Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1060022: acl FTBFS with newer hardening flags
8 views
Skip to first unread message
Steve Langasek
Jan 4, 2024, 5:10:05 PM1/4/24
to
Package: acl
Version: 2.3.1-4
Severity: normal
Tags: patch
User: ubuntu...@lists.ubuntu.com
Usertags: origin-ubuntu noble ubuntu-patch
Hi Guillem,
It appears that something in the latest update of hardening flags in Ubuntu
noble now causes the package to fail to build, with both a compiler warning
about a buffer overflow, and runtime failures of getfacl because it trips
glibc's buffer overflow detection:
[...]
In function 'strcpy',
inlined from '__acl_to_any_text' at libacl/__acl_to_any_text.c:90:3:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:79:10: warning: '__builtin___strcpy_chk' writing 1 or more bytes into a region of size 0 overflows the destination [-Wstringop-overflow=]
79 | return __builtin___strcpy_chk (__dest, __src, __glibc_objsize (__dest));
| ^
[...]
FAIL: test/cp
=============
[...]
[28] $ getfacl --omit-header h/x -- failed
*** buffer overflow detected ***: terminated != user::rw-
~ != user:bin:rwx
~ != group::r--
~ != mask::rwx
~ != other::r--
~ !=
[...]
(https://launchpad.net/ubuntu/+source/acl/2.3.1-4/+build/27588829)
This traces back to a use of a 0-length array in a struct as a flexible
variable-length array, which confuses the compiler's + glibc's string
hardening and results in a false-positive detection of a buffer overflow.
While this false-positive could be avoided by downgrading from
_FORTIFY_SOURCE=3 back to _FORTIFY_SOURCE=2, that would also weaken our
ability to detect actual bugs, so instead I've prepared the attached patch
to make the flexible array implementation compatible with the gcc hardening
implementation, as described at
<https://people.kernel.org/kees/bounded-flexible-arrays-in-c>.
Thanks for considering,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
slan...@ubuntu.com vor...@debian.org
Version: 2.3.1-4
Severity: normal
Tags: patch
User: ubuntu...@lists.ubuntu.com
Usertags: origin-ubuntu noble ubuntu-patch
Hi Guillem,
It appears that something in the latest update of hardening flags in Ubuntu
noble now causes the package to fail to build, with both a compiler warning
about a buffer overflow, and runtime failures of getfacl because it trips
glibc's buffer overflow detection:
[...]
In function 'strcpy',
inlined from '__acl_to_any_text' at libacl/__acl_to_any_text.c:90:3:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:79:10: warning: '__builtin___strcpy_chk' writing 1 or more bytes into a region of size 0 overflows the destination [-Wstringop-overflow=]
79 | return __builtin___strcpy_chk (__dest, __src, __glibc_objsize (__dest));
| ^
[...]
FAIL: test/cp
=============
[...]
[28] $ getfacl --omit-header h/x -- failed
*** buffer overflow detected ***: terminated != user::rw-
~ != user:bin:rwx
~ != group::r--
~ != mask::rwx
~ != other::r--
~ !=
[...]
(https://launchpad.net/ubuntu/+source/acl/2.3.1-4/+build/27588829)
This traces back to a use of a 0-length array in a struct as a flexible
variable-length array, which confuses the compiler's + glibc's string
hardening and results in a false-positive detection of a buffer overflow.
While this false-positive could be avoided by downgrading from
_FORTIFY_SOURCE=3 back to _FORTIFY_SOURCE=2, that would also weaken our
ability to detect actual bugs, so instead I've prepared the attached patch
to make the flexible array implementation compatible with the gcc hardening
implementation, as described at
<https://people.kernel.org/kees/bounded-flexible-arrays-in-c>.
Thanks for considering,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
slan...@ubuntu.com vor...@debian.org
Guillem Jover
Jan 6, 2024, 10:10:04 PM1/6/24
to
Hi!
On Thu, 2024-01-04 at 14:04:50 -0800, Steve Langasek wrote:
> Package: acl
> Version: 2.3.1-4
> Severity: normal
> Tags: patch
> User: ubuntu...@lists.ubuntu.com
> Usertags: origin-ubuntu noble ubuntu-patch
fix. I've queued this for my next upload to unstable, which I'll be
doing after a quick one into experimental.
Regards,
Guillem
On Thu, 2024-01-04 at 14:04:50 -0800, Steve Langasek wrote:
> Package: acl
> Version: 2.3.1-4
> Severity: normal
> Tags: patch
> User: ubuntu...@lists.ubuntu.com
> Usertags: origin-ubuntu noble ubuntu-patch
> This traces back to a use of a 0-length array in a struct as a flexible
> variable-length array, which confuses the compiler's + glibc's string
> hardening and results in a false-positive detection of a buffer overflow.
>
> While this false-positive could be avoided by downgrading from
> _FORTIFY_SOURCE=3 back to _FORTIFY_SOURCE=2, that would also weaken our
> ability to detect actual bugs, so instead I've prepared the attached patch
> to make the flexible array implementation compatible with the gcc hardening
> implementation, as described at
> <https://people.kernel.org/kees/bounded-flexible-arrays-in-c>.
Thanks for the analysis and patch, I can confirm the issue and the
> variable-length array, which confuses the compiler's + glibc's string
> hardening and results in a false-positive detection of a buffer overflow.
>
> While this false-positive could be avoided by downgrading from
> _FORTIFY_SOURCE=3 back to _FORTIFY_SOURCE=2, that would also weaken our
> ability to detect actual bugs, so instead I've prepared the attached patch
> to make the flexible array implementation compatible with the gcc hardening
> implementation, as described at
> <https://people.kernel.org/kees/bounded-flexible-arrays-in-c>.
fix. I've queued this for my next upload to unstable, which I'll be
doing after a quick one into experimental.
Regards,
Guillem
0 new messages