[pkg-firebird-general] firebird 2.1 compiled without stack protector, so UDF dlopen failed

marius adrian popa mapopa at gmail.com
Fri May 8 12:30:53 UTC 2009


On Fri, May 8, 2009 at 5:53 AM, Damyan Ivanov <dmn at debian.org> wrote:
> -=| marius adrian popa, Fri, May 08, 2009 at 05:43:37AM -0400 |=-
>> On Fri, May 8, 2009 at 5:38 AM, Damyan Ivanov <dmn at debian.org> wrote:
>> > -=| marius adrian popa, Fri, May 08, 2009 at 01:33:44AM +0300 |=-
>> >> On Thu, May 7, 2009 at 10:23 PM, Damyan Ivanov <dmn at debian.org> wrote:
>> >> > No -fno-stack-protector there.
>> >>
>> >> " It turns out that Ubuntu and Debian differ in their implementation
>> >> in terms of using stack protection when building software. Debian’s
>> >> default is “Do not use stack protection.” Ubuntu’s maintainers decided
>> >> that stack protection was better even if things wouldn’t be completely
>> >> compatible with Debian."
>> >
>> > So how come this user's firebird is compiled without stack protection?
>>
>> the firebird packages is not compiled with stack
>
> Why? You just said that Ubuntu uses stack protector by default. So the
> Ubuntu package shall use it, no?

now comes to weird stuff i have tested the examples from
http://wiki.debian.org/Hardening
and by default gcc  is doing stack protection so if you see no
arguments for stack protections that maybe it seems
that firebird is compiled with stack protection ? I will ask how to
detect if is by default or not firebird builded with stack protection
and how to detect it

gcc -O2  trivial.c  -o trivial
/trivial $(perl -e 'print "A"x100')
Your first argument was:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
*** stack smashing detected ***: ./trivial terminated
gcc -fno-stack-protector  trivial.c  -o trivial
./trivial $(perl -e 'print "A"x100')
Your first argument was:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Segmentation fault


>
>> just the users UDF is compiled by default
>>
>> it's just needs to be mentioned to UDF users on ubuntu and other stack
>> protected os-es
>
> Mentioned where?
maybe in documentation
>
> --
> dam
>
> _______________________________________________
> pkg-firebird-general mailing list
> pkg-firebird-general at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-firebird-general



More information about the pkg-firebird-general mailing list