On Fri, Jan 02, 2009 at 11:14:52PM +0100, Stefan Reimer wrote:
Hi, to build wine using gcc 4.3 with enabled ssp (stack-smashing-protector) the following patch must be applied to loader/preloader.c
see gcc source ./gcc/config/i386/i386.c around line 24391
/* For 32-bit code we can save PIC register setup by using __stack_chk_fail_local hidden function instead of calling __stack_chk_fail directly. 64-bit code doesn't need to setup any PIC register, so it is better to call __stack_chk_fail directly. */
Patch:
diff --git a/loader/preloader.c b/loader/preloader.c index 5fcb974..1143972 100644 --- a/loader/preloader.c +++ b/loader/preloader.c @@ -163,6 +163,7 @@ void __bb_init_func(void) { return; }
/* similar to the above but for -fstack-protector */ void *__stack_chk_guard = 0; +void __stack_chk_fail_local(void) { return; } void __stack_chk_fail(void) { return; }
/* data for setting up the glibc-style thread-local storage in %gs */
Hmm,
why does this work for me on openSUSE then?
The line: gcc -c -I. -I. -I../include -I../include -Wall -pipe -fno-strict-aliasing -Wdeclaration-after-statement -Wwrite-strings -W type-limits -Wpointer-arith -march=i586 -mtune=i686 -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funw ind-tables -fasynchronous-unwind-tables -g -o preloader.o preloader.c
works fine here. Are you passing in -fPIC?
Ciao, marcus
On Fri, Jan 02, 2009 at 11:14:52PM +0100, Stefan Reimer wrote:
Hi, to build wine using gcc 4.3 with enabled ssp (stack-smashing-protector) the following patch must be applied to loader/preloader.c
see gcc source ./gcc/config/i386/i386.c around line 24391
/* For 32-bit code we can save PIC register setup by using __stack_chk_fail_local hidden function instead of calling __stack_chk_fail directly. 64-bit code doesn't need to setup any PIC register, so it is better to call __stack_chk_fail directly. */
Patch:
diff --git a/loader/preloader.c b/loader/preloader.c index 5fcb974..1143972 100644 --- a/loader/preloader.c +++ b/loader/preloader.c @@ -163,6 +163,7 @@ void __bb_init_func(void) { return; }
/* similar to the above but for -fstack-protector */ void *__stack_chk_guard = 0; +void __stack_chk_fail_local(void) { return; } void __stack_chk_fail(void) { return; }
/* data for setting up the glibc-style thread-local storage in %gs */
Hmm,
why does this work for me on openSUSE then?
The line: gcc -c -I. -I. -I../include -I../include -Wall -pipe -fno-strict-aliasing -Wdeclaration-after-statement -Wwrite-strings -W type-limits -Wpointer-arith -march=i586 -mtune=i686 -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funw ind-tables -fasynchronous-unwind-tables -g -o preloader.o preloader.c
works fine here. Are you passing in -fPIC?
Ciao, marcus
Hi, I am using gentoo hardened:
gcc (Gentoo Hardened 4.3.2-r7 p1.5, ssp, fortify, pie-10.2.0) 4.3.2 glibc 2.8
Using gcc -v gives:
/usr/libexec/gcc/x86_64-pc-linux-gnu/4.3.2/cc1 -quiet -v -I. -I. -I../include -I../include -imultilib 32 preloader.c -D_FORTIFY_SOURCE=2 -fPIE -fstack-protector -fstack-protector-all -fno-strict-overflow -quiet -dumpbase preloader.c -m32 -march=athlon64 -auxbase-strip preloader.o -O2 -Wall -Wdeclaration-after-statement -Wwrite-strings -Wtype-limits -Wpointer-arith -version -fno-strict-aliasing -o - | /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.2/../../../../x86_64-pc-linux-gnu/bin/as -V -Qy --32 -o preloader.o -
The hardened gcc specs brings in -fPIE, which is similiar to -fPIC.
So YES I do ;-)
Is this a problem ?
Cyas Stefan
On Fri, Jan 02, 2009 at 11:14:52PM +0100, Stefan Reimer wrote:
Hi, to build wine using gcc 4.3 with enabled ssp (stack-smashing-protector) the following patch must be applied to loader/preloader.c
see gcc source ./gcc/config/i386/i386.c around line 24391
/* For 32-bit code we can save PIC register setup by using __stack_chk_fail_local hidden function instead of calling __stack_chk_fail directly. 64-bit code doesn't need to setup any PIC register, so it is better to call __stack_chk_fail directly. */
Patch:
diff --git a/loader/preloader.c b/loader/preloader.c index 5fcb974..1143972 100644 --- a/loader/preloader.c +++ b/loader/preloader.c @@ -163,6 +163,7 @@ void __bb_init_func(void) { return; }
/* similar to the above but for -fstack-protector */ void *__stack_chk_guard = 0; +void __stack_chk_fail_local(void) { return; } void __stack_chk_fail(void) { return; }
/* data for setting up the glibc-style thread-local storage in %gs */
Hmm,
why does this work for me on openSUSE then?
The line: gcc -c -I. -I. -I../include -I../include -Wall -pipe -fno-strict-aliasing -Wdeclaration-after-statement -Wwrite-strings -W type-limits -Wpointer-arith -march=i586 -mtune=i686 -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funw ind-tables -fasynchronous-unwind-tables -g -o preloader.o preloader.c
works fine here. Are you passing in -fPIC?
Ciao, marcus
Hi, I am using gentoo hardened:
gcc (Gentoo Hardened 4.3.2-r7 p1.5, ssp, fortify, pie-10.2.0) 4.3.2 glibc 2.8
Using gcc -v gives:
/usr/libexec/gcc/x86_64-pc-linux-gnu/4.3.2/cc1 -quiet -v -I. -I. -I../include -I../include -imultilib 32 preloader.c -D_FORTIFY_SOURCE=2 -fPIE -fstack-protector -fstack-protector-all -fno-strict-overflow -quiet -dumpbase preloader.c -m32 -march=athlon64 -auxbase-strip preloader.o -O2 -Wall -Wdeclaration-after-statement -Wwrite-strings -Wtype-limits -Wpointer-arith -version -fno-strict-aliasing -o - | /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.2/../../../../x86_64-pc-linux-gnu/bin/as -V -Qy --32 -o preloader.o -
The hardened gcc specs brings in -fPIE, which is similiar to -fPIC.
So YES I do ;-)
Is this a problem ?
Cyas Stefan
-
Marcus Meissner -
Stefan Reimer