Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Bacula 5.0.3 on EL6

2011-02-25 13:03:02
Subject: Re: [Bacula-users] Bacula 5.0.3 on EL6
From: Paulo Martinez <martinezino AT googlemail DOT com>
To: Bacula <bacula-users AT lists.sourceforge DOT net>
Date: Fri, 25 Feb 2011 19:00:33 +0100 
Am 25.02.2011 um 18:20 schrieb Josh Fisher:
> Did you build RPMs from the source RPM? EL6 uses a newer version of  
> glibc that has stack and buffer overflow protection mechanisms. I  
> don't know what the status of 5.0.3 is with regards to these glibc  
> mechanisms, but previous versions would fail in like manner when, in  
> particular, the -DFORTIFY_SOURCE flag was set to anything other than  
> zero. Fedora, since version 8, has set -DFORTIFY_SOURCE=2. I have  
> not used EL6, but my guess is that EL6 is doing the same thing as  
> newer versions of Fedora.


it seems to be

%__global_cflags   -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 - 
fexceptions -fstack-protector --param=ssp-buffer-size=4


> In any case, Bacula should be compiled using the compiler flags that  
> are set when Bacula is built from source, rather than from rpmbuild.  
> Either build from the source tarball or else set the proper CFLAGS  
> in the global cflags used by rpmbuild, which is set by the  
> %__global_cflags macro in /usr/lib/rpm/redhat/macros, if you want/ 
> need an RPM. You can see what CFLAGS should be by running configure  
> against the source tarball. (FORTIFY_SOURCE will not be defined at  
> all, or will be set to zero.) Then set %__global_cflags accordingly  
> and use rpmbuild to build the RPMs with the proper flags. Note that  
> you will have to restore the %__global_cflags macro to its original  
> state before building any of Redhat's source RPMs, which are  
> designed to have FORTIFY_SOURCE=2.
>
> Again, I'm not certain this is still an issue with building Bacula  
> RPMs on Fedora (or probably EL6), but it is a possible (probable?)  
> cause of this error. If so, then keep in mind that this is not a  
> real buffer overrun, and does NOT mean that Bacula has any buffer  
> overrun vulnerabilities. It is caused by inadvertently turning on a  
> glibc "feature" that Bacula does not have any use for.


good to known. Thx.

PM



------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Bacula-users] Migration takes hours, Dermot Beirne
Next by Date:  Re: [Bacula-users] Job running Jobs, João Alberto Kuchnier
Previous by Thread:  Re: [Bacula-users] Bacula 5.0.3 on EL6, Josh Fisher
Next by Thread:  Re: [Bacula-users] Bacula 5.0.3 on EL6, Josh Fisher
Indexes:  [Date] [Thread] [Top] [All Lists]