search

cachix / devenv

Fast, Declarative, Reproducible, and Composable Developer Environments
https://devenv.sh
Apache License 2.0
4.42k stars 331 forks source link

When using gcc cannot use -fno-stack-protector even though im passing the flag #1403

Open ese-pedro-loko opened 2 months ago

ese-pedro-loko commented 2 months ago

Describe the bug Title

SOrry dont have time for more information, its just what the title says. Get gcc from nix. Try to compile w -fno-stack-protector has no effect? Its maybe the nix store gcc wrapper?

mustafasegf commented 2 months ago

maybe related to this? https://github.com/NixOS/nixpkgs/issues/18995

mustafasegf commented 2 months ago

Ok so this is my output when running gcc with NIX_DEBUG=1

NIX_DEBUG=1 gcc
HARDENING: disabled flags: pie stackclashprotection fortify trivialautovarinit
HARDENING: Is active (not completely disabled with "all" flag)
HARDENING: enabling pic
HARDENING: enabling fortify3
HARDENING: enabling format
HARDENING: enabling zerocallusedregs
HARDENING: enabling stackprotector
HARDENING: enabling strictoverflow
extra flags before to /nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/bin/gcc:
  -fPIC
  -O2
  -U_FORTIFY_SOURCE
  -Wformat
  -Wformat-security
  -Werror=format-security
  -fzero-call-used-regs=used-gpr
  -fstack-protector-strong
  --param
  ssp-buffer-size=4
  -fno-strict-overflow
original flags to /nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/bin/gcc:
  ''
extra flags after to /nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/bin/gcc:
  -U_FORTIFY_SOURCE
  -D_FORTIFY_SOURCE=3
  -B/nix/store/0wydilnf1c9vznywsvxqnaing4wraaxp-glibc-2.39-52/lib/
  -idirafter
  /nix/store/1vp54ln0frvhzgasr2a377mfbwvqdm6i-glibc-2.39-52-dev/include
  -idirafter
  /nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/lib/gcc/x86_64-unknown-linux-gnu/13.3.0/include-fixed
  -B/nix/store/kgmfgzb90h658xg0i7mxh9wgyx0nrqac-gcc-13.3.0-lib/lib
  -B/nix/store/62zpnw69ylcfhcpy1di8152zlzmbls91-gcc-wrapper-13.3.0/bin/
  -frandom-seed=mz5slkrbm0
  -isystem
  /nix/store/8gr5ybhmdkafii5idcg57p66nk1qd6sf-postgresql-15.7/include
  -isystem
  /nix/store/3ssglpx5xilkrmkhyl4bg0501wshmsgv-gnumake-4.4.1/include
  -isystem
  /nix/store/3w65f90aqzb03ldsyjdp4hbxvgbcqz5l-gdb-15.1/include
  -isystem
  /nix/store/vmkz2plcbvmikjxlpjklh77w5ygy4aw3-valgrind-3.23.0-dev/include
  -isystem
  /nix/store/8gr5ybhmdkafii5idcg57p66nk1qd6sf-postgresql-15.7/include
  -isystem
  /nix/store/3ssglpx5xilkrmkhyl4bg0501wshmsgv-gnumake-4.4.1/include
  -isystem
  /nix/store/3w65f90aqzb03ldsyjdp4hbxvgbcqz5l-gdb-15.1/include
  -isystem
  /nix/store/vmkz2plcbvmikjxlpjklh77w5ygy4aw3-valgrind-3.23.0-dev/include
gcc: fatal error: no input files
compilation terminated.

then I add env.hardeningDisable = ["all"]; to my devenv.nix file. This the debug result

NIX_DEBUG=1 gcc
HARDENING: disabled flags: pie pic stackclashprotection fortify3 format zerocallusedregs stackprotector fortify strictoverflow trivialautovarinit
extra flags before to /nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/bin/gcc:
  ''
original flags to /nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/bin/gcc:
  ''
extra flags after to /nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/bin/gcc:
  -B/nix/store/0wydilnf1c9vznywsvxqnaing4wraaxp-glibc-2.39-52/lib/
  -idirafter
  /nix/store/1vp54ln0frvhzgasr2a377mfbwvqdm6i-glibc-2.39-52-dev/include
  -idirafter
  /nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/lib/gcc/x86_64-unknown-linux-gnu/13.3.0/include-fixed
  -B/nix/store/kgmfgzb90h658xg0i7mxh9wgyx0nrqac-gcc-13.3.0-lib/lib
  -B/nix/store/62zpnw69ylcfhcpy1di8152zlzmbls91-gcc-wrapper-13.3.0/bin/
  -frandom-seed=c6g8vvka1j
  -isystem
  /nix/store/8gr5ybhmdkafii5idcg57p66nk1qd6sf-postgresql-15.7/include
  -isystem
  /nix/store/3ssglpx5xilkrmkhyl4bg0501wshmsgv-gnumake-4.4.1/include
  -isystem
  /nix/store/3w65f90aqzb03ldsyjdp4hbxvgbcqz5l-gdb-15.1/include
  -isystem
  /nix/store/vmkz2plcbvmikjxlpjklh77w5ygy4aw3-valgrind-3.23.0-dev/include
  -isystem
  /nix/store/8gr5ybhmdkafii5idcg57p66nk1qd6sf-postgresql-15.7/include
  -isystem
  /nix/store/3ssglpx5xilkrmkhyl4bg0501wshmsgv-gnumake-4.4.1/include
  -isystem
  /nix/store/3w65f90aqzb03ldsyjdp4hbxvgbcqz5l-gdb-15.1/include
  -isystem
  /nix/store/vmkz2plcbvmikjxlpjklh77w5ygy4aw3-valgrind-3.23.0-dev/include
gcc: fatal error: no input files
compilation terminated.

soo using env.hardeningDisable = ["all"]; should fix your problem