build fails with debian-package "hardening-wrapper" installed

aldorlang / aldor

The Aldor Programming Language

http://pippijn.github.io/aldor/

33 stars 11 forks source link

build fails with debian-package "hardening-wrapper" installed #8

Open edi-meier opened 11 years ago

edi-meier commented 11 years ago

Hello,

on debian testing build fails with "hardening-wrapper" installed: Storage allocation error (can't build internal structure)

$ time make V=1 &> make.log ; echo $?

real 5m56.151s user 5m26.020s sys 0m20.056s 2 $

With "hardening-wrapper" these flags will be used: gcc/g++ -Wformat -Wformat-security -Werror=format-security gcc/g++ -D_FORTIFY_SOURCE=2 gcc/g++ -fstack-protector --param ssp-buffer-size=4 gcc/g++ -fPIE -pie (c. f., http://wiki.debian.org/Hardening)

Regards, Edi

pippijn commented 11 years ago

I can reproduce this.

export DEB_BUILD_HARDENING=1
./configure
make

  ALDOR  lang.ao
#1 (Fatal Error) Storage allocation error (out of memory).

Sometimes I also get "can't build internal structure". If I run make several times, it sometimes gets some files compiled, so the error only happens most of the time.

pippijn commented 11 years ago

A workaround for this would be: not using the Aldor GC. Instead, configure with the --with-boehm-gc flag. You will need libgc installed.

By the way, this bug never happens to me when I disable ASLR.

edi-meier commented 11 years ago

Sadly, not only at "buildtime" (of aldor), also at "runtime" it does not work together with "hardening-wrapper":

$ aldor -laldor -Fx hello.as /usr/bin/ld.bfd.real: /home/edi/lib/libaldor.a(sal_char.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC

> By the way, this bug never happens to me when I disable ASLR. Tim Daly has a similar remark for (building) axiom. IMHO installing a package like "hardening-wrapper" is one thing, changing the default config of the kernel more people might not be amused. Not even speaking of people with hardening-kernel like grsecurity installed ;-)

pippijn commented 11 years ago

I can't reproduce this.

$ export DEB_BUILD_HARDENING=1
$ ./configure --with-boehm-gc
$ make; make install
$ export ALDORROOT=/usr/local
$ aldor -fx -laldor -cruntime=foam,gc aldorug/examples/sieve.as
$ ./sieve
There are 4 primes <= 10
There are 25 primes <= 100
There are 168 primes <= 1000
There are 1229 primes <= 10000
There are 9592 primes <= 100000
There are 78498 primes <= 1000000

edi-meier commented 11 years ago

Sorry, I wasn't clear: What I meant was that if you disable "hardening-wrapper" just during the compilation of aldor (only to get an aldor-executable) and re-enable hardening-wrapper right afterwards then this (non-boehm-gc-)aldor will not work. The error-message also indicates the workaround: "recompile with -fPIC".

So with "boehm-gc- & hardening-wrapper-enabled" during build-time of aldor it will work afterwards at runtime also, as your example shows which I also can confirm.

pippijn commented 11 years ago

That makes sense, because hardening-wrapper makes all binaries PIE (Position Independent Executables), so if you compile the libraries without that, then linking a PIE against non-PIC libraries will fail. This is not unique to Aldor.

The bug remains: Aldor GC does not work when compiled with hardening-wrapper.