grsecurity forums

[urug]

Hi!
Is it possible, to compile Debian Lenny version of binutils (binutils-2.18.1~cvs20080103) with PaX for binutils 2.18? I tried to do it now on my Lenny installed on qemu, but get this error:

Code: Select all

/bin/sh ./libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../bfd -I. -DTRAD_CORE    -I. -I../../bfd -I../../bfd/../include     -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Werror -g -O2 -c -o bfd.lo ../../bfd/bfd.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../bfd -I. -DTRAD_CORE -I. -I../../bfd -I../../bfd/../include -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Werror -g -O2 -c ../../bfd/bfd.c  -fPIC -DPIC -o .libs/bfd.o
as: symbol lookup error: /root/binutils/binutils-2.18/builddir-single/./opcodes/.libs/libopcodes-2.18.0.20080103.so: undefined symbol: buffer_read_memory
make[4]: *** [bfd.lo] Error 1
make[4]: Leaving directory `/root/binutils/binutils-2.18.1~cvs20080103/builddir-single/bfd'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `/root/binutils/binutils-2.18.1~cvs20080103/builddir-single/bfd'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/root/binutils/binutils-2.18.1~cvs20080103/builddir-single/bfd'
make[1]: *** [all-bfd] Error 2
make[1]: Leaving directory `/root/binutils/binutils-2.18.1~cvs20080103/builddir-single'
make: *** [all] Error 2


Without PaX, everything works fine.

[PaX Team]

Is it possible, to compile Debian Lenny version of binutils (binutils-2.18.1~cvs20080103) with PaX for binutils 2.18? I tried to do it now on my Lenny installed on qemu, but get this error:

my patches are against the original binutils, so if there's an error it must be due to other patches and you'll have to resolve them yourself i'm afraid (do you really need the debian patches btw?).

[urug]

I tried to create binutils package in 'debian way' (apt-get source, dpkg-buildpackage etc.), because it was the easiest solution.
In such situation, I will use binutils 2.19 . Thanks for reply.

[Oscon]

Hi!
Is it possible, to compile Debian Lenny version of binutils (binutils-2.18.1~cvs20080103) with PaX for binutils 2.18? I tried to do it now on my Lenny installed on qemu, but get this error:

I've got a binutils 2.18+debian+pax x86_32 package is here

"worksforme" built " in 'debian way" .

Code: Select all

root@osconsfortress:~# readelf -v
GNU readelf (GNU Binutils for Debian) 2.18.0.20080103
Copyright 2007 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) any later version.
This program has absolutely no warranty.
root@osconsfortress:~# readelf -e /usr/bin/x64 | grep PAX
  PAX_FLAGS      0x000000 0x00000000 0x00000000 0x00000 0x00000     0x4
root@osconsfortress:~# vdir /usr/bin/readelf
-rwxr-xr-x 1 root root 254976 2008 júl 17 /usr/bin/readelf
root@osconsfortress:~# paxctl -v /usr/bin/x64
PaX control v0.5
***Copyright 2004,2005,2006,2007 PaX Team <xxxxxxxx@xxxxxxxxxxxx.xxxxxxxxxxxxxx>***
- PaX flags: -----m-x-e-- [/usr/bin/x64]
        MPROTECT is disabled
        RANDEXEC is disabled
        EMUTRAMP is disabled


I don't remember, what was the "workaround" to compile.

***I deleted the email-address.

I use x64 with nvidia libGL* so mprotect is disabled on x64.

[urug]

Thanks, I'll look at this package later. I am new to PaX, and have some problems now

[urug]

I would like to ask a question about chpax/paxctl and binutils. As I understand, on newly created binary files with patched binutils I should use paxctl. But what with binaries from debian packages? Paxctl suggests to convert them (with -c ), but chpax works well with those files, without converting.

I am little lost ;]

[specs]

Patching the binutils just saves you some trouble for new files.
It also adds relro support, although Debian seems not the best start for a relro-compliant system to me (since you need to recompile lots).

[PaX Team]

I would like to ask a question about chpax/paxctl and binutils. As I understand, on newly created binary files with patched binutils I should use paxctl. But what with binaries from debian packages? Paxctl suggests to convert them (with -c ), but chpax works well with those files, without converting.

did you read the config help on PAX_EI_PAX/PAX_PT_PAX_FLAGS?