Thread: [Devil-linux-develop] 1.3 compile message?

I'm running a fresh 1.3 compile this morning, and just happened to
notice a weird message from coreutils.  I don't know what it means, and
I don't know why it displayed on the terminal, instead of going to LOGS:


executing coreutils with option build (in /data/build/tmp/coreutils-6.10)
*** %n in writable segment detected ***


It didn't abort, as my compile is still running.  Anyone have a clue?

 - BS

Hi Bruce,

Bruce Smith wrote:

> executing coreutils with option build (in /data/build/tmp/coreutils-6.10)
> *** %n in writable segment detected ***
...
> It didn't abort, as my compile is still running.  Anyone have a clue?
> 
Yes, I was also interested in it.
Please read this thread to clear the question - I'm not sure I'm able to retell it.

http://www.nabble.com/vasnprintf's-%22-n-in-writable-segment%22-chokes-with-_FORTIFY_SOURCE-%3D%3D-2-td13270892.html

--
Sincerely,
Serge Leschinsky

> > executing coreutils with option build (in /data/build/tmp/coreutils-6.10)
> > *** %n in writable segment detected ***
> ...
> > It didn't abort, as my compile is still running.  Anyone have a clue?
> > 
> Yes, I was also interested in it.
> Please read this thread to clear the question - I'm not sure I'm able to retell it.
> 
> http://www.nabble.com/vasnprintf's-%22-n-in-writable-segment%22-chokes-with-_FORTIFY_SOURCE-%3D%3D-2-td13270892.html

OK, but I'm not sure if the message is something we need to worry about?

Are all the coreutil programs being compiled and do they run?

 - BS

> > OK, but I'm not sure if the message is something we need to worry about?
> > Are all the coreutil programs being compiled and do they run?
> 
> I added "make check" specially to make sure it's working. I disabled one test
> which may be passed only if the box is online (I added a comment about it)
> 
> Coreutils passed all checks on my build station.

OK, I guess I won't worry about the message then.  :-)

 - BS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>> Coreutils passed all checks on my build station.
> 
> OK, I guess I won't worry about the message then.  :-)
> 
>  - BS

I had the same message, but everything works normal.

But nevertheless maybe someone smarter than me should look what causes the problem,
because as far as i know, this message has something to do with a format string error.
And as a "security product" we should care eventually :-/

That's what i found:
> No, that's not the point.  It doesn't matter whether the target of the
> %n is writable; if it's not, we'll just segfault.  The test is supposed
> to prevent a malicious attacker inserting %n into the application
> somewhere where it will be passed to printf, causing an unexpected
> store.

Here is the full message:
> http://sources.redhat.com/ml/libc-alpha/2006-02/msg00078.html

..but though - this has nothing to do with coreutils, but....

- ----

Olli

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

iD8DBQFH80p5724ZL5LNhNcRAplkAJ9X1Ghyjqx0Rq6aiYoVJlBUdGIBuwCfauW4
gP8P54/dvN1piID+WYYSTH4=
=/yoq
-----END PGP SIGNATURE-----

Bruce,

Bruce Smith wrote:

> OK, but I'm not sure if the message is something we need to worry about?
> 
> Are all the coreutil programs being compiled and do they run?

I added "make check" specially to make sure it's working. I disabled one test
which may be passed only if the box is online (I added a comment about it)

Coreutils passed all checks on my build station.

--
Sincerely,
Serge Leschinsky