Security-improving technologies which could be deployed now
Posted Oct 16, 2004 0:39 UTC (Sat) by tres
Parent article: Security-improving technologies which could be deployed now
A Warning to users of Gentoo: there seems to be a problem with using Position Independant Code with X windows. It manifests itself by emmiting the following error when trying to start X:
Duplicate symbol __i686.get_pc_thunk.bx in /usr/X11R6/lib/modules/fonts/libbitmap.a:bitmapmod.o
Also defined in /usr/X11R6/lib/modules/fonts/libbitmap.a
Fatal server error:
Module load failure
The steps to correct the problem are as follows:
USE="-hardened -pie -pic" emerge glibc
USE="-hardened -pie -pic" emerge gcc
USE="-hardened -pie -pic" emerge binutils
USE="-hardened -pie -pic" emerge xorg-x11
I don't know if they are all necessary or not and considering this old machine takes a couple of days to perform those steps I'm not looking into it very much. That problem bit me when I installed the system and again during an update; I have removed "hardened, pic, and pie" from the USE flags until a more detailed explanation of the problem can be found. I did notice that the "-fPIC" flag was enabled for SOME of the files in xorg even after turning it off in both the /etc/make.conf and on the command line as above but X works now and it didn't before. It must be overridden in the Makefiles within X.
Note: Adding --verbose (-v) to emerge will print the options that the package will be emerged with and yes "hardened, pic, and pie" were confirmed to be off before I started and -fPIC was still in a few files.
to post comments)