grsecurity forums

[Ghowe]

Hello. I got segfault compiling FileZilla from source on Slackware-current. I checked: there is no such problem with stock kernel without Grsecurity. I have 4.2.6 kernel with Free grsecurity patch. paxctl -cm for cc1plus doesn't help.

Code: Select all

Making all in .
make[1]: Entering directory '/tmp/SBo/filezilla-3.14.1'
make[1]: Nothing to be done for 'all-am'.
make[1]: Leaving directory '/tmp/SBo/filezilla-3.14.1'
Making all in src
make[1]: Entering directory '/tmp/SBo/filezilla-3.14.1/src'
Making all in include
make[2]: Entering directory '/tmp/SBo/filezilla-3.14.1/src/include'
make  all-am
make[3]: Entering directory '/tmp/SBo/filezilla-3.14.1/src/include'
make[3]: Leaving directory '/tmp/SBo/filezilla-3.14.1/src/include'
make[2]: Leaving directory '/tmp/SBo/filezilla-3.14.1/src/include'
Making all in engine
make[2]: Entering directory '/tmp/SBo/filezilla-3.14.1/src/engine'
if g++ -DHAVE_CONFIG_H -I. -I../../src/include  -I./../include -I/usr/include/p11-kit-1  -I/usr/lib/wx/include/gtk2-unicode-3.0 -I/usr/include/wx-3.0 -D_FILE_OFFSET_BITS=64 -DWXUSINGDLL -D__WXGTK__ -fpch-preprocess  -O2 -march=i686 -mtune=i686 -pipe -Wall -g -std=gnu++14 -MT filezilla.h.gch -MD -MP -MF ".deps/.Tpo" -c -o filezilla.h.gch filezilla.h; \
then mv -f ".deps/.Tpo" ".deps/.Po"; else rm -f ".deps/.Tpo"; exit 1; fi
make  all-am
make[3]: Entering directory '/tmp/SBo/filezilla-3.14.1/src/engine'
g++ -DHAVE_CONFIG_H -I. -I../../src/include  -I./../include -I/usr/include/p11-kit-1  -I/usr/lib/wx/include/gtk2-unicode-3.0 -I/usr/include/wx-3.0 -D_FILE_OFFSET_BITS=64 -DWXUSINGDLL -D__WXGTK__ -fpch-preprocess  -O2 -march=i686 -mtune=i686 -pipe -Wall -g -std=gnu++14 -MT libengine_a-backend.o -MD -MP -MF .deps/libengine_a-backend.Tpo -c -o libengine_a-backend.o `test -f 'backend.cpp' || echo './'`backend.cpp
g++ -DHAVE_CONFIG_H -I. -I../../src/include  -I./../include -I/usr/include/p11-kit-1  -I/usr/lib/wx/include/gtk2-unicode-3.0 -I/usr/include/wx-3.0 -D_FILE_OFFSET_BITS=64 -DWXUSINGDLL -D__WXGTK__ -fpch-preprocess  -O2 -march=i686 -mtune=i686 -pipe -Wall -g -std=gnu++14 -MT libengine_a-commands.o -MD -MP -MF .deps/libengine_a-commands.Tpo -c -o libengine_a-commands.o `test -f 'commands.cpp' || echo './'`commands.cpp
g++ -DHAVE_CONFIG_H -I. -I../../src/include  -I./../include -I/usr/include/p11-kit-1  -I/usr/lib/wx/include/gtk2-unicode-3.0 -I/usr/include/wx-3.0 -D_FILE_OFFSET_BITS=64 -DWXUSINGDLL -D__WXGTK__ -fpch-preprocess  -O2 -march=i686 -mtune=i686 -pipe -Wall -g -std=gnu++14 -MT libengine_a-ControlSocket.o -MD -MP -MF .deps/libengine_a-ControlSocket.Tpo -c -o libengine_a-ControlSocket.o `test -f 'ControlSocket.cpp' || echo './'`ControlSocket.cpp

g++: internal compiler error: Segmentation fault (program cc1plus)
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.
Makefile:590: recipe for target 'libengine_a-ControlSocket.o' failed
make[3]: *** [libengine_a-ControlSocket.o] Error 4
make[3]: *** Waiting for unfinished jobs....


g++: internal compiler error: Segmentation fault (program cc1plus)
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.
Makefile:562: recipe for target 'libengine_a-backend.o' failed
make[3]: *** [libengine_a-backend.o] Error 4
g++: internal compiler error: Segmentation fault (program cc1plus)
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.
Makefile:576: recipe for target 'libengine_a-commands.o' failed
make[3]: *** [libengine_a-commands.o] Error 4
make[3]: Leaving directory '/tmp/SBo/filezilla-3.14.1/src/engine'
Makefile:452: recipe for target 'all' failed
make[2]: *** [all] Error 2
make[2]: Leaving directory '/tmp/SBo/filezilla-3.14.1/src/engine'
Makefile:408: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/tmp/SBo/filezilla-3.14.1/src'
Makefile:592: recipe for target 'all-recursive' failed
make: *** [all-recursive] Error 1

Dmesg:

Code: Select all

[  210.706621] cc1plus[8173]: segfault at 9ad7eea8 ip 08c21d16 sp bde182f4 error 4 in cc1plus[8048000+1382000]
[  210.706649] grsec: Segmentation fault occurred at 9ad7eea8 in /usr/libexec/gcc/i586-slackware-linux/5.2.0/cc1plus[cc1plus:8173] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/g++-gcc-5.2.0[g++:8164] uid/euid:0/0 gid/egid:0/0
[  210.706670] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/libexec/gcc/i586-slackware-linux/5.2.0/cc1plus[cc1plus:8173] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/g++-gcc-5.2.0[g++:8164] uid/euid:0/0 gid/egid:0/0

[PaX Team]

assuming you have ASLR enabled in the kernel, try to disable it on the gcc binaries as i think it's due to the way gcc implements PCH.

[Ghowe]

assuming you have ASLR enabled in the kernel, try to disable it on the gcc binaries as i think it's due to the way gcc implements PCH.

Thanks. This solved the problem.

Code: Select all

paxctl -r /usr/libexec/gcc/i586-slackware-linux/5.2.0/cc1plus