]: ***
[/var/tmp/portage/sys-libs/glibc-2.6.1/work/build-default-i686-pc-linux-gnu-nptl/math/s_catanl.o]
Error 1
make[2]: Leaving directory
`/var/tmp/portage/sys-libs/glibc-2.6.1/work/glibc-2.6.1/math'
make[1]: *** [math/others] Error 2
make[1]: Leaving directory
`/var/tmp/portage/sys-libs/glibc-2.6.1/work/glibc-2.6.1'
make: *** [all] Error 2
*
* ERROR: sys-libs/glibc-2.6.1 failed.
* Call stack:
* ebuild.sh, line 49: Called src_compile
* environment, line 3350: Called eblit-run 'src_compile'
* environment, line 1075: Called eblit-glibc-src_compile
* src_compile.eblit, line 181: Called toolchain-glibc_src_compile
* src_compile.eblit, line 122: Called die
* The specific snippet of code:
* make PARALLELMFLAGS="${MAKEOPTS}" || die "make for
${ABI} failed"
* The die message:
* make for default failed
*
* If you need support, post the topmost build error, and the call
stack if relevant.
* A complete build log is located at
'/var/tmp/portage/sys-libs/glibc-2.6.1/temp/build.log'.
* The ebuild environment file is located at
'/var/tmp/portage/sys-libs/glibc-2.6.1/temp/environment'.
============================================================================
Should I really discard my work with normal install (lost
configurations + some hustle) and use hardened stage3? (somehow I
don't believe, I discovered something really "bug")
And one more question: is hardened toolchain built userland going to
work with gentoo-sources?
You should not boot into the PaX-enabled kernel until you
have rebuilt everything with the new binutils/gcc
combination. Otherwise you risk a critical application
still doing something bad, which is happening here.
To fix this, you need to boot into a non-PaX kernel but
hardened profile, and re-emerge gcc. I'd suggest, to be
absolutely sure you got everything, you just rerun the two
emerge steps again from the beginning:
emerge -1 bintils gcc virtual/libc
emerge -e world
