0000064: ldd segfault when uclibc is build with security options enabled

BusyBox Bug and Patch Tracking

Viewing Issue Simple Details [ Jump to Notes ]

[ View Advanced ] [ Issue History ] [ Print ]

Category

Severity

Reproducibility

Date Submitted

Last Update

0000064

[buildroot] Security

crash

always

01-27-05 00:18

02-12-07 05:47

Reporter

babel

View Status

public

Assigned To

buildroot

Priority

normal

Resolution

fixed

Status

closed

Product Version

0.9.27

Summary

0000064: ldd segfault when uclibc is build with security options enabled

Description

I've used the attached dot-config files to build a complete buildroot with ldd. Enabling the security options in uClibc gives the result shown below. Just disabling the uClibc security options and rebuild result in a working ldd.

Additional Information

bin/sh-3.00$ strace -f ldd
execve("/usr/bin/ldd", ["ldd"], [/* 13 vars */]) = 0
old_mmap(NULL, 20, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40006000
readlink("/lib/ld-uClibc.so.0", "ld-uClibc-0.9.27.so", 1024) = 19
open("/lib/libgcc_s.so.1", O_RDONLY) = 3
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40007000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\224\24"..., 4096) = 4096
old_mmap(NULL, 24576, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40008000
old_mmap(0x40008000, 19084, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x40008000
old_mmap(0x4000d000, 3076, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x4000) = 0x4000d000
close(3) = 0
munmap(0x40007000, 4096) = 0
open("/lib/libc.so.0", O_RDONLY) = 3
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40007000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\263\0"..., 4096) = 4096
old_mmap(NULL, 217088, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4000e000
old_mmap(0x4000e000, 191188, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x4000e000
old_mmap(0x4003d000, 5016, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x2f000) = 0x4003d000
old_mmap(0x4003f000, 14008, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4003f000
close(3) = 0
munmap(0x40007000, 4096) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

Attached Files

dot-config.tar.bz2 [^] (2,698 bytes) 01-27-05 00:18

Relationships

Notes
(0000043) psm 02-06-05 11:20	I wonder why BUILD_SSP is selected, that is only allowed for specially patched gcc, that is not supported by buildroot (HAS_SSP maybe be left in) if you have patched your buildroot's gcc with the propolice patch, and enable HAS_SSP, you'll have 2 __guard/__stack_smash_handler, one living in libc the other in libgcc_s.so Currently the SSP/PROPOLICE options are only usable in gentoo distro

(0001004) prpplague 01-25-06 12:36	resolved in latest build

Issue History
Date Modified	Username	Field	Change
01-27-05 00:18	babel	New Issue
01-27-05 00:18	babel	File Added: dot-config.tar.bz2
01-27-05 00:18	babel	Issue Monitored: babel
02-06-05 11:20	psm	Note Added: 0000043
03-16-05 12:13	andersen	Status	new => assigned
03-16-05 12:13	andersen	Assigned To	=> uClibc
01-25-06 12:36	prpplague	Note Added: 0001004
01-25-06 12:36	prpplague	Status	assigned => resolved
01-25-06 12:36	prpplague	Resolution	open => fixed
03-08-06 16:52	vapier	Status	resolved => closed
02-12-07 05:47	vapier	Status	closed => assigned
02-12-07 05:47	vapier	Assigned To	uClibc => buildroot