[syslog-ng] [PATCH] gprocess: Fix --no-caps handling when building with hardening options.
Gergely Nagy
algernon at balabit.hu
Sat Nov 12 21:03:32 CET 2011
Balazs Scheidler <bazsi at balabit.hu> writes:
> On Sat, 2011-11-12 at 14:27 +0100, Gergely Nagy wrote:
>> When both glib and syslog-ng is built with hardening options enabled,
>> overwriting a string pointer with a FALSE boolean does not have the
>> expected results: the string will not become NULL.
>
> Hmm... what kind of hardening options are these? I haven't heard about
> them yet.
>
> FALSE is not a numeric zero? That'll probably break other assumptions in
> syslog-ng, not just this one.
It is a numeric zero. It probably has to do with trying to shovel an
integer into a gpointer, and one of the hardening flags being to clever
and doing something silly.
> Can you point me in the right direction?
As far as I see, these are:
CFLAGS: -fPIE -fstack-protector -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security
LDFLAGS: -pie -Wl,-z,relro -Wl,-z,now
I'm not exactly sure which one is the problem (I'm not 100% sold that
this is the cause, either). But on Ubuntu Lucid, compiling a syslog-ng
with -fstack-protector -D_FORTIFY_SOURCE=2 does seem to trigger the
issue with --no-caps. However, doing the same on Debian sid does not. So
it might be something in ubuntu's glib..
I wasn't able to get much further than that, unfortunately.
--
|8]
More information about the syslog-ng
mailing list