[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-developers] StackGuard Woes

Subject: [cobalt-developers] StackGuard Woes
From: Anders <andersb@xxxxxxxxxxx>
Date: Thu Jul 10 06:25:00 2003
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

... or "excuse me, is this the way to fargo?" ...


Ever noticed when rebuilding RaQ 550 SRPMS
that the new "stackguard" spec files say:

if [ ! -x /usr/sg/bin/gcc ]; then
   echo "ERROR: No stackguard environment detected on this system"
   echo "Please obtain the stackguard environment RPMS located at:"
   echo "glazed:/fargo/i386/sg-cpp-1.1.2-30_SG201_cobalt.i386.rpm and"
   echo "glazed:/fargo/i386/sg-egcs-1.1.2-30_SG201_cobalt.i386.rpm"
   exit 1;
fi

That is *one* way of checking for the presence of the SG gcc compiler?
Another easier way would be to actually check for the installed RPMS:

BuildRequires: sg-egcs

If you should need to install the packages, it can be done
from the public Internet by using the following 2 commands:

rpm -Uvh ftp://ftp.cobalt.sun.com/pub/products/raq550/RPMS/\
sg-cpp-1.1.2-30_SG201_cobalt.i386.rpm
rpm -Uvh ftp://ftp.cobalt.sun.com/pub/products/raq550/RPMS/\
sg-egcs-1.1.2-30_SG201_cobalt.i386.rpm

As it's rather hard to access the internal Cobalt server...
(some of these cobalt spec files are not in very good shape)


StackGuard is a compiler from "Immunix Linux" that inserts
watchdog "canaries" for buffer overflows, by patching gcc.
It also makes it generally impossible to link against...
(without using the same compiler for any new code too)

It's used by appending the following lines to the spec:
%build
# stackguard environment
PATH=/usr/sg/bin:$PATH
export PATH

Generally it's better to fix the buffer overflow itself,
than working around it like this - but this is *easier* ?
As one doesn't have to upgrade the software, just recompile
(and hope that there were no other non-stackbuffer exploits...)


If you ever need to use C++, you also need to install the g++
compiler for StackGuard, as this wasn't included by Sun Cobalt
(not even available as a ready-made RPMS, for some odd reason ?)

wget ftp://ftp.cobalt.sun.com/pub/products/raq550/SRPMS/\
sg-egcs-1.1.2-30_SG201_cobalt.src.rpm
rpm --rebuild sg-egcs-1.1.2-30_SG201_cobalt.src.rpm
# this one takes a looong time to build... coffee ?

rpm -Uvh /usr/src/redhat/RPMS/i386/\
sg-egcs-c++-1.1.2-30_SG201_cobalt.i386.rpm
rpm -Uvh /usr/src/redhat/RPMS/i386/\
sg-libstdc++-2.9.0-30_SG201_cobalt.i386.rpm


Hope that helps you. (they're not making this easy, are they?)

--anders

PS. The web page for Immunix Stackguard used to be here:
    http://www.immunix.org/stackguard.html
    but it seems to have been messed up recently ?

Prev by Date: Re: [cobalt-developers] Web Server Aliases
Next by Date: [cobalt-developers] Qube 2 Cabling
Previous by thread: Re: [cobalt-developers] Web Server Aliases
Next by thread: [cobalt-developers] Qube 2 Cabling

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index