-
-
Notifications
You must be signed in to change notification settings - Fork 14.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gnutar: disable fortify3 hardening flag #246134
Conversation
Maybe that's a genuine bug in tar? (their buffer overflowing) |
I mean, the whole point of this hardening is to cause (safe) crashes. |
fair enough, I will have a closer look at crash. makes me wonder what it writes to the tar if it doesn't crash ! |
I have created minimal derivation to reproduce the issue, but i am having difficulty getting a coredump https://discourse.nixos.org/t/cant-get-coredump-from-nixbld-user/31090 any help appreciated |
The issue seems to be a bug in fakechroot; its shim of The smallest reproducer is:
Compile Call as either (Thanks @yorickvP for helping out!) |
@puckipedia thank you for taking time looking into this ! It looks like compiler bug to me int main(int argc, char **argv) {
char foo[4];
readlink("/run/current-system", foo, 4);
return 0;
}
doesn't crash |
it's not a compiler bug; glibc with hardening enabled will pass a hidden parameter, the size of the buffer being written into, if known. If the maximum length passed into the syscall is larger than the statically determined size of the buffer, it bails out, knowing that the buffer would've been overflowed. It doesn't do this on static readlink calls because it can statically determine that the buffer can't overflow. fakechroot messes up handling this behaviour in a way that usually wouldn't matter, but that due to nixpkgs' defaults for hardening, shows up more often than other distros. |
Indeed there's an old adage that's something like "if you think you've found a compiler bug, you haven't". I'm interested in the relevance of this line: |
That line is fine. This isn't entirely the platform to discuss the ins and outs of a bug in fakechroot, but i'll do it anyways: The _FORTIFY_SOURCE define is needed to induce glibc into introducing the definition of |
Of course, that makes sense. |
closing as this is fakechroot issue |
We should probably submit a patch to fakechroot to fix this |
upstream issue dex4er/fakechroot#114 |
Description of changes
after #224822
tar crashes during building of docker image, sorry I don't have a small test to reproduce (edit: here is small test to reproduce https://discourse.nixos.org/t/cant-get-coredump-from-nixbld-user/31090 , but this fixes the crash for me
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)