hi Rahul, server-devel,
I've made a new pam_sotp RPM, which differs only in that it is
compiled with CFLAGS="-fno-stack-protector". I made this change
because the original was causing errors like this:
PAM unable to dlopen(/lib/security/pam_sotp.so): \
/lib/security/pam_sotp.so: undefined symbol: __stack_chk_fail_local
It makes me nervous to be turning off stack smashing checks on pam
modules, notwithstanding that this error seems to be caused by gcc
incompatibilities (-fstack-protector is newish) rather than any actual
deficiency.
Does anyone have a better patch or understanding of the cause? In
similar looking cases Google suggests linking using gcc rather than
ld, but my rpm-fu is too weak to cause that.
Douglas
$ diff -u /usr/src/redhat/SPECS/pam_sotp.spec pam_sotp.spec
--- /usr/src/redhat/SPECS/pam_sotp.spec 2008-07-23 18:10:53.000000000 +1200
+++ pam_sotp.spec 2008-10-24 15:08:55.000000000 +1300
@@ -4,7 +4,7 @@
Name: pam_sotp
Version: 0.3.3
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: PAM module that provides support for One Time
Passwords (OTP) authentication
Group: System Environment/Base
@@ -32,7 +32,7 @@
%build
%{configure} --with-randomdev=/dev/urandom
-%{__make} %{?_smp_mflags}
+%{__make} %{?_smp_mflags} CFLAGS="-fno-stack-protector"
/usr/bin/links -dump file://./doc/manual/html/manual.html > manual.txt
@@ -70,5 +70,7 @@
%{_bindir}/otppasswd
%changelog
+* Fri Oct 24 2008 Douglas Bagnall <[EMAIL PROTECTED]> 0.3.3-2
+- add '-fno-stack-protector' to CFLAGS.
* Wed Jul 23 2008 Rahul Sundaram <[EMAIL PROTECTED]> 0.3.3-1
- initial build
_______________________________________________
Server-devel mailing list
[email protected]
http://lists.laptop.org/listinfo/server-devel
