Balazs Scheidler <bazsi@balabit.hu> writes:
On Sat, 2011-11-12 at 14:27 +0100, Gergely Nagy wrote:
When both glib and syslog-ng is built with hardening options enabled, overwriting a string pointer with a FALSE boolean does not have the expected results: the string will not become NULL.
Hmm... what kind of hardening options are these? I haven't heard about them yet.
FALSE is not a numeric zero? That'll probably break other assumptions in syslog-ng, not just this one.
It is a numeric zero. It probably has to do with trying to shovel an integer into a gpointer, and one of the hardening flags being to clever and doing something silly.
Can you point me in the right direction?
As far as I see, these are: CFLAGS: -fPIE -fstack-protector -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security LDFLAGS: -pie -Wl,-z,relro -Wl,-z,now I'm not exactly sure which one is the problem (I'm not 100% sold that this is the cause, either). But on Ubuntu Lucid, compiling a syslog-ng with -fstack-protector -D_FORTIFY_SOURCE=2 does seem to trigger the issue with --no-caps. However, doing the same on Debian sid does not. So it might be something in ubuntu's glib.. I wasn't able to get much further than that, unfortunately. -- |8]