search

Perl / perl5

🐪 The Perl programming language
https://dev.perl.org/perl5/
Other
1.91k stars 542 forks source link

-fstack-protector enabled without any way to disable, even on platforms not supporting it #10857

Closed p5pRT closed 11 years ago

p5pRT commented 13 years ago

Migrated from rt.perl.org#79838 (status was 'resolved')

Searchable as RT79838$

p5pRT commented 13 years ago

From perlbug@plan9.de

Created by perlbug@plan9.de

beginning with 5.10.something\, perl enforces the use of -fstack-protector\, even when Configure was explicitly told the compiler flags\, and there is no way to switch it off.

unfortunately\, gcc supports this flag on most platforms\, even if the underlying support is missing. simple test programs (sucha s the one used by Configure) might pass\, but the generated programs might segfault or worse (for exmaple\, on uclibc systems\, all the cast to float tests segfault).

besides\, it would be nice not to enforce the use of certain compiler flags that are absoltuely unnecessary (perl works fine without -fstack-protector).

so... please please please make -fstack-protector configurable somehow\, better yet\, don't override user-specified flags and/or improve the tets for platform support.

thanks :)

Perl Info ``` Flags: category=core severity=wishlist Site configuration information for perl 5.12.2: Configured by Marc Lehmann at Mon Nov 22 07:24:35 CET 2010. Summary of my perl5 (revision 5 version 12 subversion 2) configuration: Platform: osname=linux, osvers=2.6.32-5-amd64, archname=x86_64-linux uname='linux cerebro 2.6.32-5-amd64 #1 smp fri sep 17 21:50:19 utc 2010 x86_64 gnulinux ' config_args='-Duselargefiles -Duse64bitint -Dusemymalloc=n -Dstatic_ext=Fcntl -Dcc=gcc -Dccflags=-ggdb -gdwarf-2 -g3 -Dcppflags=-DPERL_DISABLE_PMC -DPERL_ARENA_SIZE=1048576 -D_GNU_SOURCE -I/opt/include -Doptimize=-DPERL_DISABLE_PMC -DPERL_ARENA_SIZE=1048576 -D_GNU_SOURCE -I/opt/include -O6 -fno-strict-aliasing -Dcccdlflags=-fPIC -Dldflags=-L/opt/perl/lib -L/opt/lib -Dlibs=-ldl -lm -lcrypt -Dprefix=/opt/perl -Dprivlib=/opt/perl/lib/perl5 -Darchlib=/opt/perl/lib/perl5 -Dvendorprefix=/opt/perl -Dvendorlib=/opt/perl/lib/perl5 -Dvendorarch=/opt/perl/lib/perl5 -Dsiteprefix=/opt/perl -Dsitelib=/opt/perl/lib/perl5 -Dsitearch=/opt/perl/lib/perl5 -Dsitebin=/opt/perl/bin -Dman1dir=/opt/perl/man/man1 -Dman3dir=/opt/perl/man/man3 -Dsiteman1dir=/opt/perl/man/man1 -Dsiteman3dir=/opt/perl/man/man3 -Dman1ext=1 -Dman3ext=3 -Dpager=/usr/bin/less -Uafs -Uusesfio -Uusenm -Uuseshrplib -Ud_dosuid -Dusethreads=undef -Duse5005threads=undef -Duseithreads=undef -Dusemultiplicity=undef -Demail=perl-binary@plan9.de -Dcf_email=perl-binary@plan9.de -Dcf_by=Marc Lehmann -Dlocincpth=/opt/perl/include /opt/include -Dmyhostname=localhost -Dmultiarch=undef -Dbin=/opt/perl/bin -Dxxxusedevel -DxxxDEBUGGING -Dxxxuse_debugging_perl -Dxxxuse_debugmalloc -dEs' hint=recommended, useposix=true, d_sigaction=define useithreads=undef, usemultiplicity=undef useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef use64bitint=define, use64bitall=define, uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='gcc', ccflags ='-ggdb -gdwarf-2 -g3 -fno-strict-aliasing -pipe -I/opt/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-DPERL_DISABLE_PMC -DPERL_ARENA_SIZE=1048576 -D_GNU_SOURCE -I/opt/include -O6 -fno-strict-aliasing', cppflags='-DPERL_DISABLE_PMC -DPERL_ARENA_SIZE=1048576 -D_GNU_SOURCE -I/opt/include -ggdb -gdwarf-2 -g3 -fno-strict-aliasing -pipe -I/opt/include' ccversion='', gccversion='4.4.5 20100728 (prerelease)', gccosandvers='' intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16 ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='gcc', ldflags ='-L/opt/perl/lib -L/opt/lib -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64 libs=-ldl -lm -lcrypt perllibs=-ldl -lm -lcrypt libc=/lib/libc-2.11.2.so, so=so, useshrplib=false, libperl=libperl.a gnulibc_version='2.11.2' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' cccdlflags='-fPIC', lddlflags='-shared -DPERL_DISABLE_PMC -DPERL_ARENA_SIZE=1048576 -D_GNU_SOURCE -I/opt/include -O6 -fno-strict-aliasing -L/opt/perl/lib -L/opt/lib -L/usr/local/lib' Locally applied patches: @INC for perl 5.12.2: /root/src/sex /opt/perl/lib/perl5 /opt/perl/lib/perl5 /opt/perl/lib/perl5 . Environment for perl 5.12.2: HOME=/root LANG (unset) LANGUAGE (unset) LC_CTYPE=en_US.UTF-8 LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/root/s2:/root/s:/opt/bin:/opt/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11/bin:/usr/games:/usr/local/bin:/usr/local/sbin:/root/pserv:. PERL5LIB=/root/src/sex PERL5_CPANPLUS_CONFIG=/root/.cpanplus/config PERLDB_OPTS=ornaments=0 PERL_ANYEVENT_DBI_TESTS=1 PERL_ANYEVENT_EDNS0=1 PERL_ANYEVENT_NET_TESTS=1 PERL_ANYEVENT_PROTOCOLS=ipv4,ipv6 PERL_ANYEVENT_STRICT=1 PERL_BADLANG (unset) PERL_UNICODE=E SHELL=/bin/bash ```
p5pRT commented 13 years ago

From @doughera88

On Fri\, 26 Nov 2010\, perlbug @​ plan9 . de wrote​:

# New Ticket Created by perlbug@​plan9.de # Please include the string​: [perl #79838] # in the subject line of all future correspondence about this issue. # \<URL​: http​://rt.perl.org/rt3/Ticket/Display.html?id=79838 >

beginning with 5.10.something\, perl enforces the use of -fstack-protector\, even when Configure was explicitly told the compiler flags\, and there is no way to switch it off.

I agree with your general premise that it should be possible to get Configure to do what you need it to do in order to build perl the way you want to build it.

I should point out\, however\, that while it isn't easy\, it is possible to turn it off by running Configure interactively and removing it when prompted.

unfortunately\, gcc supports this flag on most platforms\, even if the underlying support is missing. simple test programs (sucha s the one used by Configure) might pass\, but the generated programs might segfault or worse (for exmaple\, on uclibc systems\, all the cast to float tests segfault).

I wasn't aware that gcc might be misleading us this way. If you could supply us with a better test program\, that would be very helpful.

besides\, it would be nice not to enforce the use of certain compiler flags that are absoltuely unnecessary (perl works fine without -fstack-protector).

so... please please please make -fstack-protector configurable somehow\, better yet\, don't override user-specified flags and/or improve the tets for platform support.

Unfortunately\, other users do rely on us supplementing the user-specified C flags\, so I don't think we can win there no matter what we do. There might be some clever approach\, but it's not occurring to me at the moment.

Meanwhile\, yes\, an improved test program would likely be a very good idea.

--   Andy Dougherty doughera@​lafayette.edu

p5pRT commented 13 years ago

The RT System itself - Status changed from 'new' to 'open'

p5pRT commented 13 years ago

From @tux

On Sun\, 28 Nov 2010 14​:27​:51 -0500 (EST)\, Andy Dougherty \doughera@&#8203;lafayette\.edu wrote​:

so... please please please make -fstack-protector configurable somehow\, better yet\, don't override user-specified flags and/or improve the tets for platform support.

Unfortunately\, other users do rely on us supplementing the user-specified C flags\, so I don't think we can win there no matter what we do. There might be some clever approach\, but it's not occurring to me at the moment.

-Ucflags/-ffnork\,-DFROUBLE

/could/ be a way to go specify what CFLAGS/LDFLAGS/... should be filtered out before the final decision. Just a brainstorm idea

Meanwhile\, yes\, an improved test program would likely be a very good idea.

Absolutely

-- H.Merijn Brand http​://tux.nl Perl Monger http​://amsterdam.pm.org/ using 5.00307 through 5.12 and porting perl5.13.x on HP-UX 10.20\, 11.00\, 11.11\, 11.23 and 11.31\, OpenSuSE 10.1\, 11.0 .. 11.3 and AIX 5.2 and 5.3. http​://mirrors.develooper.com/hpux/ http​://www.test-smoke.org/ http​://qa.perl.org http​://www.goldmark.org/jeff/stupid-disclaimers/

p5pRT commented 13 years ago

From @ikegami

On Sun\, Nov 28\, 2010 at 2​:27 PM\, Andy Dougherty \doughera@&#8203;lafayette\.eduwrote​:

On Fri\, 26 Nov 2010\, perlbug @​ plan9 . de wrote​:> so... please please please make -fstack-protector configurable somehow\,

better yet\, don't override user-specified flags and/or improve the tets for platform support.

Unfortunately\, other users do rely on us supplementing the user-specified C flags\, so I don't think we can win there no matter what we do. There might be some clever approach\, but it's not occurring to me at the moment.

If Perl only supplements\, then -fno-stack-protector should work\, right? Does it?

p5pRT commented 13 years ago

From @doughera88

On Mon\, 29 Nov 2010\, Eric Brine wrote​:

  On Fri\, 26 Nov 2010\, perlbug @&#8203; plan9 \. de wrote&#8203;:> so\.\.\. please
  please please make \-fstack\-protector configurable somehow\,
  > better yet\, don't override user\-specified flags and/or improve
  the tets
  > for platform support\.

If Perl only supplements\, then -fno-stack-protector should work\, right? Does it?

Yes\, good call. Configure even actually already contains code to explicitly deal with this situation. (Thanks\, Nicholas!) Explicitly adding -fno-stack-protector to ccflags will cause Configure to not add -fstack-protector. This will fix the immediate problem.

Still\, I agree that a test file that made this happen automatically would be even better. I just don't know what such a test might look like.

--   Andy Dougherty doughera@​lafayette.edu

p5pRT commented 13 years ago

From @rurban

Andy Dougherty schrieb​:

On Mon\, 29 Nov 2010\, Eric Brine wrote​:

   On Fri\, 26 Nov 2010\, perlbug @&#8203; plan9 \. de wrote&#8203;:>  so\.\.\. please
   please please make \-fstack\-protector configurable somehow\,
   >  better yet\, don't override user\-specified flags and/or improve
   the tets
   >  for platform support\.

If Perl only supplements\, then -fno-stack-protector should work\, right? Does it?

Yes\, good call. Configure even actually already contains code to explicitly deal with this situation. (Thanks\, Nicholas!) Explicitly adding -fno-stack-protector to ccflags will cause Configure to not add -fstack-protector. This will fix the immediate problem.

Still\, I agree that a test file that made this happen automatically would be even better. I just don't know what such a test might look like.

And just to add to the mix​: Using -fstack-protector twice\, because it's in CCFLAGS and LDFLAGS\, because we call the compiler and linker seperately sometimes (GNUMakefile vs. ExtUtils​::Embed)\, will cause a gcc crash.

So if I fold the compiler and linker flags together with the typical compile+link command\, I explicitly have to remove -fstack-protector from LDFLAGS; in B​::C cc_harness.

$ perl -V​:ccflags -V​:ldflags ccflags='-DPERL_USE_SAFE_PUTENV -U__STRICT_ANSI__ -g3 -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'; ldflags=' -Wl\,--enable-auto-import -Wl\,--export-all-symbols -Wl\,--enable-auto-image-base -fstack-protector -L/usr/local/lib';

-- Reini Urban http​://phpwiki.org/ http​://murbreak.at/

p5pRT commented 13 years ago

From schmorp@schmorp.de

On Sun\, Nov 28\, 2010 at 02​:27​:51PM -0500\, Andy Dougherty \doughera@&#8203;lafayette\.edu wrote​:

beginning with 5.10.something\, perl enforces the use of -fstack-protector\, even when Configure was explicitly told the compiler flags\, and there is no way to switch it off.

I agree with your general premise that it should be possible to get Configure to do what you need it to do in order to build perl the way you want to build it.

just saw your reply by accident (I wasn't included in your reply's address).

I should point out\, however\, that while it isn't easy\, it is possible to turn it off by running Configure interactively and removing it when prompted.

Yeah\, or by perl -pi -e 's/...' Configure\, which is wat I am doing now.

I wasn't aware that gcc might be misleading us this way. If you could supply us with a better test program\, that would be very helpful.

Presumably\, you would just need to run the program and if it crashes\, assume -fstack-protector doesn't quite work.

so... please please please make -fstack-protector configurable somehow\, better yet\, don't override user-specified flags and/or improve the tets for platform support.

Unfortunately\, other users do rely on us supplementing the user-specified C flags\,

I primarily asked for a way to disable -fstack-protector. Somehow.

So\, which other users rely on your enforcing -fstack-protector? Is there really any platform that needs that flag? I doubt that\, so that argument simply doesn't apply.

--   The choice of a Deliantra\, the free code+content MORPG   -----==- _GNU_ http​://www.deliantra.net   ----==-- _ generation   ---==---(_)__ __ ____ __ Marc Lehmann   --==---/ / _ \/ // /\ \/ / schmorp@​schmorp.de   -=====/_/_//_/\_\,_/ /_/\_\

p5pRT commented 11 years ago

From @tonycoz

Sorry for the long delayed response.

On Fri Dec 10 19​:07​:02 2010\, schmorp@​schmorp.de wrote​:

On Sun\, Nov 28\, 2010 at 02​:27​:51PM -0500\, Andy Dougherty \doughera@&#8203;lafayette\.edu wrote​:

beginning with 5.10.something\, perl enforces the use of -fstack-protector\, even when Configure was explicitly told the compiler flags\, and there is no way to switch it off.

I agree with your general premise that it should be possible to get Configure to do what you need it to do in order to build perl the way you want to build it.

just saw your reply by accident (I wasn't included in your reply's address).

I should point out\, however\, that while it isn't easy\, it is possible to turn it off by running Configure interactively and removing it when prompted.

Yeah\, or by perl -pi -e 's/...' Configure\, which is wat I am doing now.

I wasn't aware that gcc might be misleading us this way. If you could supply us with a better test program\, that would be very helpful.

Presumably\, you would just need to run the program and if it crashes\, assume -fstack-protector doesn't quite work.

The test does run the compiled program\, the check uses the checkccflag definition\, which does​:

echo "int main(void) { return 0; }" > gcctest.c; if $cc -O2 $flag -o gcctest gcctest.c 2>gcctest.out && ./gcctest; then

So the only solution is a better test program\, which you'll need to supply since you're the one who sees the problem.

so... please please please make -fstack-protector configurable somehow\, better yet\, don't override user-specified flags and/or improve the tets for platform support.

Unfortunately\, other users do rely on us supplementing the user- specified C flags\,

I primarily asked for a way to disable -fstack-protector. Somehow.

As mentioned by Eric and confirmed by Andy\, adding -fno-stack-protector will disable -fstack-protector\, for example I did​:

  ./Configure -des -Dusedevel -Accflags=-fno-stack-protector

and no -fstack-protector flag was added by Configure.

So\, which other users rely on your enforcing -fstack-protector? Is there really any platform that needs that flag? I doubt that\, so that argument simply doesn't apply.

-fstack-protector is a security hardening tool.

Is it necessary? It probably depends on how you're using perl.

Are you able to provide a test program for Configure that can be used to test for -fstack-protector?

Tony

p5pRT commented 11 years ago

From schmorp@schmorp.de

On Tue\, Sep 03\, 2013 at 09​:34​:20PM -0700\, Tony Cook via RT \perlbug\-followup@&#8203;perl\.org wrote​:

Presumably\, you would just need to run the program and if it crashes\, assume -fstack-protector doesn't quite work.

The test does run the compiled program\, the check uses the checkccflag definition\, which does​:

Since the compiled tets program did crash\, I presume it's new that the tets program is atcually being executed\, which should fix it.

As mentioned by Eric and confirmed by Andy\, adding -fno-stack-protector will disable -fstack-protector\, for example I did​:

That also didn't work (configure always added -fstack-protector after it)\, so if that is fixed\, that's all I need.

Is it necessary? It probably depends on how you're using perl.

Indeed\, which is why Configfure shouldn't force it's use it. If it no longer does\, that's fine. I don't think Configure needs to perfectly support any exotic platform.

Are you able to provide a test program for Configure that can be used to test for -fstack-protector?

The test program did crash when I ran it manually\, so that wasn't the problem. Either it wasn't run back then\, or it was run differently\, or the fact that it crashed didn't register enough.

--   The choice of a Deliantra\, the free code+content MORPG   -----==- _GNU_ http​://www.deliantra.net   ----==-- _ generation   ---==---(_)__ __ ____ __ Marc Lehmann   --==---/ / _ \/ // /\ \/ / schmorp@​schmorp.de   -=====/_/_//_/\_\,_/ /_/\_\

p5pRT commented 11 years ago

From @tonycoz

On Tue Sep 03 23​:12​:12 2013\, schmorp@​schmorp.de wrote​:

On Tue\, Sep 03\, 2013 at 09​:34​:20PM -0700\, Tony Cook via RT \<perlbug- followup@​perl.org> wrote​:

Presumably\, you would just need to run the program and if it crashes\, assume -fstack-protector doesn't quite work.

The test does run the compiled program\, the check uses the checkccflag definition\, which does​:

Since the compiled tets program did crash\, I presume it's new that the tets program is atcually being executed\, which should fix it.

Configure has been executing the test program it created since before 5.12 (which you reported this ticket against.)

But if you're happy with the current behaviour\, I'm happy to close the ticket.

Tony

p5pRT commented 11 years ago

From @tonycoz

On Wed Sep 04 22​:31​:24 2013\, tonyc wrote​:

Configure has been executing the test program it created since before 5.12 (which you reported this ticket against.)

But if you're happy with the current behaviour\, I'm happy to close the ticket.

And so closing it.

Tony

p5pRT commented 11 years ago

@tonycoz - Status changed from 'open' to 'resolved'