Light Display Manager

Support building with -fPIE -pie

Bug #1114106 reported by Yves-Alexis Perez on 2013-02-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Light Display Manager	Fix Released	High	Unassigned
	Fedora	Fix Released	Undecided	redhat-bugs #955147

Bug Description

Hi,

it seems that the recently released LightDM 1.5.0 segfaults at startup when looking at the value of lock-memory. I've managed to take a backtrace (attached) although it looks weird why it actually segfaults.

Revision history for this message

Yves-Alexis Perez (corsac) wrote on 2013-02-03:

backtrace Edit (5.0 KiB, text/plain)

Revision history for this message

Yves-Alexis Perez (corsac) wrote on 2013-02-07:

Ping?

Revision history for this message

Robert Ancell (robert-ancell) wrote on 2013-03-11:

Not seeing this here and can't see anything immediately wrong with that code.

Changed in lightdm:
importance:	Undecided → High

Revision history for this message

Yves-Alexis Perez (corsac) wrote on 2013-04-05:

Ok, 1.5.3 still segfaults, but I noted something important: it only fails when building with PIE, for example with:

export DEB_BUILD_MAINT_OPTIONS=hardening=+pie

Revision history for this message

In Red Hat Bugzilla #955147, Dhiru (dhiru-redhat-bugs) wrote on 2013-04-22:

Description of problem:

http://fedoraproject.org/wiki/Packaging:Guidelines#PIE says that "you MUST
enable the PIE compiler flags if your package is long running ...".

However, currently lightdm is not being built with PIE flags. This is a
clear violation of the packaging guidelines.

This issue (in its wider scope) is being discussed at,

https://fedorahosted.org/fesco/ticket/1104

https://lists.fedoraproject.org/pipermail/devel/2013-March/180827.html

Version-Release number of selected component (if applicable):

lightdm-1.6.0-2.fc19.x86_64.rpm

How reproducible:

You can use following programs to check if a package is hardened:

http://people.redhat.com/sgrubb/files/rpm-chksec

https://github.com/kholia/checksec

Steps to Reproduce:

Get scanner.py from https://github.com/kholia/checksec

$ ./scanner.py lightdm-1.6.0-2.fc19.x86_64.rpm
lightdm,lightdm-1.6.0-2.fc19.x86_64.rpm,/usr/bin/dm-tool,NX=Enabled,CANARY=Disabled,RELRO=Partial,PIE=Disabled,RPATH=Disabled,RUNPATH=Disabled,FORTIFY=NA,CATEGORY=None
lightdm,lightdm-1.6.0-2.fc19.x86_64.rpm,/usr/libexec/lightdm/lightdm-guest-session-wrapper,NX=Enabled,CANARY=Disabled,RELRO=Partial,PIE=Disabled,RPATH=Disabled,RUNPATH=Disabled,FORTIFY=NA,CATEGORY=None
lightdm,lightdm-1.6.0-2.fc19.x86_64.rpm,/usr/libexec/lightdm/lightdm-set-defaults,NX=Enabled,CANARY=Disabled,RELRO=Partial,PIE=Disabled,RPATH=Disabled,RUNPATH=Disabled,FORTIFY=NA,CATEGORY=None
lightdm,lightdm-1.6.0-2.fc19.x86_64.rpm,/usr/sbin/lightdm,NX=Enabled,CANARY=Enabled,RELRO=Partial,PIE=Disabled,RPATH=Disabled,RUNPATH=Disabled,FORTIFY=Enabled,CATEGORY=None

Revision history for this message

In Red Hat Bugzilla #955147, Dan (dan-redhat-bugs) wrote on 2013-04-22:

Tried building with "%global _hardened_build 1" in the spec:

Making all in doc
make[2]: Entering directory `/builddir/build/BUILD/lightdm-1.6.0/doc'
DOC Scanning header files
DOC Introspecting gobjects
gcc: fatal error: /usr/lib/rpm/redhat/redhat-hardened-cc1: attempt to rename spec 'cc1_options' to already defined spec 'rh_cc1_options_old'
compilation terminated.
Compilation of scanner failed:

http://kojipkgs.fedoraproject.org//work/tasks/8232/5288232/build.log

Revision history for this message

In Red Hat Bugzilla #955147, Rex (rex-redhat-bugs) wrote on 2013-04-25:

#10

Thanks to some prodding by halfie on irc,

[04/25/13 06:49] <halfie> rdieter, the build system of lightdm seems to be appending flags to existing flags?
[04/25/13 06:50] <rdieter> this line is the failure:
[04/25/13 06:50] <rdieter> CC="$(GTKDOC_CC)" LD="$(GTKDOC_LD)" RUN="$(GTKDOC_RUN)" CFLAGS="$(GTKDOC_CFLAGS) $(CFLAGS)" LDFLAGS="$(GTKDOC_LIBS) $(LDFLAGS)" \
[04/25/13 06:50] <rdieter> gtkdoc-scangobj $(SCANGOBJ_OPTIONS) $$scanobj_options --module=$(DOC_MODULE);
[04/25/13 06:51] <rdieter> yeah, looks like it
[04/25/13 06:51] <rdieter> GTKDOC_CC = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(INCLUDES) $(GTKDOC_DEPS_CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
[04/25/13 06:51] <rdieter> GTKDOC_LD = $(LIBTOOL) --tag=CC --mode=link $(CC) $(GTKDOC_DEPS_LIBS) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS)
[04/25/13 06:51] <rdieter> so those are getting set twice

[04/25/13 06:52] <halfie> I suspected something like that. So what do we do here? File upstream bug?
[04/25/13 06:53] <rdieter> I'll try to patch it so it gets set only once, then yeah, poke upsteam about it

Revision history for this message

In Red Hat Bugzilla #955147, Fedora (fedora-redhat-bugs) wrote on 2013-04-25:

#11

lightdm-kde-0.3.2.1-2.fc19,lightdm-gtk-1.5.1-2.fc19,lightdm-1.6.0-3.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/lightdm-kde-0.3.2.1-2.fc19,lightdm-gtk-1.5.1-2.fc19,lightdm-1.6.0-3.fc19

Revision history for this message

In Red Hat Bugzilla #955147, Fedora (fedora-redhat-bugs) wrote on 2013-04-25:

#12

Package lightdm-kde-0.3.2.1-2.fc19, lightdm-gtk-1.5.1-2.fc19, lightdm-1.6.0-3.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing lightdm-kde-0.3.2.1-2.fc19 lightdm-gtk-1.5.1-2.fc19 lightdm-1.6.0-3.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-6618/lightdm-kde-0.3.2.1-2.fc19,lightdm-gtk-1.5.1-2.fc19,lightdm-1.6.0-3.fc19
then log in and leave karma (feedback).

Revision history for this message

In Red Hat Bugzilla #955147, Rex (rex-redhat-bugs) wrote on 2013-04-26:

#13

PIE build reverted for now, seems to cause crashes, bug #956868

Revision history for this message

In Red Hat Bugzilla #955147, Fedora (fedora-redhat-bugs) wrote on 2013-04-27:

#14

lightdm-kde-0.3.2.1-2.fc19, lightdm-gtk-1.5.1-2.fc19, lightdm-1.6.0-4.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/FEDORA-2013-6713/lightdm-kde-0.3.2.1-2.fc19,lightdm-gtk-1.5.1-2.fc19,lightdm-1.6.0-4.fc19

Revision history for this message

In Red Hat Bugzilla #955147, Dan (dan-redhat-bugs) wrote on 2013-04-30:

#15

I've filed bug 958290 for a fix to gtk-doc so we don't all have to patch this ourselves.

Revision history for this message

In Red Hat Bugzilla #955147, Rex (rex-redhat-bugs) wrote on 2013-05-16:

#16

lightdm was fixed, so doesn't depend on bug #892837 (removing)

Yves-Alexis Perez (corsac) on 2013-11-28

summary:

- lightdm 1.5.0 segfaults at startup
+ please support building with -fPIE -pie

Robert Ancell (robert-ancell) on 2013-11-28

summary:	- please support building with -fPIE -pie + Support building with -fPIE -pie
Changed in lightdm:
status:	New → Triaged

Revision history for this message

In Red Hat Bugzilla #955147, Moez (moez-redhat-bugs) wrote on 2015-03-14:

#17

(In reply to Rex Dieter from comment #8)
> lightdm was fixed, so doesn't depend on bug #892837 (removing)

Please remind me why hardening was disabled for lightdm again? This bug references other RHBZ which are all closed right now.

Thanks.

Revision history for this message

In Red Hat Bugzilla #955147, Mamoru (mamoru-redhat-bugs) wrote on 2015-03-14:

#18

(In reply to Moez Roy from comment #10)
> (In reply to Rex Dieter from comment #8)
> > lightdm was fixed, so doesn't depend on bug #892837 (removing)
>
> Please remind me why hardening was disabled for lightdm again? This bug
> references other RHBZ which are all closed right now.
>
> Thanks.

You should try reading the history.

(In reply to Rex Dieter from comment #5)
> PIE build reverted for now, seems to cause crashes, bug #956868

Revision history for this message

Robert Ancell (robert-ancell) wrote on 2015-05-26:

Can anyone still reproduce this? I haven't been able to from trunk.

Revision history for this message

Yves-Alexis Perez (corsac) wrote on 2015-05-27:

Seems that this got fixed around 1.8 (we enabled all hardening flags, including PIE, at 1.8.3)

Revision history for this message

Robert Ancell (robert-ancell) wrote on 2015-05-29:

Great, the only pre 1.8 version still supported is 1.2.

Changed in lightdm:
status:	Triaged → Fix Released

Revision history for this message

In Red Hat Bugzilla #955147, Rex (rex-redhat-bugs) wrote on 2016-03-24:

#19

* Wed Nov 25 2015 Rex Dieter <email address hidden> - 1.10.6-2
...
- (re)enable hardening for f23+, at least (#956868)

Revision history for this message

In Red Hat Bugzilla #955147, Fedora (fedora-redhat-bugs) wrote on 2016-03-28:

#20

lightdm-1.10.6-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-97272d76c4

Revision history for this message

In Red Hat Bugzilla #955147, Fedora (fedora-redhat-bugs) wrote on 2016-03-30:

#21

lightdm-1.10.6-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Bug Watch Updater (bug-watch-updater) on 2017-10-28

Changed in fedora:
importance:	Unknown → Undecided
status:	Unknown → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

backtrace Edit

Add attachment

Remote bug watches

redhat-bugs #955147
[CLOSED ERRATA] Edit
auto-fedorahosted.org-16 #1104 Edit

Bug watches keep track of this bug in other bug trackers.