From: Paul H. Hargrove (PHHargrove_at_lbl_dot_gov)
Date: Mon Dec 22 2008 - 11:06:55 PST
With all due respect to the person who raised the question: a link failure is NOT any indication that such buffer overflows are present. It is an indication of a toolchain that creates implicit dependencies and broke linking of many shared libraries and dynamically loadable modules other than BLCR. Neal, have you or anyone else tried removing -fno-stack-protector to see if things work correctly on Fedora 9 or 10? Its possible they might. If somebody can point to the proper way to resolve the linkage problem, without also breaking things for platforms w/o stack-protector support in gcc, then I'd be happy to apply the fix. -Paul Neal Becker wrote: > I wonder if anyone would be able to help answer this question? > > ---------- Forwarded Message ---------- > > Subject: [Bug 19] Review request: blcr - Berkeley Lab Checkpoint/Restart for > Linux > Date: Monday 22 December 2008 > From: RPM Fusion Bugzilla <noreply_at_rpmfusion_dot_org> > To: [email protected] > > http://bugzilla.rpmfusion.org/show_bug.cgi?id=19 > > > > > > --- Comment #18 from Kevin Kofler <[email protected]> 2008-12-22 10:43:47 > --- > Can't the bug which requires -fno-stack-protector be fixed?! IMHO this is a > blocker, packages should NEVER use -fno-stack-protector, it's an invitation > for > crackers to exploit any buffer overflows, and the fact that it's needed in the > first place strongly points to such buffer overflows being present. > > -- Paul H. Hargrove PHHargrove_at_lbl_dot_gov Future Technologies Group HPC Research Department Tel: +1-510-495-2352 Lawrence Berkeley National Laboratory Fax: +1-510-486-6900