bug#27429: Stack clash (CVE-2017-1000366 etc)

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27429: Stack clash (CVE-2017-1000366 etc)

From:	Mark H Weaver
Subject:	bug#27429: Stack clash (CVE-2017-1000366 etc)
Date:	Mon, 26 Jun 2017 07:19:12 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

Hi Ludovic,

address@hidden (Ludovic Courtès) writes:

> Mark H Weaver <address@hidden> skribis:
>
>> I tried to copy the .drv files for the grafted 'glibc-final' and
>> 'glibc-final-with-bootstrap-bash' from my machine to Hydra, in order to
>> ask Hydra to build it, but both "guix copy" and "guix archive --export"
>> failed:
>>
>> address@hidden ~$ guix copy address@hidden
>> /gnu/store/17gcwll4a2y3cjk8jf3fg2gr105m9f4i-glibc-2.25.drv
>> /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-glibc-2.25.drv
>> sending 11 store items to 'localhost'...
>> guix copy: error: corrupt input while restoring archive from #<closed: file 
>> 231bbd0>
>> address@hidden ~$ guix archive --export
>> /gnu/store/17gcwll4a2y3cjk8jf3fg2gr105m9f4i-glibc-2.25.drv
>> /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-glibc-2.25.drv >
>> GRAFTED-GLIBC-DRVS.nar
>> guix archive: error: corrupt input while restoring archive from #<closed: 
>> file 17e9d20>
>
> Apparently they got built at some point.

Yes, I ran "guix pull" for user mhw on Hydra, and then asked it to build
a grafted 'hello' for all three hydra-supported platforms.  This
entailed building a grafted 'glibc-final' as well as 'perl' and 'expat'.
I then ran:

  guix challenge --substitute-urls=https://hydra.gnu.org /gnu/store/...

to generate narinfo requests for the relevant outputs, on the theory
that this would cause guix-publish to build NARs.  (Am I right?)

> As for the problems above: error reporting in ‘guix copy’ is suboptimal
> (help welcome!), and the ‘guix archive --export’ problem looks like a
> bug; could you report it?

Sure.

>> I'm concerned that i686 and armhf users are going to have a rude
>> awakening when they not only have to build two variants of glibc, but
>> also a bunch of the early bootstrap because the NARs are not available
>> on Hydra.  It would be good if someone could take care of that.
>
> Doing:
>
> $ ./pre-inst-env guix build -e '(begin (use-modules (guix)) 
> (package-replacement (@@ (gnu packages commencement) glibc-final)))' -s 
> i686-linux --log-file --no-grafts
> https://mirror.hydra.gnu.org/log/ivvdx2m0p6gnmcxmz355z106ffqg9p25-glibc-2.25.drv
>
>
> I see that glibc fails to build on i686 (but I think you’ve just fixed
> it?):

Yes, I fixed the i686 problem in commit
ffc015bea26f24d862e7e877d907fbe1ab9a9967.  FYI, this problem was
reported as a separate bug, which is now closed:

  https://bugs.gnu.org/27489

      Thanks,
        Mark

[Prev in Thread]

Current Thread

[Next in Thread]

bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)], (continued)
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/19
- bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check, Danny Milosavljevic, 2017/06/25
  - bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check, Marius Bakke, 2017/06/25
    - bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check, Leo Famulari, 2017/06/25

Prev by Date: bug#27467: Xfce broken, because it propagates two different versions of gtk+
Next by Date: bug#27500: [website] wrong link to talk
Previous by thread: bug#27429: Stack clash (CVE-2017-1000366 etc)
Next by thread: bug#27429: Stack clash (CVE-2017-1000366 etc)
Index(es):
- Date
- Thread