[syslog-ng] [PATCH] gprocess: Fix --no-caps handling when building with hardening options.
Balazs Scheidler
bazsi at balabit.hu
Sun Nov 13 13:13:48 CET 2011
On Sat, 2011-11-12 at 21:03 +0100, Gergely Nagy wrote:
> Balazs Scheidler <bazsi at balabit.hu> writes:
>
> > On Sat, 2011-11-12 at 14:27 +0100, Gergely Nagy wrote:
> >> When both glib and syslog-ng is built with hardening options enabled,
> >> overwriting a string pointer with a FALSE boolean does not have the
> >> expected results: the string will not become NULL.
> >
> > Hmm... what kind of hardening options are these? I haven't heard about
> > them yet.
> >
> > FALSE is not a numeric zero? That'll probably break other assumptions in
> > syslog-ng, not just this one.
>
> It is a numeric zero. It probably has to do with trying to shovel an
> integer into a gpointer, and one of the hardening flags being to clever
> and doing something silly.
>
> > Can you point me in the right direction?
>
> As far as I see, these are:
>
> CFLAGS: -fPIE -fstack-protector -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security
> LDFLAGS: -pie -Wl,-z,relro -Wl,-z,now
>
> I'm not exactly sure which one is the problem (I'm not 100% sold that
> this is the cause, either). But on Ubuntu Lucid, compiling a syslog-ng
> with -fstack-protector -D_FORTIFY_SOURCE=2 does seem to trigger the
> issue with --no-caps. However, doing the same on Debian sid does not. So
> it might be something in ubuntu's glib..
>
> I wasn't able to get much further than that, unfortunately.
>
Ok, I thought that FALSE is not a numeric zero. Isn't this the problem?
sizeof(gboolean) == 4
sizeof(gpointer) == 8
Isn't that the root cause?
--
Bazsi
More information about the syslog-ng
mailing list