[Bug 1266492] Re: ld:i386 crashes with -static -fPIE -pie

Steve Beattie sbeattie at ubuntu.com
Thu Jan 30 06:47:10 UTC 2014 

Here's a patch to glibc to set the default value of MALLOC_CHECK_ to 1
(from 3). By doing so, the malloc specific error passed to
malloc_printerr() will still be displayed by default, but libc will not
attempt to generate a backtrace, which is what is causing the deadlock
to occur. Even if the deadlock weren't a problem, it's also valuable
from a security perspective, as attempting to malloc() from the same
pool that libc has already detected an attacker has corrupted is likely
unsafe, and may grant an attacker a chance to regain control. This is
also the reason for adding the MALLOC_CHECK_ variable to the list of
environment variables for filtering when setuid/setgid programs are
invoked.

People wishing to see the backtrace for debugging purposes can get the
old default behavior back by setting MALLOC_CHECK_=3 in their
environment.

I've verified that eglibc builds fine with this change, and that xorg-
server 2:1.14.5-1ubuntu2 (not containing the workaround that Martin
added in 2:1.14.5-1ubuntu3, thus would normally trigger the ld/glibc
hang on i386) also builds fine when built against eglibc with this patch
on all arches.

Fixing this of course doesn't address the binutils bug where ld is
corrupting malloc space, or the dpkg-buildflags hardening flaw around
-static and -pie (doko, is there a bug already for that?), but it will
stop builds from hanging.

Note that I don't have upload privileges, so all my patches will need to
be sponsored.

** Patch added: "local-no-malloc-backtrace.diff"
   https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1266492/+attachment/3962383/+files/local-no-malloc-backtrace.diff

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1266492

Title:
  ld:i386 crashes with -static -fPIE -pie

Status in Embedded GLIBC:
  Incomplete
Status in “binutils” package in Ubuntu:
  Confirmed
Status in “eglibc” package in Ubuntu:
  New
Status in “evolution-data-server” package in Ubuntu:
  Triaged
Status in “xorg-server” package in Ubuntu:
  Triaged
Status in “binutils” source package in Trusty:
  Confirmed
Status in “eglibc” source package in Trusty:
  New
Status in “evolution-data-server” source package in Trusty:
  Triaged
Status in “xorg-server” source package in Trusty:
  Triaged

Bug description:
  Making a simple file conftest.c with the following contents:

  int main() { return 0; }

  And then compiling it on i386 with gcc -fPIE -pie -static conftest.c
  returns:

  *** Error in `/usr/bin/ld': corrupted double-linked list: 0x08dddb38
  ***

  This breaks compilation xorg-server on i386. I believe that -static
  -fPIE -pie is probably invalid, and it fails on amd64 too.

  $ gcc -fPIE -pie -static conftest.c 
  /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/4.8/crtbeginT.o: relocation R_X86_64_32 against `__TMC_END__' can not be used when making a shared object; recompile with -fPIC
  /usr/lib/gcc/x86_64-linux-gnu/4.8/crtbeginT.o: error adding symbols: Bad value
  collect2: error: ld returned 1 exit status

  But autoconf hangs on the corrupted double-linked list, which times
  out the xorg-server build.

To manage notifications about this bug go to:
https://bugs.launchpad.net/eglibc/+bug/1266492/+subscriptions

More information about the foundations-bugs mailing list