[Dovecot] [Blasphemy] Can I build dovecot with "-fstack-protector"?
I tried building dovecot using :
CPPFLAGS="-fstack-protector" LDFLAGS="-lssp" ./configure
That would result in a proper build, yet the binary would complain once being run:
dlopen(/usr/local/lib/dovecot/imap/lib10_quota_plugin.so) failed: /usr/local/lib/dovecot/imap/lib10_quota_plugin.so: undefined symbol: __stack_chk_fail_local Error: imap dump-capability process returned 89
and the like. So: Is it possible at all?
And sorry for the blasphemy of daring to ask this in the first place :)
-- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) plonk@charite.de Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de First Law of System Requirements: "Anything is possible if you don't know what you're talking about..."
On Wed, 2007-05-16 at 22:47 +0200, Ralf Hildebrandt wrote:
I tried building dovecot using :
CPPFLAGS="-fstack-protector" LDFLAGS="-lssp" ./configure
That would result in a proper build, yet the binary would complain once being run:
dlopen(/usr/local/lib/dovecot/imap/lib10_quota_plugin.so) failed: /usr/local/lib/dovecot/imap/lib10_quota_plugin.so: undefined symbol: __stack_chk_fail_local
Are you sure the imap binary is linked with -lssl? I've never used -fstack-protector, but I think that symbol should exist in the libssl library.
If you disable quota plugin, I guess it works then.
On Thu, 2007-05-17 at 00:03 +0300, Timo Sirainen wrote:
On Wed, 2007-05-16 at 22:47 +0200, Ralf Hildebrandt wrote:
I tried building dovecot using :
CPPFLAGS="-fstack-protector" LDFLAGS="-lssp" ./configure
That would result in a proper build, yet the binary would complain once being run:
dlopen(/usr/local/lib/dovecot/imap/lib10_quota_plugin.so) failed: /usr/local/lib/dovecot/imap/lib10_quota_plugin.so: undefined symbol: __stack_chk_fail_local
Are you sure the imap binary is linked with -lssl? I've never used -fstack-protector, but I think that symbol should exist in the libssl library.
Uh, libssp. Why did it type it wrong two times..
- Timo Sirainen tss@iki.fi:
CPPFLAGS="-fstack-protector" LDFLAGS="-lssp" ./configure
That would result in a proper build, yet the binary would complain once being run:
dlopen(/usr/local/lib/dovecot/imap/lib10_quota_plugin.so) failed: /usr/local/lib/dovecot/imap/lib10_quota_plugin.so: undefined symbol: __stack_chk_fail_local
Are you sure the imap binary is linked with -lssl? I've never used -fstack-protector, but I think that symbol should exist in the libssl library.
Uh, libssp. Why did it type it wrong two times..
So, have you tried that?
-- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) plonk@charite.de Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de Yes, it's quite a radical idea to handle mail with a mail handling protocol. -- Wietse Venema
Ralf Hildebrandt wrote:
I tried building dovecot using :
CPPFLAGS="-fstack-protector" LDFLAGS="-lssp" ./configure
That would result in a proper build, yet the binary would complain once being run:
dlopen(/usr/local/lib/dovecot/imap/lib10_quota_plugin.so) failed: /usr/local/lib/dovecot/imap/lib10_quota_plugin.so: undefined symbol: __stack_chk_fail_local Error: imap dump-capability process returned 89
and the like. So: Is it possible at all?
All SuSE Linux binaries starting with v10.0 are built with
-fstack-protector and works as expected.
v1.0 successful build and source rpm available at http://software.opensuse.org/download/server:/mail/openSUSE_10.2/
For my own builds I also always successfully used -fstack-protector.
Uldis
- Uldis Pakuls neko@it4u.lv:
All SuSE Linux binaries starting with v10.0 are built with
-fstack-protector and works as expected.
I had a look at the spec file and found they simply use
export CFLAGS="$CFLAGS -fstack-protector"I tried that -- and it builds -- yet the quota plugin still reports:
May 20 14:30:32 postamt dovecot: imap-login: Login: user=<loginname>, method=PLAIN, rip=141.42.4.251, lip=141.42.4.250 May 20 14:30:32 postamt dovecot: IMAP(loginname): dlopen(/usr/local/lib/dovecot/imap/lib10_quota_plugin.so) failed: /usr/local/lib/dovecot/imap/lib10_quota_plugin.so: undefined symbol: __stack_chk_fail_local May 20 14:30:32 postamt dovecot: child 21292 (imap) returned error 89
-- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) plonk@charite.de Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de There are no viruses. It's antibodies against people too stupid to survive on the Internet.
Ralf Hildebrandt wrote:
- Uldis Pakuls neko@it4u.lv:
All SuSE Linux binaries starting with v10.0 are built with
-fstack-protector and works as expected.
I had a look at the spec file and found they simply use
export CFLAGS="$CFLAGS -fstack-protector"I tried that -- and it builds -- yet the quota plugin still reports:
May 20 14:30:32 postamt dovecot: imap-login: Login: user=<loginname>, method=PLAIN, rip=141.42.4.251, lip=141.42.4.250
Make sure you have a recent version of GCC and *binutils*. It seems linker is broken.
Uldis
- Uldis Pakuls neko@it4u.lv:
I tried that -- and it builds -- yet the quota plugin still reports:
May 20 14:30:32 postamt dovecot: imap-login: Login: user=<loginname>, method=PLAIN, rip=141.42.4.251, lip=141.42.4.250
Make sure you have a recent version of GCC and *binutils*. It seems linker is broken.
That's not the case. It's all from debian testing and Postfix builds perfectly with -fstack-protector.
-- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) plonk@charite.de Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de You can lead an idiot to knowledge but you cannot make him think. You can, however, rectally insert the information, printed on stone tablets, using a sharpened poker.
- Ralf Hildebrandt Ralf.Hildebrandt@charite.de:
That's not the case. It's all from debian testing and Postfix builds perfectly with -fstack-protector.
And it runs, too...
-- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) plonk@charite.de Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de
On Sun, 2007-05-20 at 18:55 +0200, Ralf Hildebrandt wrote:
- Uldis Pakuls neko@it4u.lv:
I tried that -- and it builds -- yet the quota plugin still reports:
May 20 14:30:32 postamt dovecot: imap-login: Login: user=<loginname>, method=PLAIN, rip=141.42.4.251, lip=141.42.4.250
Make sure you have a recent version of GCC and *binutils*. It seems linker is broken.
That's not the case. It's all from debian testing and Postfix builds perfectly with -fstack-protector.
But do you use any dynamically loadable modules with Postfix?
You said that Dovecot works too as long as you're not using plugins..
- Timo Sirainen tss@iki.fi:
But do you use any dynamically loadable modules with Postfix?
EXCELLENT point there. No :)
You said that Dovecot works too as long as you're not using plugins.. Yes.
-- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) plonk@charite.de Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de Vampireware /n/, a project, capable of sucking the lifeblood out of anyone unfortunate enough to be assigned to it, which never actually sees the light of day, but nonetheless refuses to die.
On Sun, 2007-05-20 at 18:55 +0200, Ralf Hildebrandt wrote:
That's not the case. It's all from debian testing and Postfix builds perfectly with -fstack-protector.
Just tried myself with Debian unstable and it worked fine, quota plugin as well:
EXTRA_CFLAGS=-fstack-protector ./configure --with-ioloop=epoll --enable-maintainer-mode --enable-debug
Package: gcc Version: 4:4.1.2-2
Package: binutils Version: 2.17cvs20070426-6
I tried also with gcc 4.2-20070516-1 and again it worked.
- Timo Sirainen tss@iki.fi:
On Sun, 2007-05-20 at 18:55 +0200, Ralf Hildebrandt wrote:
That's not the case. It's all from debian testing and Postfix builds perfectly with -fstack-protector.
Just tried myself with Debian unstable and it worked fine, quota plugin as well:
EXTRA_CFLAGS=-fstack-protector ./configure --with-ioloop=epoll --enable-maintainer-mode --enable-debug
Haven't tried EXTRA_CFLAGS. I'll try that tomorrow.
Package: gcc Version: 4:4.1.2-2
Package: binutils Version: 2.17cvs20070426-6
ii binutils 2.17-3 The GNU assembler, linker and binary utilities ii gcc 4.1.1-15 The GNU C compiler
Hmm. <UPDATE TIME AGAIN>
# apt-get -t testing install binutils gcc-4.1 Reading package lists... Done Building dependency tree... Done binutils is already the newest version. gcc-4.1 is already the newest version.
Ah, you're running unstable!
# apt-get -t unstable install binutils gcc-4.1 installs just the package version you'Re mentioning.
-- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) plonk@charite.de Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de "C makes it easy to shoot yourself in the foot. C++ makes it harder, but when you do, it blows away your whole leg." -- Bjarne Stroustrup
Ralf Hildebrandt wrote:
- Timo Sirainen tss@iki.fi:
On Sun, 2007-05-20 at 18:55 +0200, Ralf Hildebrandt wrote:
That's not the case. It's all from debian testing and Postfix builds perfectly with -fstack-protector.
Just tried myself with Debian unstable and it worked fine, quota plugin as well:
EXTRA_CFLAGS=-fstack-protector ./configure --with-ioloop=epoll --enable-maintainer-mode --enable-debug
Haven't tried EXTRA_CFLAGS. I'll try that tomorrow.
Package: gcc Version: 4:4.1.2-2
Package: binutils Version: 2.17cvs20070426-6
ii binutils 2.17-3 The GNU assembler, linker and binary utilities ii gcc 4.1.1-15 The GNU C compiler
In Debian bug reports I found following post (15/04/2007): "-fstack-protector works fine with glibc 2.5, or with '-lssp' if ssp support is /not/ included in libc. Debian 4.0 is currently broken in this way (as of libc6 2.3.6.ds1-13), so it would be nice to have a configure test to work around an affected libc."
- Uldis Pakuls neko@it4u.lv:
In Debian bug reports I found following post (15/04/2007): "-fstack-protector works fine with glibc 2.5, or with '-lssp' if ssp support is /not/ included in libc. Debian 4.0 is currently broken in this way (as of libc6 2.3.6.ds1-13), so it would be nice to have a configure test to work around an affected libc."
Argh. It works now.
-- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) plonk@charite.de Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de If your mission to another star *depends* on every single piece of complex equipment staying up with zero reboots for 200+ years, you have some serious technology problems. -- Linus Torvalds
participants (3)
-
Ralf Hildebrandt
-
Timo Sirainen
-
Uldis Pakuls