Compilation problem with SSP / -fstack-protect-all flag
Posted: Wed Nov 09, 2011 2:47 pmHi Team,
I tried to compile a GRSEC/PAX kernel based on the following versions :
- Debian 6.0.3
- gcc 4.4.5
- kernel -2.6.38.7
- grsecurity-2.2.2-2.6.38.7-201105222331.patch
I succeed without any noticeable error when using the basic makefile.
The I added the : CFLAGS_KERNEL = -Wformat -Wformat-security -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2
To harden the kernel and get rid of the strcpy vulnerability reported by paxtest. (see at the end of the post). But I keep on getting a compilation error when LD is trying to link all this :
[...]
LD arch/x86/kernel/acpi/realmode/wakeup.elf
arch/x86/kernel/acpi/realmode/wakemain.o: In function `beep':
/data/kernel/linux-2.6.38.7/arch/x86/kernel/acpi/realmode/wakemain.c:32: undefined reference to `__stack_chk_fail'
arch/x86/kernel/acpi/realmode/wakemain.o: In function `main':
/data/kernel/linux-2.6.38.7/arch/x86/kernel/acpi/realmode/wakemain.c:81: undefined reference to `__stack_chk_fail'
arch/x86/kernel/acpi/realmode/video-mode.o: In function `probe_cards':
/data/kernel/linux-2.6.38.7/arch/x86/kernel/acpi/realmode/../../../boot/video-mode.c:51: undefined reference to `__stack_chk_fail'
arch/x86/kernel/acpi/realmode/video-mode.o: In function `mode_defined':
/data/kernel/linux-2.6.38.7/arch/x86/kernel/acpi/realmode/../../../boot/video-mode.c:69: undefined reference to `__stack_chk_fail'
arch/x86/kernel/acpi/realmode/video-mode.o: In function `set_mode':
/data/kernel/linux-2.6.38.7/arch/x86/kernel/acpi/realmode/../../../boot/video-mode.c:173: undefined reference to `__stack_chk_fail'
arch/x86/kernel/acpi/realmode/regs.o:/data/kernel/linux-2.6.38.7/arch/x86/kernel/acpi/realmode/../../../boot/regs.c:29: more undefined references to `__stack_chk_fail' follow
make[5]: *** [arch/x86/kernel/acpi/realmode/wakeup.elf] Error 1
make[4]: *** [arch/x86/kernel/acpi/realmode/wakeup.bin] Error 2
make[3]: *** [arch/x86/kernel/acpi] Error 2
make[2]: *** [arch/x86/kernel] Error 2
make[1]: *** [arch/x86] Error 2
It seems I'm doing something wrong there. I maybe lack the lib64ssp0 library but it's unfortunately not available on the debian squeeze anymore.
Any idea ? Di I made a mistake somewhere ?
(of course, if I get rid of -fstack-protector-all, everything compile just fine (and boot))
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable shared library bss : Killed
Executable shared library data : Killed
Executable anonymous mapping (mprotect) : Killed
Executable bss (mprotect) : Killed
Executable data (mprotect) : Killed
Executable heap (mprotect) : Killed
Executable stack (mprotect) : Killed
Executable shared library bss (mprotect) : Killed
Executable shared library data (mprotect): Killed
Writable text segments : Killed
Anonymous mapping randomisation test : 18 bits (guessed)
Heap randomisation test (ET_EXEC) : 13 bits (guessed)
Heap randomisation test (PIE) : 24 bits (guessed)
Main executable randomisation (ET_EXEC) : No randomisation
Main executable randomisation (PIE) : 16 bits (guessed)
Shared library randomisation test : 18 bits (guessed)
Stack randomisation test (SEGMEXEC) : 24 bits (guessed)
Stack randomisation test (PAGEEXEC) : 24 bits (guessed)
Return to function (strcpy) : Vulnerable
Return to function (memcpy) : Killed
Return to function (strcpy, PIE) : Vulnerable
Return to function (memcpy, PIE) : Killed
I tried to compile a GRSEC/PAX kernel based on the following versions :
- Debian 6.0.3
- gcc 4.4.5
- kernel -2.6.38.7
- grsecurity-2.2.2-2.6.38.7-201105222331.patch
I succeed without any noticeable error when using the basic makefile.
The I added the : CFLAGS_KERNEL = -Wformat -Wformat-security -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2
To harden the kernel and get rid of the strcpy vulnerability reported by paxtest. (see at the end of the post). But I keep on getting a compilation error when LD is trying to link all this :
[...]
LD arch/x86/kernel/acpi/realmode/wakeup.elf
arch/x86/kernel/acpi/realmode/wakemain.o: In function `beep':
/data/kernel/linux-2.6.38.7/arch/x86/kernel/acpi/realmode/wakemain.c:32: undefined reference to `__stack_chk_fail'
arch/x86/kernel/acpi/realmode/wakemain.o: In function `main':
/data/kernel/linux-2.6.38.7/arch/x86/kernel/acpi/realmode/wakemain.c:81: undefined reference to `__stack_chk_fail'
arch/x86/kernel/acpi/realmode/video-mode.o: In function `probe_cards':
/data/kernel/linux-2.6.38.7/arch/x86/kernel/acpi/realmode/../../../boot/video-mode.c:51: undefined reference to `__stack_chk_fail'
arch/x86/kernel/acpi/realmode/video-mode.o: In function `mode_defined':
/data/kernel/linux-2.6.38.7/arch/x86/kernel/acpi/realmode/../../../boot/video-mode.c:69: undefined reference to `__stack_chk_fail'
arch/x86/kernel/acpi/realmode/video-mode.o: In function `set_mode':
/data/kernel/linux-2.6.38.7/arch/x86/kernel/acpi/realmode/../../../boot/video-mode.c:173: undefined reference to `__stack_chk_fail'
arch/x86/kernel/acpi/realmode/regs.o:/data/kernel/linux-2.6.38.7/arch/x86/kernel/acpi/realmode/../../../boot/regs.c:29: more undefined references to `__stack_chk_fail' follow
make[5]: *** [arch/x86/kernel/acpi/realmode/wakeup.elf] Error 1
make[4]: *** [arch/x86/kernel/acpi/realmode/wakeup.bin] Error 2
make[3]: *** [arch/x86/kernel/acpi] Error 2
make[2]: *** [arch/x86/kernel] Error 2
make[1]: *** [arch/x86] Error 2
It seems I'm doing something wrong there. I maybe lack the lib64ssp0 library but it's unfortunately not available on the debian squeeze anymore.
Any idea ? Di I made a mistake somewhere ?
(of course, if I get rid of -fstack-protector-all, everything compile just fine (and boot))
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable shared library bss : Killed
Executable shared library data : Killed
Executable anonymous mapping (mprotect) : Killed
Executable bss (mprotect) : Killed
Executable data (mprotect) : Killed
Executable heap (mprotect) : Killed
Executable stack (mprotect) : Killed
Executable shared library bss (mprotect) : Killed
Executable shared library data (mprotect): Killed
Writable text segments : Killed
Anonymous mapping randomisation test : 18 bits (guessed)
Heap randomisation test (ET_EXEC) : 13 bits (guessed)
Heap randomisation test (PIE) : 24 bits (guessed)
Main executable randomisation (ET_EXEC) : No randomisation
Main executable randomisation (PIE) : 16 bits (guessed)
Shared library randomisation test : 18 bits (guessed)
Stack randomisation test (SEGMEXEC) : 24 bits (guessed)
Stack randomisation test (PAGEEXEC) : 24 bits (guessed)
Return to function (strcpy) : Vulnerable
Return to function (memcpy) : Killed
Return to function (strcpy, PIE) : Vulnerable
Return to function (memcpy, PIE) : Killed
.