disaster! glibc, gcc4, FORTIFY_SOURCE

cs at zip.com.au cs at zip.com.au
Fri Apr 15 00:36:02 UTC 2005 

On 13Apr2005 23:06, Warren Togami <wtogami at redhat.com> wrote:
| Cameron Simpson wrote:
| >At the risk of looking like a complete idiot, I'd like to report [...that...]
| >In an excess of zeal yesterday I upgraded some packages from the
| >development set and now various programs report "buffer overflow detected"
| >and like messages, and abort. [...]
| 
| Umm, it sounds like you tried to install FC4 packages onto FC3.

Correct.

| DO NOT DO THAT.  That is totally unsupported and very likely the reason for 
| things exploding.

I can believe that, but can you elaborate briefly on why this might be so, in
terms of mechanisms?

Does the fortify stuff put canaries etc in data structures and require
apps to be built with the same flags to insert things like that that
are later checked by the lower layers (eg glibc)?

Still, my /etc/yum.repos.d/fedora-devel.repo came from my FC3 install,
so one might imagine that although they are development packages and
could exhibit any behaviour, things might work. And, in fact, broadly
they do. The bash explosion, while perfectly repeatable, is proving very
difficult to reproduce in a test case I can show someone else.

Now, one interesting thing is that I upgraded these things with yum,
which was following the usual dependency stuff. I didn't lie to RPM
anywhere. Looking at an ldd of bash it loads this:

        linux-gate.so.1 =>  (0xffffe000)
        libtermcap.so.2 => /lib/libtermcap.so.2 (0x00583000)
        libdl.so.2 => /lib/libdl.so.2 (0xb7f01000)
        libc.so.6 => /lib/tls/libc.so.6 (0xb7dd7000)
        /lib/ld-linux.so.2 (0xb7f29000)

They would all have been updated. Now, bash _should_ be getting a
perfectly clean fedora-devel set of libs and of course grows from an
exec(), so to my mind there should be no opportunity for a non-FC4
facility to be getting into the picture. Should _that_ be expected to
work, regardless of other bustedness I may have introduced to my system?

I accept that bustedness might be expected of other, mixed FC3/FC4,
apps but I'd have thought for bash and its few libs I'd be in a "pure
FC4" zone.

BTW, while exhibiting my cluelessness, what does this mean?

	[~]zoob*> rpm -qf /lib/libdl.so.2
	glibc-2.3.5-0.fc3.1
	glibc-2.3.4-2.fc3

I've downgraded glibc to the FC3 one for now (which actually hasn't
changed the behaviours), which doubtless caused the above thing but I
confess to being surprised that the RPM db could claim the above.

I'll see if I can find a on which box to run up FC4test2 today, too.

Cheers,
-- 
Cameron Simpson <cs at zip.com.au> DoD#743
http://www.cskk.ezoshosting.com/cs/

You wouldn't... ...but you KNOW you could.      - Original V65 Commercial

More information about the fedora-devel-list mailing list