RUN: /usr/share/launchpad-buildd/slavebin/slave-prep ['slave-prep'] Forking launchpad-buildd slave process... Kernel version: 2.6.24-28-server #1 SMP Wed Aug 18 21:17:51 UTC 2010 x86_64 Buildd toolchain package versions: launchpad-buildd_113~0.IS.08.04 python-lpbuildd_113~0.IS.08.04 bzr_2.4.0-0ubuntu2~11.IS.8.04. Syncing the system clock with the buildd NTP service... 31 Mar 01:16:21 ntpdate[30555]: adjust time server 10.211.37.1 offset -0.000057 sec RUN: /usr/share/launchpad-buildd/slavebin/unpack-chroot ['unpack-chroot', 'afb7525432dd2bea9c8b4571f5e74779c3ea22c9', '/home/buildd/filecache-default/a6b01d38c4b98ab6b349eb2deb1a9889238f6220'] Unpacking chroot for build afb7525432dd2bea9c8b4571f5e74779c3ea22c9 RUN: /usr/share/launchpad-buildd/slavebin/mount-chroot ['mount-chroot', 'afb7525432dd2bea9c8b4571f5e74779c3ea22c9'] Mounting chroot for build afb7525432dd2bea9c8b4571f5e74779c3ea22c9 RUN: /usr/share/launchpad-buildd/slavebin/override-sources-list ['override-sources-list', 'afb7525432dd2bea9c8b4571f5e74779c3ea22c9', 'deb http://ftpmaster.internal/ubuntu precise main'] Overriding sources.list in build-afb7525432dd2bea9c8b4571f5e74779c3ea22c9 RUN: /usr/share/launchpad-buildd/slavebin/update-debian-chroot ['update-debian-chroot', 'afb7525432dd2bea9c8b4571f5e74779c3ea22c9', 'i386'] Updating debian chroot for build afb7525432dd2bea9c8b4571f5e74779c3ea22c9 Ign http://ftpmaster.internal precise InRelease Get:1 http://ftpmaster.internal precise Release.gpg [198 B] Get:2 http://ftpmaster.internal precise Release [49.6 kB] Get:3 http://ftpmaster.internal precise/main i386 Packages [1291 kB] Get:4 http://ftpmaster.internal precise/main TranslationIndex [3570 B] Get:5 http://ftpmaster.internal precise/main Translation-en [725 kB] Fetched 2070 kB in 1s (1962 kB/s) Reading package lists... Reading package lists... Building dependency tree... Reading state information... The following packages will be upgraded: bash bsdutils busybox-initramfs cpio dash debianutils e2fslibs e2fsprogs ifupdown klibc-utils libblkid1 libcomerr2 libglib2.0-0 libklibc libmount1 libp11-kit0 libss2 libssl1.0.0 libudev0 libuuid1 linux-libc-dev mawk mount openssl perl perl-base perl-modules udev upstart util-linux 30 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 16.5 MB of archives. After this operation, 33.8 kB of additional disk space will be used. WARNING: The following packages cannot be authenticated! debianutils bash dash e2fslibs e2fsprogs mount perl perl-base perl-modules libudev0 ifupdown upstart util-linux bsdutils libuuid1 libblkid1 libcomerr2 libmount1 libss2 libssl1.0.0 libglib2.0-0 mawk libp11-kit0 busybox-initramfs cpio klibc-utils libklibc udev openssl linux-libc-dev Authentication warning overridden. Get:1 http://ftpmaster.internal/ubuntu/ precise/main debianutils i386 4.2.1ubuntu2 [63.3 kB] Get:2 http://ftpmaster.internal/ubuntu/ precise/main bash i386 4.2-1ubuntu3 [616 kB] Get:3 http://ftpmaster.internal/ubuntu/ precise/main dash i386 0.5.7-2ubuntu2 [85.8 kB] Get:4 http://ftpmaster.internal/ubuntu/ precise/main e2fslibs i386 1.42-1ubuntu2 [200 kB] Get:5 http://ftpmaster.internal/ubuntu/ precise/main e2fsprogs i386 1.42-1ubuntu2 [972 kB] Get:6 http://ftpmaster.internal/ubuntu/ precise/main mount i386 2.20.1-1ubuntu3 [167 kB] Get:7 http://ftpmaster.internal/ubuntu/ precise/main perl i386 5.14.2-6ubuntu2 [3676 kB] Get:8 http://ftpmaster.internal/ubuntu/ precise/main perl-base i386 5.14.2-6ubuntu2 [1466 kB] Get:9 http://ftpmaster.internal/ubuntu/ precise/main perl-modules all 5.14.2-6ubuntu2 [3369 kB] Get:10 http://ftpmaster.internal/ubuntu/ precise/main libudev0 i386 175-0ubuntu8 [34.0 kB] Get:11 http://ftpmaster.internal/ubuntu/ precise/main ifupdown i386 0.7~beta2ubuntu7 [49.2 kB] Get:12 http://ftpmaster.internal/ubuntu/ precise/main upstart i386 1.5-0ubuntu3 [309 kB] Get:13 http://ftpmaster.internal/ubuntu/ precise/main util-linux i386 2.20.1-1ubuntu3 [592 kB] Get:14 http://ftpmaster.internal/ubuntu/ precise/main bsdutils i386 1:2.20.1-1ubuntu3 [41.6 kB] Get:15 http://ftpmaster.internal/ubuntu/ precise/main libuuid1 i386 2.20.1-1ubuntu3 [13.7 kB] Get:16 http://ftpmaster.internal/ubuntu/ precise/main libblkid1 i386 2.20.1-1ubuntu3 [81.0 kB] Get:17 http://ftpmaster.internal/ubuntu/ precise/main libcomerr2 i386 1.42-1ubuntu2 [57.3 kB] Get:18 http://ftpmaster.internal/ubuntu/ precise/main libmount1 i386 2.20.1-1ubuntu3 [72.1 kB] Get:19 http://ftpmaster.internal/ubuntu/ precise/main libss2 i386 1.42-1ubuntu2 [62.0 kB] Get:20 http://ftpmaster.internal/ubuntu/ precise/main libssl1.0.0 i386 1.0.1-2ubuntu4 [1002 kB] Get:21 http://ftpmaster.internal/ubuntu/ precise/main libglib2.0-0 i386 2.32.0-1ubuntu1 [1188 kB] Get:22 http://ftpmaster.internal/ubuntu/ precise/main mawk i386 1.3.3-17 [84.3 kB] Get:23 http://ftpmaster.internal/ubuntu/ precise/main libp11-kit0 i386 0.12-2ubuntu1 [33.6 kB] Get:24 http://ftpmaster.internal/ubuntu/ precise/main busybox-initramfs i386 1:1.18.5-1ubuntu3 [173 kB] Get:25 http://ftpmaster.internal/ubuntu/ precise/main cpio i386 2.11-7ubuntu2 [115 kB] Get:26 http://ftpmaster.internal/ubuntu/ precise/main klibc-utils i386 1.5.25-1ubuntu2 [177 kB] Get:27 http://ftpmaster.internal/ubuntu/ precise/main libklibc i386 1.5.25-1ubuntu2 [46.8 kB] Get:28 http://ftpmaster.internal/ubuntu/ precise/main udev i386 175-0ubuntu8 [349 kB] Get:29 http://ftpmaster.internal/ubuntu/ precise/main openssl i386 1.0.1-2ubuntu4 [519 kB] Get:30 http://ftpmaster.internal/ubuntu/ precise/main linux-libc-dev i386 3.2.0-21.34 [849 kB] debconf: delaying package configuration, since apt-utils is not installed Fetched 16.5 MB in 0s (19.3 MB/s) (Reading database ... 12259 files and directories currently installed.) Preparing to replace debianutils 4.2.1ubuntu1 (using .../debianutils_4.2.1ubuntu2_i386.deb) ... Unpacking replacement debianutils ... Setting up debianutils (4.2.1ubuntu2) ... (Reading database ... 12259 files and directories currently installed.) Preparing to replace bash 4.2-1ubuntu1 (using .../bash_4.2-1ubuntu3_i386.deb) ... Unpacking replacement bash ... Setting up bash (4.2-1ubuntu3) ... update-alternatives: using /usr/share/man/man7/bash-builtins.7.gz to provide /usr/share/man/man7/builtins.7.gz (builtins.7.gz) in auto mode. (Reading database ... 12259 files and directories currently installed.) Preparing to replace dash 0.5.7-2ubuntu1 (using .../dash_0.5.7-2ubuntu2_i386.deb) ... Unpacking replacement dash ... Setting up dash (0.5.7-2ubuntu2) ... (Reading database ... 12259 files and directories currently installed.) Preparing to replace e2fslibs 1.42-1ubuntu1 (using .../e2fslibs_1.42-1ubuntu2_i386.deb) ... Unpacking replacement e2fslibs ... Setting up e2fslibs (1.42-1ubuntu2) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place (Reading database ... 12259 files and directories currently installed.) Preparing to replace e2fsprogs 1.42-1ubuntu1 (using .../e2fsprogs_1.42-1ubuntu2_i386.deb) ... Unpacking replacement e2fsprogs ... Setting up e2fsprogs (1.42-1ubuntu2) ... (Reading database ... 12259 files and directories currently installed.) Preparing to replace mount 2.20.1-1ubuntu2 (using .../mount_2.20.1-1ubuntu3_i386.deb) ... Unpacking replacement mount ... Setting up mount (2.20.1-1ubuntu3) ... (Reading database ... 12259 files and directories currently installed.) Preparing to replace perl 5.14.2-6ubuntu1 (using .../perl_5.14.2-6ubuntu2_i386.deb) ... Unpacking replacement perl ... Preparing to replace perl-base 5.14.2-6ubuntu1 (using .../perl-base_5.14.2-6ubuntu2_i386.deb) ... Unpacking replacement perl-base ... Setting up perl-base (5.14.2-6ubuntu2) ... (Reading database ... 12261 files and directories currently installed.) Preparing to replace perl-modules 5.14.2-6ubuntu1 (using .../perl-modules_5.14.2-6ubuntu2_all.deb) ... Unpacking replacement perl-modules ... Preparing to replace libudev0 175-0ubuntu6 (using .../libudev0_175-0ubuntu8_i386.deb) ... Unpacking replacement libudev0 ... Preparing to replace ifupdown 0.7~beta2ubuntu6 (using .../ifupdown_0.7~beta2ubuntu7_i386.deb) ... Unpacking replacement ifupdown ... Preparing to replace upstart 1.4-0ubuntu9 (using .../upstart_1.5-0ubuntu3_i386.deb) ... Unpacking replacement upstart ... Preparing to replace util-linux 2.20.1-1ubuntu2 (using .../util-linux_2.20.1-1ubuntu3_i386.deb) ... Unpacking replacement util-linux ... Setting up libudev0 (175-0ubuntu8) ... Setting up ifupdown (0.7~beta2ubuntu7) ... Setting up upstart (1.5-0ubuntu3) ... Installing new version of config file /etc/init/failsafe.conf ... Installing new version of config file /etc/init/flush-early-job-log.conf ... Setting up util-linux (2.20.1-1ubuntu3) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place (Reading database ... 12261 files and directories currently installed.) Preparing to replace bsdutils 1:2.20.1-1ubuntu2 (using .../bsdutils_1%3a2.20.1-1ubuntu3_i386.deb) ... Unpacking replacement bsdutils ... Setting up bsdutils (1:2.20.1-1ubuntu3) ... (Reading database ... 12261 files and directories currently installed.) Preparing to replace libuuid1 2.20.1-1ubuntu2 (using .../libuuid1_2.20.1-1ubuntu3_i386.deb) ... Unpacking replacement libuuid1 ... Setting up libuuid1 (2.20.1-1ubuntu3) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place (Reading database ... 12261 files and directories currently installed.) Preparing to replace libblkid1 2.20.1-1ubuntu2 (using .../libblkid1_2.20.1-1ubuntu3_i386.deb) ... Unpacking replacement libblkid1 ... Setting up libblkid1 (2.20.1-1ubuntu3) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place (Reading database ... 12261 files and directories currently installed.) Preparing to replace libcomerr2 1.42-1ubuntu1 (using .../libcomerr2_1.42-1ubuntu2_i386.deb) ... Unpacking replacement libcomerr2 ... Setting up libcomerr2 (1.42-1ubuntu2) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place (Reading database ... 12261 files and directories currently installed.) Preparing to replace libmount1 2.20.1-1ubuntu2 (using .../libmount1_2.20.1-1ubuntu3_i386.deb) ... Unpacking replacement libmount1 ... Setting up libmount1 (2.20.1-1ubuntu3) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place (Reading database ... 12261 files and directories currently installed.) Preparing to replace libss2 1.42-1ubuntu1 (using .../libss2_1.42-1ubuntu2_i386.deb) ... Unpacking replacement libss2 ... Setting up libss2 (1.42-1ubuntu2) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place (Reading database ... 12261 files and directories currently installed.) Preparing to replace libssl1.0.0 1.0.1-2ubuntu1 (using .../libssl1.0.0_1.0.1-2ubuntu4_i386.deb) ... Unpacking replacement libssl1.0.0 ... Setting up libssl1.0.0 (1.0.1-2ubuntu4) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place (Reading database ... 12259 files and directories currently installed.) Preparing to replace libglib2.0-0 2.31.22-0ubuntu1 (using .../libglib2.0-0_2.32.0-1ubuntu1_i386.deb) ... Unpacking replacement libglib2.0-0 ... Preparing to replace mawk 1.3.3-16ubuntu3 (using .../mawk_1.3.3-17_i386.deb) ... Unpacking replacement mawk ... Preparing to replace libp11-kit0 0.10-1 (using .../libp11-kit0_0.12-2ubuntu1_i386.deb) ... Unpacking replacement libp11-kit0 ... Preparing to replace busybox-initramfs 1:1.18.5-1ubuntu2 (using .../busybox-initramfs_1%3a1.18.5-1ubuntu3_i386.deb) ... Unpacking replacement busybox-initramfs ... Preparing to replace cpio 2.11-7ubuntu1 (using .../cpio_2.11-7ubuntu2_i386.deb) ... Unpacking replacement cpio ... Preparing to replace klibc-utils 1.5.25-1ubuntu1 (using .../klibc-utils_1.5.25-1ubuntu2_i386.deb) ... Unpacking replacement klibc-utils ... Preparing to replace libklibc 1.5.25-1ubuntu1 (using .../libklibc_1.5.25-1ubuntu2_i386.deb) ... Unpacking replacement libklibc ... Preparing to replace udev 175-0ubuntu6 (using .../udev_175-0ubuntu8_i386.deb) ... Adding 'diversion of /sbin/udevadm to /sbin/udevadm.upgrade by fake-udev' Unpacking replacement udev ... Preparing to replace openssl 1.0.1-2ubuntu1 (using .../openssl_1.0.1-2ubuntu4_i386.deb) ... Unpacking replacement openssl ... Preparing to replace linux-libc-dev 3.2.0-20.32 (using .../linux-libc-dev_3.2.0-21.34_i386.deb) ... Unpacking replacement linux-libc-dev ... Setting up libglib2.0-0 (2.32.0-1ubuntu1) ... No schema files found: doing nothing. Setting up mawk (1.3.3-17) ... Setting up libp11-kit0 (0.12-2ubuntu1) ... Setting up busybox-initramfs (1:1.18.5-1ubuntu3) ... Setting up cpio (2.11-7ubuntu2) ... Setting up libklibc (1.5.25-1ubuntu2) ... Setting up klibc-utils (1.5.25-1ubuntu2) ... Setting up udev (175-0ubuntu8) ... invoke-rc.d: policy-rc.d denied execution of restart. Removing 'diversion of /sbin/udevadm to /sbin/udevadm.upgrade by fake-udev' update-initramfs: deferring update (trigger activated) Setting up openssl (1.0.1-2ubuntu4) ... Setting up linux-libc-dev (3.2.0-21.34) ... Setting up perl-modules (5.14.2-6ubuntu2) ... Setting up perl (5.14.2-6ubuntu2) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place Processing triggers for initramfs-tools ... RUN: /usr/share/launchpad-buildd/slavebin/sbuild-package ['sbuild-package', 'afb7525432dd2bea9c8b4571f5e74779c3ea22c9', 'i386', 'precise', '--nolog', '--batch', '--archive=ubuntu', '--dist=precise', '-A', '--purpose=PRIMARY', '--architecture=i386', '--comp=main', 'hardening-wrapper_1.36ubuntu1.dsc'] Initiating build afb7525432dd2bea9c8b4571f5e74779c3ea22c9 with 8 jobs across 8 processor cores. Automatic build of hardening-wrapper_1.36ubuntu1 on roseapple by sbuild/i386 1.170.5 Build started at 20120331-0116 ****************************************************************************** hardening-wrapper_1.36ubuntu1.dsc exists in cwd ** Using build dependencies supplied by package: Build-Depends: debhelper (>= 7), perl-base (>= 5.10) Checking for already installed source dependencies... debhelper: missing perl-base: already installed (5.14.2-6ubuntu2 >= 5.10 is satisfied) Checking for source dependency conflicts... /usr/bin/sudo /usr/bin/apt-get --purge $CHROOT_OPTIONS -q -y install debhelper Reading package lists... Building dependency tree... Reading state information... The following extra packages will be installed: bsdmainutils dh-apparmor file gettext gettext-base groff-base html2text intltool-debian libcroco3 libgettextpo0 libmagic1 libpipeline1 libunistring0 libxml2 man-db po-debconf Suggested packages: wamerican wordlist whois vacation dh-make gettext-doc groff less www-browser libmail-box-perl Recommended packages: curl wget lynx-cur xml-core libmail-sendmail-perl The following NEW packages will be installed: bsdmainutils debhelper dh-apparmor file gettext gettext-base groff-base html2text intltool-debian libcroco3 libgettextpo0 libmagic1 libpipeline1 libunistring0 libxml2 man-db po-debconf 0 upgraded, 17 newly installed, 0 to remove and 0 not upgraded. Need to get 5689 kB of archives. After this operation, 18.3 MB of additional disk space will be used. WARNING: The following packages cannot be authenticated! libpipeline1 libxml2 libcroco3 libunistring0 libgettextpo0 libmagic1 file bsdmainutils gettext-base groff-base man-db html2text gettext intltool-debian po-debconf dh-apparmor debhelper Authentication warning overridden. Get:1 http://ftpmaster.internal/ubuntu/ precise/main libpipeline1 i386 1.2.1-1 [26.1 kB] Get:2 http://ftpmaster.internal/ubuntu/ precise/main libxml2 i386 2.7.8.dfsg-5.1ubuntu4 [662 kB] Get:3 http://ftpmaster.internal/ubuntu/ precise/main libcroco3 i386 0.6.5-1 [99.7 kB] Get:4 http://ftpmaster.internal/ubuntu/ precise/main libunistring0 i386 0.9.3-5 [432 kB] Get:5 http://ftpmaster.internal/ubuntu/ precise/main libgettextpo0 i386 0.18.1.1-5ubuntu3 [118 kB] Get:6 http://ftpmaster.internal/ubuntu/ precise/main libmagic1 i386 5.09-2 [219 kB] Get:7 http://ftpmaster.internal/ubuntu/ precise/main file i386 5.09-2 [19.4 kB] Get:8 http://ftpmaster.internal/ubuntu/ precise/main bsdmainutils i386 8.2.3 [196 kB] Get:9 http://ftpmaster.internal/ubuntu/ precise/main gettext-base i386 0.18.1.1-5ubuntu3 [58.2 kB] Get:10 http://ftpmaster.internal/ubuntu/ precise/main groff-base i386 1.21-6 [1024 kB] Get:11 http://ftpmaster.internal/ubuntu/ precise/main man-db i386 2.6.1-1 [747 kB] Get:12 http://ftpmaster.internal/ubuntu/ precise/main html2text i386 1.3.2a-15 [101 kB] Get:13 http://ftpmaster.internal/ubuntu/ precise/main gettext i386 0.18.1.1-5ubuntu3 [1122 kB] Get:14 http://ftpmaster.internal/ubuntu/ precise/main intltool-debian all 0.35.0+20060710.1 [31.6 kB] Get:15 http://ftpmaster.internal/ubuntu/ precise/main po-debconf all 1.0.16+nmu2ubuntu1 [210 kB] Get:16 http://ftpmaster.internal/ubuntu/ precise/main dh-apparmor all 2.7.102-0ubuntu1 [9178 B] Get:17 http://ftpmaster.internal/ubuntu/ precise/main debhelper all 9.20120115ubuntu3 [616 kB] debconf: delaying package configuration, since apt-utils is not installed Fetched 5689 kB in 0s (17.3 MB/s) Selecting previously unselected package libpipeline1. (Reading database ... 12275 files and directories currently installed.) Unpacking libpipeline1 (from .../libpipeline1_1.2.1-1_i386.deb) ... Selecting previously unselected package libxml2. Unpacking libxml2 (from .../libxml2_2.7.8.dfsg-5.1ubuntu4_i386.deb) ... Selecting previously unselected package libcroco3. Unpacking libcroco3 (from .../libcroco3_0.6.5-1_i386.deb) ... Selecting previously unselected package libunistring0. Unpacking libunistring0 (from .../libunistring0_0.9.3-5_i386.deb) ... Selecting previously unselected package libgettextpo0. Unpacking libgettextpo0 (from .../libgettextpo0_0.18.1.1-5ubuntu3_i386.deb) ... Selecting previously unselected package libmagic1. Unpacking libmagic1 (from .../libmagic1_5.09-2_i386.deb) ... Selecting previously unselected package file. Unpacking file (from .../archives/file_5.09-2_i386.deb) ... Selecting previously unselected package bsdmainutils. Unpacking bsdmainutils (from .../bsdmainutils_8.2.3_i386.deb) ... Selecting previously unselected package gettext-base. Unpacking gettext-base (from .../gettext-base_0.18.1.1-5ubuntu3_i386.deb) ... Selecting previously unselected package groff-base. Unpacking groff-base (from .../groff-base_1.21-6_i386.deb) ... Selecting previously unselected package man-db. Unpacking man-db (from .../man-db_2.6.1-1_i386.deb) ... Selecting previously unselected package html2text. Unpacking html2text (from .../html2text_1.3.2a-15_i386.deb) ... Selecting previously unselected package gettext. Unpacking gettext (from .../gettext_0.18.1.1-5ubuntu3_i386.deb) ... Selecting previously unselected package intltool-debian. Unpacking intltool-debian (from .../intltool-debian_0.35.0+20060710.1_all.deb) ... Selecting previously unselected package po-debconf. Unpacking po-debconf (from .../po-debconf_1.0.16+nmu2ubuntu1_all.deb) ... Selecting previously unselected package dh-apparmor. Unpacking dh-apparmor (from .../dh-apparmor_2.7.102-0ubuntu1_all.deb) ... Selecting previously unselected package debhelper. Unpacking debhelper (from .../debhelper_9.20120115ubuntu3_all.deb) ... Setting up libpipeline1 (1.2.1-1) ... Setting up libxml2 (2.7.8.dfsg-5.1ubuntu4) ... Setting up libcroco3 (0.6.5-1) ... Setting up libunistring0 (0.9.3-5) ... Setting up libgettextpo0 (0.18.1.1-5ubuntu3) ... Setting up libmagic1 (5.09-2) ... Setting up file (5.09-2) ... Setting up bsdmainutils (8.2.3) ... update-alternatives: using /usr/bin/bsd-write to provide /usr/bin/write (write) in auto mode. update-alternatives: using /usr/bin/bsd-from to provide /usr/bin/from (from) in auto mode. Setting up gettext-base (0.18.1.1-5ubuntu3) ... Setting up groff-base (1.21-6) ... Setting up man-db (2.6.1-1) ... Building database of manual pages ... Setting up html2text (1.3.2a-15) ... Setting up gettext (0.18.1.1-5ubuntu3) ... Setting up intltool-debian (0.35.0+20060710.1) ... Setting up po-debconf (1.0.16+nmu2ubuntu1) ... Setting up dh-apparmor (2.7.102-0ubuntu1) ... Setting up debhelper (9.20120115ubuntu3) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place Checking correctness of source dependencies... Toolchain package versions: libc6-dev_2.15-0ubuntu6 make_3.81-8.1ubuntu1 dpkg-dev_1.16.1.2ubuntu5 gcc-4.6_4.6.3-1ubuntu3 g++-4.6_4.6.3-1ubuntu3 binutils_2.22-6ubuntu1 libstdc++6-4.6-dev_4.6.3-1ubuntu3 libstdc++6_4.6.3-1ubuntu3 ------------------------------------------------------------------------------ dpkg-source: warning: -sn is not a valid option for Dpkg::Source::Package::V3::native gpgv: Signature made Sat Mar 31 01:11:51 2012 UTC using RSA key ID 7D86500B gpgv: Can't check signature: public key not found dpkg-source: warning: failed to verify signature on ./hardening-wrapper_1.36ubuntu1.dsc dpkg-source: info: extracting hardening-wrapper in hardening-wrapper-1.36ubuntu1 dpkg-source: info: unpacking hardening-wrapper_1.36ubuntu1.tar.gz dpkg-buildpackage: export CFLAGS from dpkg-buildflags (origin: vendor): -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security dpkg-buildpackage: export CPPFLAGS from dpkg-buildflags (origin: vendor): -D_FORTIFY_SOURCE=2 dpkg-buildpackage: export CXXFLAGS from dpkg-buildflags (origin: vendor): -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security dpkg-buildpackage: export FFLAGS from dpkg-buildflags (origin: vendor): -g -O2 dpkg-buildpackage: export LDFLAGS from dpkg-buildflags (origin: vendor): -Wl,-Bsymbolic-functions -Wl,-z,relro dpkg-buildpackage: source package hardening-wrapper dpkg-buildpackage: source version 1.36ubuntu1 dpkg-source --before-build hardening-wrapper-1.36ubuntu1 dpkg-buildpackage: host architecture i386 /usr/bin/fakeroot debian/rules clean dh_testdir dh_testroot rm -f build-stamp test-stamp rm -rf build-tree rm -f hardened-c++.1 hardening-wrapper.1 hardening-check.1 dh_clean debian/rules build # Building dh_testdir mkdir -p build-tree install hardened-cc hardened-ld build-tree # Set defaults, based on OS and ARCH perl -pi -e 's/ #OS#/ '"linux"'/; s/ #ARCH#/ '"i386"'/;' build-tree/hardened-cc build-tree/hardened-ld perl -pi -e "s/default{'DEB_BUILD_HARDENING_PIE'}=1;/default{'DEB_BUILD_HARDENING_PIE'}=1;/;" build-tree/hardened-cc build-tree/hardened-ld perl -pi -e "s/default{'DEB_BUILD_HARDENING_STACKPROTECTOR'}=1;/default{'DEB_BUILD_HARDENING_STACKPROTECTOR'}=1;/;" build-tree/hardened-cc build-tree/hardened-ld # Duplicate cc wrapper to c++ cp build-tree/hardened-cc build-tree/hardened-c++ perl -pi -e 's/hardened-cc/hardened-c++/g; s|/usr/bin/cc|/usr/bin/c++|g;' build-tree/hardened-c++ # Set up man pages ln -sf hardened-cc.1 hardening-wrapper.1 cp hardened-cc.1 hardened-c++.1 perl -pi -e 's/hardened-cc/hardened-c++/g; s/gcc/g++/g;' hardened-c++.1 pod2man hardening-check > hardening-check.1 # Done building touch build-stamp make -C tests check make[1]: Entering directory `/build/buildd/hardening-wrapper-1.36ubuntu1/tests' # Check the stack protector and PIE options directly, just to have # a historical record in the build logs. cc -Wall -fstack-protector hello.c -o ../build-tree/cc-test || true ../build-tree/cc-test || true ../build-tree/cc-test: ok (0x8048464) cc -Wall -fPIE -pie hello.c -o ../build-tree/cc-test || true ../build-tree/cc-test || true ../build-tree/cc-test: ok (0x555555bc) ../build-tree/cc-test || true ../build-tree/cc-test: ok (0x555555bc) make -f Makefile.wrapper check make[2]: Entering directory `/build/buildd/hardening-wrapper-1.36ubuntu1/tests' # Test basic perl syntax for script in ../build-tree/hardened-cc ../build-tree/hardened-ld ../build-tree/hardened-c++; do perl -c $script; done ../build-tree/hardened-cc syntax OK ../build-tree/hardened-ld syntax OK ../build-tree/hardened-c++ syntax OK touch syntax.stamp # Compiler and linker options disabled. DEB_BUILD_HARDENING=0 ../build-tree/hardened-cc -B ../build-tree/ -o ../build-tree/wrapper-test-stock hello.c /usr/bin/gcc-4.6 -B ../build-tree/ -o ../build-tree/wrapper-test-stock hello.c readelf -ldrsW ../build-tree/wrapper-test-stock Elf file type is EXEC (Executable file) Entry point 0x80483b0 There are 9 program headers, starting at offset 52 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000034 0x08048034 0x08048034 0x00120 0x00120 R E 0x4 INTERP 0x000154 0x08048154 0x08048154 0x00013 0x00013 R 0x1 [Requesting program interpreter: /lib/ld-linux.so.2] LOAD 0x000000 0x08048000 0x08048000 0x00700 0x00700 R E 0x1000 LOAD 0x000f14 0x08049f14 0x08049f14 0x00108 0x00110 RW 0x1000 DYNAMIC 0x000f28 0x08049f28 0x08049f28 0x000c8 0x000c8 RW 0x4 NOTE 0x000168 0x08048168 0x08048168 0x00044 0x00044 R 0x4 GNU_EH_FRAME 0x0005e0 0x080485e0 0x080485e0 0x0003c 0x0003c R 0x4 GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4 GNU_RELRO 0x000f14 0x08049f14 0x08049f14 0x000ec 0x000ec R 0x1 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .ctors .dtors .jcr .dynamic .got Dynamic section at offset 0xf28 contains 20 entries: Tag Type Name/Value 0x00000001 (NEEDED) Shared library: [libc.so.6] 0x0000000c (INIT) 0x8048314 0x0000000d (FINI) 0x80485ac 0x6ffffef5 (GNU_HASH) 0x80481ac 0x00000005 (STRTAB) 0x804823c 0x00000006 (SYMTAB) 0x80481cc 0x0000000a (STRSZ) 105 (bytes) 0x0000000b (SYMENT) 16 (bytes) 0x00000015 (DEBUG) 0x0 0x00000003 (PLTGOT) 0x8049ff4 0x00000002 (PLTRELSZ) 40 (bytes) 0x00000014 (PLTREL) REL 0x00000017 (JMPREL) 0x80482ec 0x00000011 (REL) 0x80482e4 0x00000012 (RELSZ) 8 (bytes) 0x00000013 (RELENT) 8 (bytes) 0x6ffffffe (VERNEED) 0x80482b4 0x6fffffff (VERNEEDNUM) 1 0x6ffffff0 (VERSYM) 0x80482a6 0x00000000 (NULL) 0x0 Relocation section '.rel.dyn' at offset 0x2e4 contains 1 entries: Offset Info Type Sym. Value Symbol's Name 08049ff0 00000306 R_386_GLOB_DAT 00000000 __gmon_start__ Relocation section '.rel.plt' at offset 0x2ec contains 5 entries: Offset Info Type Sym. Value Symbol's Name 0804a000 00000107 R_386_JUMP_SLOT 00000000 printf 0804a004 00000207 R_386_JUMP_SLOT 00000000 __stack_chk_fail 0804a008 00000307 R_386_JUMP_SLOT 00000000 __gmon_start__ 0804a00c 00000407 R_386_JUMP_SLOT 00000000 __libc_start_main 0804a010 00000507 R_386_JUMP_SLOT 00000000 snprintf Symbol table '.dynsym' contains 7 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000000 0 FUNC GLOBAL DEFAULT UND printf@GLIBC_2.0 (2) 2: 00000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@GLIBC_2.4 (3) 3: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 4: 00000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (2) 5: 00000000 0 FUNC GLOBAL DEFAULT UND snprintf@GLIBC_2.0 (2) 6: 080485cc 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used Symbol table '.symtab' contains 68 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 08048154 0 SECTION LOCAL DEFAULT 1 2: 08048168 0 SECTION LOCAL DEFAULT 2 3: 08048188 0 SECTION LOCAL DEFAULT 3 4: 080481ac 0 SECTION LOCAL DEFAULT 4 5: 080481cc 0 SECTION LOCAL DEFAULT 5 6: 0804823c 0 SECTION LOCAL DEFAULT 6 7: 080482a6 0 SECTION LOCAL DEFAULT 7 8: 080482b4 0 SECTION LOCAL DEFAULT 8 9: 080482e4 0 SECTION LOCAL DEFAULT 9 10: 080482ec 0 SECTION LOCAL DEFAULT 10 11: 08048314 0 SECTION LOCAL DEFAULT 11 12: 08048350 0 SECTION LOCAL DEFAULT 12 13: 080483b0 0 SECTION LOCAL DEFAULT 13 14: 080485ac 0 SECTION LOCAL DEFAULT 14 15: 080485c8 0 SECTION LOCAL DEFAULT 15 16: 080485e0 0 SECTION LOCAL DEFAULT 16 17: 0804861c 0 SECTION LOCAL DEFAULT 17 18: 08049f14 0 SECTION LOCAL DEFAULT 18 19: 08049f1c 0 SECTION LOCAL DEFAULT 19 20: 08049f24 0 SECTION LOCAL DEFAULT 20 21: 08049f28 0 SECTION LOCAL DEFAULT 21 22: 08049ff0 0 SECTION LOCAL DEFAULT 22 23: 08049ff4 0 SECTION LOCAL DEFAULT 23 24: 0804a014 0 SECTION LOCAL DEFAULT 24 25: 0804a01c 0 SECTION LOCAL DEFAULT 25 26: 00000000 0 SECTION LOCAL DEFAULT 26 27: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 28: 08049f14 0 OBJECT LOCAL DEFAULT 18 __CTOR_LIST__ 29: 08049f1c 0 OBJECT LOCAL DEFAULT 19 __DTOR_LIST__ 30: 08049f24 0 OBJECT LOCAL DEFAULT 20 __JCR_LIST__ 31: 080483e0 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux 32: 0804a01c 1 OBJECT LOCAL DEFAULT 25 completed.6159 33: 0804a020 4 OBJECT LOCAL DEFAULT 25 dtor_idx.6161 34: 08048440 0 FUNC LOCAL DEFAULT 13 frame_dummy 35: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 36: 08049f18 0 OBJECT LOCAL DEFAULT 18 __CTOR_END__ 37: 080486fc 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ 38: 08049f24 0 OBJECT LOCAL DEFAULT 20 __JCR_END__ 39: 08048580 0 FUNC LOCAL DEFAULT 13 __do_global_ctors_aux 40: 00000000 0 FILE LOCAL DEFAULT ABS hello.c 41: 08049f14 0 NOTYPE LOCAL DEFAULT 18 __init_array_end 42: 08049f28 0 OBJECT LOCAL DEFAULT 21 _DYNAMIC 43: 08049f14 0 NOTYPE LOCAL DEFAULT 18 __init_array_start 44: 08049ff4 0 OBJECT LOCAL DEFAULT 23 _GLOBAL_OFFSET_TABLE_ 45: 08048570 2 FUNC GLOBAL DEFAULT 13 __libc_csu_fini 46: 08048572 0 FUNC GLOBAL HIDDEN 13 __i686.get_pc_thunk.bx 47: 0804a014 0 NOTYPE WEAK DEFAULT 24 data_start 48: 00000000 0 FUNC GLOBAL DEFAULT UND printf@@GLIBC_2.0 49: 0804a01c 0 NOTYPE GLOBAL DEFAULT ABS _edata 50: 080485ac 0 FUNC GLOBAL DEFAULT 14 _fini 51: 00000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@@GLIBC_2.4 52: 08049f20 0 OBJECT GLOBAL HIDDEN 19 __DTOR_END__ 53: 0804a014 0 NOTYPE GLOBAL DEFAULT 24 __data_start 54: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 55: 0804a018 0 OBJECT GLOBAL HIDDEN 24 __dso_handle 56: 08048464 120 FUNC GLOBAL DEFAULT 13 announcement 57: 080485cc 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 58: 00000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_2.0 59: 08048500 97 FUNC GLOBAL DEFAULT 13 __libc_csu_init 60: 00000000 0 FUNC GLOBAL DEFAULT UND snprintf@@GLIBC_2.0 61: 0804a024 0 NOTYPE GLOBAL DEFAULT ABS _end 62: 080483b0 0 FUNC GLOBAL DEFAULT 13 _start 63: 080485c8 4 OBJECT GLOBAL DEFAULT 15 _fp_hw 64: 0804a01c 0 NOTYPE GLOBAL DEFAULT ABS __bss_start 65: 080484dc 32 FUNC GLOBAL DEFAULT 13 main 66: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 67: 08048314 0 FUNC GLOBAL DEFAULT 11 _init ../build-tree/wrapper-test-stock ../build-tree/wrapper-test-stock: ok (0x8048464) # Compiler options enabled. (linker is not wrapper) ../build-tree/hardened-cc -B ../build-tree/ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-compiled hello.c /usr/bin/gcc-4.6 -fstack-protector --param ssp-buffer-size=4 -fPIE -pie -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-compiled hello.c readelf -ldrsW ../build-tree/wrapper-test-compiled Elf file type is DYN (Shared object file) Entry point 0x520 There are 9 program headers, starting at offset 52 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000034 0x00000034 0x00000034 0x00120 0x00120 R E 0x4 INTERP 0x000154 0x00000154 0x00000154 0x00013 0x00013 R 0x1 [Requesting program interpreter: /lib/ld-linux.so.2] LOAD 0x000000 0x00000000 0x00000000 0x008f4 0x008f4 R E 0x1000 LOAD 0x000f08 0x00001f08 0x00001f08 0x00118 0x00120 RW 0x1000 DYNAMIC 0x000f1c 0x00001f1c 0x00001f1c 0x000c8 0x000c8 RW 0x4 NOTE 0x000168 0x00000168 0x00000168 0x00044 0x00044 R 0x4 GNU_EH_FRAME 0x0007bc 0x000007bc 0x000007bc 0x0003c 0x0003c R 0x4 GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4 GNU_RELRO 0x000f08 0x00001f08 0x00001f08 0x000f8 0x000f8 R 0x1 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .ctors .dtors .jcr .dynamic .got Dynamic section at offset 0xf1c contains 21 entries: Tag Type Name/Value 0x00000001 (NEEDED) Shared library: [libc.so.6] 0x0000000c (INIT) 0x45c 0x0000000d (FINI) 0x788 0x6ffffef5 (GNU_HASH) 0x1ac 0x00000005 (STRTAB) 0x2c8 0x00000006 (SYMTAB) 0x1e8 0x0000000a (STRSZ) 208 (bytes) 0x0000000b (SYMENT) 16 (bytes) 0x00000015 (DEBUG) 0x0 0x00000003 (PLTGOT) 0x1ff4 0x00000002 (PLTRELSZ) 48 (bytes) 0x00000014 (PLTREL) REL 0x00000017 (JMPREL) 0x42c 0x00000011 (REL) 0x404 0x00000012 (RELSZ) 40 (bytes) 0x00000013 (RELENT) 8 (bytes) 0x6ffffffe (VERNEED) 0x3b4 0x6fffffff (VERNEEDNUM) 1 0x6ffffff0 (VERSYM) 0x398 0x6ffffffa (RELCOUNT) 2 0x00000000 (NULL) 0x0 Relocation section '.rel.dyn' at offset 0x404 contains 5 entries: Offset Info Type Sym. Value Symbol's Name 00001fec 00000008 R_386_RELATIVE 0000201c 00000008 R_386_RELATIVE 00001fe4 00000206 R_386_GLOB_DAT 00000000 __cxa_finalize 00001fe8 00000306 R_386_GLOB_DAT 00000000 __gmon_start__ 00001ff0 00000706 R_386_GLOB_DAT 00000000 _Jv_RegisterClasses Relocation section '.rel.plt' at offset 0x42c contains 6 entries: Offset Info Type Sym. Value Symbol's Name 00002000 00000107 R_386_JUMP_SLOT 00000000 __stack_chk_fail 00002004 00000207 R_386_JUMP_SLOT 00000000 __cxa_finalize 00002008 00000307 R_386_JUMP_SLOT 00000000 __gmon_start__ 0000200c 00000407 R_386_JUMP_SLOT 00000000 __libc_start_main 00002010 00000507 R_386_JUMP_SLOT 00000000 snprintf 00002014 00000607 R_386_JUMP_SLOT 00000000 __printf_chk Symbol table '.dynsym' contains 14 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@GLIBC_2.4 (2) 2: 00000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.1.3 (3) 3: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 4: 00000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (4) 5: 00000000 0 FUNC GLOBAL DEFAULT UND snprintf@GLIBC_2.0 (4) 6: 00000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@GLIBC_2.3.4 (5) 7: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 8: 00002020 0 NOTYPE GLOBAL DEFAULT ABS _edata 9: 00002028 0 NOTYPE GLOBAL DEFAULT ABS _end 10: 000007a8 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 11: 000007a4 4 OBJECT GLOBAL DEFAULT 15 _fp_hw 12: 00002020 0 NOTYPE GLOBAL DEFAULT ABS __bss_start 13: 00000500 32 FUNC GLOBAL DEFAULT 13 main Symbol table '.symtab' contains 77 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000154 0 SECTION LOCAL DEFAULT 1 2: 00000168 0 SECTION LOCAL DEFAULT 2 3: 00000188 0 SECTION LOCAL DEFAULT 3 4: 000001ac 0 SECTION LOCAL DEFAULT 4 5: 000001e8 0 SECTION LOCAL DEFAULT 5 6: 000002c8 0 SECTION LOCAL DEFAULT 6 7: 00000398 0 SECTION LOCAL DEFAULT 7 8: 000003b4 0 SECTION LOCAL DEFAULT 8 9: 00000404 0 SECTION LOCAL DEFAULT 9 10: 0000042c 0 SECTION LOCAL DEFAULT 10 11: 0000045c 0 SECTION LOCAL DEFAULT 11 12: 00000490 0 SECTION LOCAL DEFAULT 12 13: 00000500 0 SECTION LOCAL DEFAULT 13 14: 00000788 0 SECTION LOCAL DEFAULT 14 15: 000007a4 0 SECTION LOCAL DEFAULT 15 16: 000007bc 0 SECTION LOCAL DEFAULT 16 17: 000007f8 0 SECTION LOCAL DEFAULT 17 18: 00001f08 0 SECTION LOCAL DEFAULT 18 19: 00001f10 0 SECTION LOCAL DEFAULT 19 20: 00001f18 0 SECTION LOCAL DEFAULT 20 21: 00001f1c 0 SECTION LOCAL DEFAULT 21 22: 00001fe4 0 SECTION LOCAL DEFAULT 22 23: 00001ff4 0 SECTION LOCAL DEFAULT 23 24: 00002018 0 SECTION LOCAL DEFAULT 24 25: 00002020 0 SECTION LOCAL DEFAULT 25 26: 00000000 0 SECTION LOCAL DEFAULT 26 27: 00000000 0 SECTION LOCAL DEFAULT 27 28: 00000000 0 SECTION LOCAL DEFAULT 28 29: 00000000 0 SECTION LOCAL DEFAULT 29 30: 00000000 0 SECTION LOCAL DEFAULT 30 31: 00000000 0 SECTION LOCAL DEFAULT 31 32: 00000000 0 SECTION LOCAL DEFAULT 32 33: 00000000 0 SECTION LOCAL DEFAULT 33 34: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 35: 00001f08 0 OBJECT LOCAL DEFAULT 18 __CTOR_LIST__ 36: 00001f10 0 OBJECT LOCAL DEFAULT 19 __DTOR_LIST__ 37: 00001f18 0 OBJECT LOCAL DEFAULT 20 __JCR_LIST__ 38: 00000560 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux 39: 00002020 1 OBJECT LOCAL DEFAULT 25 completed.6159 40: 00002024 4 OBJECT LOCAL DEFAULT 25 dtor_idx.6161 41: 000005e0 0 FUNC LOCAL DEFAULT 13 frame_dummy 42: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 43: 00001f0c 0 OBJECT LOCAL DEFAULT 18 __CTOR_END__ 44: 000008f0 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ 45: 00001f18 0 OBJECT LOCAL DEFAULT 20 __JCR_END__ 46: 00000750 0 FUNC LOCAL DEFAULT 13 __do_global_ctors_aux 47: 00000000 0 FILE LOCAL DEFAULT ABS hello.c 48: 00001f14 0 OBJECT LOCAL DEFAULT 19 __DTOR_END__ 49: 00001f08 0 NOTYPE LOCAL DEFAULT 18 __init_array_end 50: 0000201c 0 OBJECT LOCAL DEFAULT 24 __dso_handle 51: 00001f1c 0 OBJECT LOCAL DEFAULT ABS _DYNAMIC 52: 00001f08 0 NOTYPE LOCAL DEFAULT 18 __init_array_start 53: 00001ff4 0 OBJECT LOCAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_ 54: 00000720 2 FUNC GLOBAL DEFAULT 13 __libc_csu_fini 55: 00000617 0 FUNC GLOBAL HIDDEN 13 __i686.get_pc_thunk.bx 56: 00002018 0 NOTYPE WEAK DEFAULT 24 data_start 57: 00002020 0 NOTYPE GLOBAL DEFAULT ABS _edata 58: 00000788 0 FUNC GLOBAL DEFAULT 14 _fini 59: 00000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@@GLIBC_2.4 60: 00000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@@GLIBC_2.1.3 61: 00002018 0 NOTYPE GLOBAL DEFAULT 24 __data_start 62: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 63: 00000620 141 FUNC GLOBAL DEFAULT 13 announcement 64: 000007a8 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 65: 00000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_2.0 66: 000006b0 97 FUNC GLOBAL DEFAULT 13 __libc_csu_init 67: 00000000 0 FUNC GLOBAL DEFAULT UND snprintf@@GLIBC_2.0 68: 00002028 0 NOTYPE GLOBAL DEFAULT ABS _end 69: 00000520 0 FUNC GLOBAL DEFAULT 13 _start 70: 000007a4 4 OBJECT GLOBAL DEFAULT 15 _fp_hw 71: 00002020 0 NOTYPE GLOBAL DEFAULT ABS __bss_start 72: 00000500 32 FUNC GLOBAL DEFAULT 13 main 73: 00000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@@GLIBC_2.3.4 74: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 75: 00000730 20 FUNC GLOBAL HIDDEN 13 __stack_chk_fail_local 76: 0000045c 0 FUNC GLOBAL DEFAULT 11 _init # Run twice to show off PIE, if available in kernel ../build-tree/wrapper-test-compiled ../build-tree/wrapper-test-compiled: ok (0x55555620) ../build-tree/wrapper-test-compiled ../build-tree/wrapper-test-compiled: ok (0x55555620) # Enable symlink for ld to trick gcc into doing wrapped linking (cd ../build-tree && ln -s hardened-ld ld) (cd ../build-tree && ln -s hardened-ld ld.gold) # Compiler and linker options enabled. ../build-tree/hardened-cc -B ../build-tree/ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-linked hello.c /usr/bin/gcc-4.6 -fstack-protector --param ssp-buffer-size=4 -fPIE -pie -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-linked hello.c /usr/bin/ld.bfd -z now --sysroot=/ --build-id --no-add-needed --as-needed --eh-frame-hdr -m elf_i386 --hash-style=gnu -dynamic-linker /lib/ld-linux.so.2 -pie -z relro -o ../build-tree/wrapper-test-linked /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/Scrt1.o /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/crti.o /usr/lib/gcc/i686-linux-gnu/4.6/crtbeginS.o -L../build-tree -L/usr/lib/gcc/i686-linux-gnu/4.6 -L/usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu -L/usr/lib/gcc/i686-linux-gnu/4.6/../../../../lib -L/lib/i386-linux-gnu -L/lib/../lib -L/usr/lib/i386-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/i686-linux-gnu/4.6/../../.. -Bsymbolic-functions -z relro /tmp/ccplyQCb.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/i686-linux-gnu/4.6/crtendS.o /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/crtn.o readelf -ldrsW ../build-tree/wrapper-test-linked Elf file type is DYN (Shared object file) Entry point 0x520 There are 9 program headers, starting at offset 52 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000034 0x00000034 0x00000034 0x00120 0x00120 R E 0x4 INTERP 0x000154 0x00000154 0x00000154 0x00013 0x00013 R 0x1 [Requesting program interpreter: /lib/ld-linux.so.2] LOAD 0x000000 0x00000000 0x00000000 0x008f4 0x008f4 R E 0x1000 LOAD 0x000ee0 0x00001ee0 0x00001ee0 0x00128 0x00130 RW 0x1000 DYNAMIC 0x000ef4 0x00001ef4 0x00001ef4 0x000d8 0x000d8 RW 0x4 NOTE 0x000168 0x00000168 0x00000168 0x00044 0x00044 R 0x4 GNU_EH_FRAME 0x0007bc 0x000007bc 0x000007bc 0x0003c 0x0003c R 0x4 GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4 GNU_RELRO 0x000ee0 0x00001ee0 0x00001ee0 0x00120 0x00120 R 0x1 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03 .ctors .dtors .jcr .dynamic .got .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .ctors .dtors .jcr .dynamic .got Dynamic section at offset 0xef4 contains 23 entries: Tag Type Name/Value 0x00000001 (NEEDED) Shared library: [libc.so.6] 0x0000000c (INIT) 0x45c 0x0000000d (FINI) 0x788 0x6ffffef5 (GNU_HASH) 0x1ac 0x00000005 (STRTAB) 0x2c8 0x00000006 (SYMTAB) 0x1e8 0x0000000a (STRSZ) 208 (bytes) 0x0000000b (SYMENT) 16 (bytes) 0x00000015 (DEBUG) 0x0 0x00000003 (PLTGOT) 0x1fcc 0x00000002 (PLTRELSZ) 48 (bytes) 0x00000014 (PLTREL) REL 0x00000017 (JMPREL) 0x42c 0x00000011 (REL) 0x404 0x00000012 (RELSZ) 40 (bytes) 0x00000013 (RELENT) 8 (bytes) 0x00000018 (BIND_NOW) 0x6ffffffb (FLAGS_1) Flags: NOW 0x6ffffffe (VERNEED) 0x3b4 0x6fffffff (VERNEEDNUM) 1 0x6ffffff0 (VERSYM) 0x398 0x6ffffffa (RELCOUNT) 2 0x00000000 (NULL) 0x0 Relocation section '.rel.dyn' at offset 0x404 contains 5 entries: Offset Info Type Sym. Value Symbol's Name 00001ff8 00000008 R_386_RELATIVE 00002004 00000008 R_386_RELATIVE 00001ff0 00000206 R_386_GLOB_DAT 00000000 __cxa_finalize 00001ff4 00000306 R_386_GLOB_DAT 00000000 __gmon_start__ 00001ffc 00000706 R_386_GLOB_DAT 00000000 _Jv_RegisterClasses Relocation section '.rel.plt' at offset 0x42c contains 6 entries: Offset Info Type Sym. Value Symbol's Name 00001fd8 00000107 R_386_JUMP_SLOT 00000000 __stack_chk_fail 00001fdc 00000207 R_386_JUMP_SLOT 00000000 __cxa_finalize 00001fe0 00000307 R_386_JUMP_SLOT 00000000 __gmon_start__ 00001fe4 00000407 R_386_JUMP_SLOT 00000000 __libc_start_main 00001fe8 00000507 R_386_JUMP_SLOT 00000000 snprintf 00001fec 00000607 R_386_JUMP_SLOT 00000000 __printf_chk Symbol table '.dynsym' contains 14 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@GLIBC_2.4 (2) 2: 00000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.1.3 (3) 3: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 4: 00000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (4) 5: 00000000 0 FUNC GLOBAL DEFAULT UND snprintf@GLIBC_2.0 (4) 6: 00000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@GLIBC_2.3.4 (5) 7: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 8: 00002008 0 NOTYPE GLOBAL DEFAULT ABS _edata 9: 00002010 0 NOTYPE GLOBAL DEFAULT ABS _end 10: 000007a8 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 11: 000007a4 4 OBJECT GLOBAL DEFAULT 15 _fp_hw 12: 00002008 0 NOTYPE GLOBAL DEFAULT ABS __bss_start 13: 00000500 32 FUNC GLOBAL DEFAULT 13 main Symbol table '.symtab' contains 76 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000154 0 SECTION LOCAL DEFAULT 1 2: 00000168 0 SECTION LOCAL DEFAULT 2 3: 00000188 0 SECTION LOCAL DEFAULT 3 4: 000001ac 0 SECTION LOCAL DEFAULT 4 5: 000001e8 0 SECTION LOCAL DEFAULT 5 6: 000002c8 0 SECTION LOCAL DEFAULT 6 7: 00000398 0 SECTION LOCAL DEFAULT 7 8: 000003b4 0 SECTION LOCAL DEFAULT 8 9: 00000404 0 SECTION LOCAL DEFAULT 9 10: 0000042c 0 SECTION LOCAL DEFAULT 10 11: 0000045c 0 SECTION LOCAL DEFAULT 11 12: 00000490 0 SECTION LOCAL DEFAULT 12 13: 00000500 0 SECTION LOCAL DEFAULT 13 14: 00000788 0 SECTION LOCAL DEFAULT 14 15: 000007a4 0 SECTION LOCAL DEFAULT 15 16: 000007bc 0 SECTION LOCAL DEFAULT 16 17: 000007f8 0 SECTION LOCAL DEFAULT 17 18: 00001ee0 0 SECTION LOCAL DEFAULT 18 19: 00001ee8 0 SECTION LOCAL DEFAULT 19 20: 00001ef0 0 SECTION LOCAL DEFAULT 20 21: 00001ef4 0 SECTION LOCAL DEFAULT 21 22: 00001fcc 0 SECTION LOCAL DEFAULT 22 23: 00002000 0 SECTION LOCAL DEFAULT 23 24: 00002008 0 SECTION LOCAL DEFAULT 24 25: 00000000 0 SECTION LOCAL DEFAULT 25 26: 00000000 0 SECTION LOCAL DEFAULT 26 27: 00000000 0 SECTION LOCAL DEFAULT 27 28: 00000000 0 SECTION LOCAL DEFAULT 28 29: 00000000 0 SECTION LOCAL DEFAULT 29 30: 00000000 0 SECTION LOCAL DEFAULT 30 31: 00000000 0 SECTION LOCAL DEFAULT 31 32: 00000000 0 SECTION LOCAL DEFAULT 32 33: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 34: 00001ee0 0 OBJECT LOCAL DEFAULT 18 __CTOR_LIST__ 35: 00001ee8 0 OBJECT LOCAL DEFAULT 19 __DTOR_LIST__ 36: 00001ef0 0 OBJECT LOCAL DEFAULT 20 __JCR_LIST__ 37: 00000560 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux 38: 00002008 1 OBJECT LOCAL DEFAULT 24 completed.6159 39: 0000200c 4 OBJECT LOCAL DEFAULT 24 dtor_idx.6161 40: 000005e0 0 FUNC LOCAL DEFAULT 13 frame_dummy 41: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 42: 00001ee4 0 OBJECT LOCAL DEFAULT 18 __CTOR_END__ 43: 000008f0 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ 44: 00001ef0 0 OBJECT LOCAL DEFAULT 20 __JCR_END__ 45: 00000750 0 FUNC LOCAL DEFAULT 13 __do_global_ctors_aux 46: 00000000 0 FILE LOCAL DEFAULT ABS hello.c 47: 00001eec 0 OBJECT LOCAL DEFAULT 19 __DTOR_END__ 48: 00001ee0 0 NOTYPE LOCAL DEFAULT 18 __init_array_end 49: 00002004 0 OBJECT LOCAL DEFAULT 23 __dso_handle 50: 00001ef4 0 OBJECT LOCAL DEFAULT ABS _DYNAMIC 51: 00001ee0 0 NOTYPE LOCAL DEFAULT 18 __init_array_start 52: 00001fcc 0 OBJECT LOCAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_ 53: 00000720 2 FUNC GLOBAL DEFAULT 13 __libc_csu_fini 54: 00000617 0 FUNC GLOBAL HIDDEN 13 __i686.get_pc_thunk.bx 55: 00002000 0 NOTYPE WEAK DEFAULT 23 data_start 56: 00002008 0 NOTYPE GLOBAL DEFAULT ABS _edata 57: 00000788 0 FUNC GLOBAL DEFAULT 14 _fini 58: 00000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@@GLIBC_2.4 59: 00000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@@GLIBC_2.1.3 60: 00002000 0 NOTYPE GLOBAL DEFAULT 23 __data_start 61: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 62: 00000620 141 FUNC GLOBAL DEFAULT 13 announcement 63: 000007a8 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 64: 00000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_2.0 65: 000006b0 97 FUNC GLOBAL DEFAULT 13 __libc_csu_init 66: 00000000 0 FUNC GLOBAL DEFAULT UND snprintf@@GLIBC_2.0 67: 00002010 0 NOTYPE GLOBAL DEFAULT ABS _end 68: 00000520 0 FUNC GLOBAL DEFAULT 13 _start 69: 000007a4 4 OBJECT GLOBAL DEFAULT 15 _fp_hw 70: 00002008 0 NOTYPE GLOBAL DEFAULT ABS __bss_start 71: 00000500 32 FUNC GLOBAL DEFAULT 13 main 72: 00000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@@GLIBC_2.3.4 73: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 74: 00000730 20 FUNC GLOBAL HIDDEN 13 __stack_chk_fail_local 75: 0000045c 0 FUNC GLOBAL DEFAULT 11 _init # Run twice to show off PIE, if available in kernel ../build-tree/wrapper-test-linked ../build-tree/wrapper-test-linked: ok (0x55555620) ../build-tree/wrapper-test-linked ../build-tree/wrapper-test-linked: ok (0x55555620) # Check state of hardening features via check script perl ../hardening-check ../build-tree/wrapper-test-linked ../build-tree/wrapper-test-linked: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes # Manually check state of hardening features # Test PIE readelf -lW ../build-tree/wrapper-test-linked | grep '^Elf file type is DYN' Elf file type is DYN (Shared object file) # Test Stack Protector nm ../build-tree/wrapper-test-linked | egrep '__stack_chk_fail($|@@GLIBC)' U __stack_chk_fail@@GLIBC_2.4 # Test Fortify nm ../build-tree/wrapper-test-linked | egrep '__(sn)?printf_chk($|@@GLIBC)' U __printf_chk@@GLIBC_2.3.4 # Test Format (no-op currently) # Test for RELRO readelf -lW ../build-tree/wrapper-test-linked | grep GNU_RELRO GNU_RELRO 0x000ee0 0x00001ee0 0x00001ee0 0x00120 0x00120 R 0x1 # Test for BIND_NOW readelf -dW ../build-tree/wrapper-test-linked | grep BIND_NOW 0x00000018 (BIND_NOW) # Build directly with -fPIC already defined ../build-tree/hardened-cc -B ../build-tree/ -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-fPIC-direct hello.c /usr/bin/gcc-4.6 -fstack-protector --param ssp-buffer-size=4 -pie -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-fPIC-direct hello.c /usr/bin/ld.bfd -z now --sysroot=/ --build-id --no-add-needed --as-needed --eh-frame-hdr -m elf_i386 --hash-style=gnu -dynamic-linker /lib/ld-linux.so.2 -pie -z relro -o ../build-tree/wrapper-test-fPIC-direct /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/Scrt1.o /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/crti.o /usr/lib/gcc/i686-linux-gnu/4.6/crtbeginS.o -L../build-tree -L/usr/lib/gcc/i686-linux-gnu/4.6 -L/usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu -L/usr/lib/gcc/i686-linux-gnu/4.6/../../../../lib -L/lib/i386-linux-gnu -L/lib/../lib -L/usr/lib/i386-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/i686-linux-gnu/4.6/../../.. -Bsymbolic-functions -z relro /tmp/ccztqhEo.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/i686-linux-gnu/4.6/crtendS.o /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/crtn.o ../build-tree/wrapper-test-fPIC-direct ../build-tree/wrapper-test-fPIC-direct: ok (0x55555660) # Build .o with -fPIC already defined ../build-tree/hardened-cc -B ../build-tree/ -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-fPIC.o -c hello.c /usr/bin/gcc-4.6 -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-fPIC.o -c hello.c # Link .o with -fPIC already defined ../build-tree/hardened-cc -B ../build-tree/ -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-fPIC ../build-tree/wrapper-test-fPIC.o /usr/bin/gcc-4.6 -fstack-protector --param ssp-buffer-size=4 -pie -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-fPIC ../build-tree/wrapper-test-fPIC.o /usr/bin/ld.bfd -z now --sysroot=/ --build-id --no-add-needed --as-needed --eh-frame-hdr -m elf_i386 --hash-style=gnu -dynamic-linker /lib/ld-linux.so.2 -pie -z relro -o ../build-tree/wrapper-test-fPIC /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/Scrt1.o /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/crti.o /usr/lib/gcc/i686-linux-gnu/4.6/crtbeginS.o -L../build-tree -L/usr/lib/gcc/i686-linux-gnu/4.6 -L/usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu -L/usr/lib/gcc/i686-linux-gnu/4.6/../../../../lib -L/lib/i386-linux-gnu -L/lib/../lib -L/usr/lib/i386-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/i686-linux-gnu/4.6/../../.. -Bsymbolic-functions -z relro ../build-tree/wrapper-test-fPIC.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/i686-linux-gnu/4.6/crtendS.o /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/crtn.o ../build-tree/wrapper-test-fPIC ../build-tree/wrapper-test-fPIC: ok (0x55555660) # Make sure build fails due to -Werror=format-security ! ../build-tree/hardened-cc -B ../build-tree/ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-format-security format.c /usr/bin/gcc-4.6 -fstack-protector --param ssp-buffer-size=4 -fPIE -pie -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-format-security format.c format.c: In function 'main': format.c:11:5: error: format not a string literal and no format arguments [-Werror=format-security] cc1: some warnings being treated as errors # Make sure build succeeds with -Wno-format-security ../build-tree/hardened-cc -B ../build-tree/ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wno-format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-format-security format.c /usr/bin/gcc-4.6 -fstack-protector --param ssp-buffer-size=4 -fPIE -pie -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wno-format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-format-security format.c /usr/bin/ld.bfd -z now --sysroot=/ --build-id --no-add-needed --as-needed --eh-frame-hdr -m elf_i386 --hash-style=gnu -dynamic-linker /lib/ld-linux.so.2 -pie -z relro -o ../build-tree/wrapper-test-format-security /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/Scrt1.o /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/crti.o /usr/lib/gcc/i686-linux-gnu/4.6/crtbeginS.o -L../build-tree -L/usr/lib/gcc/i686-linux-gnu/4.6 -L/usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu -L/usr/lib/gcc/i686-linux-gnu/4.6/../../../../lib -L/lib/i386-linux-gnu -L/lib/../lib -L/usr/lib/i386-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/i686-linux-gnu/4.6/../../.. -Bsymbolic-functions -z relro /tmp/ccHnGrKr.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/i686-linux-gnu/4.6/crtendS.o /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/crtn.o # Make sure build stack-protects a small ssp buffer ../build-tree/hardened-cc -B ../build-tree/ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-ssp-buffer-size-protect ssp-buffer-size-protect.c /usr/bin/gcc-4.6 -fstack-protector --param ssp-buffer-size=4 -fPIE -pie -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-ssp-buffer-size-protect ssp-buffer-size-protect.c /usr/bin/ld.bfd -z now --sysroot=/ --build-id --no-add-needed --as-needed --eh-frame-hdr -m elf_i386 --hash-style=gnu -dynamic-linker /lib/ld-linux.so.2 -pie -z relro -o ../build-tree/wrapper-test-ssp-buffer-size-protect /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/Scrt1.o /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/crti.o /usr/lib/gcc/i686-linux-gnu/4.6/crtbeginS.o -L../build-tree -L/usr/lib/gcc/i686-linux-gnu/4.6 -L/usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu -L/usr/lib/gcc/i686-linux-gnu/4.6/../../../../lib -L/lib/i386-linux-gnu -L/lib/../lib -L/usr/lib/i386-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/i686-linux-gnu/4.6/../../.. -Bsymbolic-functions -z relro /tmp/ccrVC8Gw.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/i686-linux-gnu/4.6/crtendS.o /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/crtn.o # Test Stack Protector nm ../build-tree/wrapper-test-ssp-buffer-size-protect | egrep '__stack_chk_fail($|@@GLIBC)' U __stack_chk_fail@@GLIBC_2.4 # Make sure build does not stack-protects a tiny ssp buffer ../build-tree/hardened-cc -B ../build-tree/ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-ssp-buffer-size-skip ssp-buffer-size-skip.c /usr/bin/gcc-4.6 -fstack-protector --param ssp-buffer-size=4 -fPIE -pie -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o ../build-tree/wrapper-test-ssp-buffer-size-skip ssp-buffer-size-skip.c /usr/bin/ld.bfd -z now --sysroot=/ --build-id --no-add-needed --as-needed --eh-frame-hdr -m elf_i386 --hash-style=gnu -dynamic-linker /lib/ld-linux.so.2 -pie -z relro -o ../build-tree/wrapper-test-ssp-buffer-size-skip /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/Scrt1.o /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/crti.o /usr/lib/gcc/i686-linux-gnu/4.6/crtbeginS.o -L../build-tree -L/usr/lib/gcc/i686-linux-gnu/4.6 -L/usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu -L/usr/lib/gcc/i686-linux-gnu/4.6/../../../../lib -L/lib/i386-linux-gnu -L/lib/../lib -L/usr/lib/i386-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/i686-linux-gnu/4.6/../../.. -Bsymbolic-functions -z relro /tmp/cc35HWrC.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/i686-linux-gnu/4.6/crtendS.o /usr/lib/gcc/i686-linux-gnu/4.6/../../../i386-linux-gnu/crtn.o # Test Stack Protector is correctly skipped ! nm ../build-tree/wrapper-test-ssp-buffer-size-skip | egrep '__stack_chk_fail($|@@GLIBC)' make[2]: Leaving directory `/build/buildd/hardening-wrapper-1.36ubuntu1/tests' make -f Makefile.includes check make[2]: Entering directory `/build/buildd/hardening-wrapper-1.36ubuntu1/tests' # Compiler and linker options disabled. DEB_BUILD_HARDENING=0 cc -o ../build-tree/includes-test-stock hello.c readelf -ldrsW ../build-tree/includes-test-stock Elf file type is EXEC (Executable file) Entry point 0x80483b0 There are 9 program headers, starting at offset 52 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000034 0x08048034 0x08048034 0x00120 0x00120 R E 0x4 INTERP 0x000154 0x08048154 0x08048154 0x00013 0x00013 R 0x1 [Requesting program interpreter: /lib/ld-linux.so.2] LOAD 0x000000 0x08048000 0x08048000 0x00700 0x00700 R E 0x1000 LOAD 0x000f14 0x08049f14 0x08049f14 0x00108 0x00110 RW 0x1000 DYNAMIC 0x000f28 0x08049f28 0x08049f28 0x000c8 0x000c8 RW 0x4 NOTE 0x000168 0x08048168 0x08048168 0x00044 0x00044 R 0x4 GNU_EH_FRAME 0x0005e0 0x080485e0 0x080485e0 0x0003c 0x0003c R 0x4 GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4 GNU_RELRO 0x000f14 0x08049f14 0x08049f14 0x000ec 0x000ec R 0x1 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .ctors .dtors .jcr .dynamic .got Dynamic section at offset 0xf28 contains 20 entries: Tag Type Name/Value 0x00000001 (NEEDED) Shared library: [libc.so.6] 0x0000000c (INIT) 0x8048314 0x0000000d (FINI) 0x80485ac 0x6ffffef5 (GNU_HASH) 0x80481ac 0x00000005 (STRTAB) 0x804823c 0x00000006 (SYMTAB) 0x80481cc 0x0000000a (STRSZ) 105 (bytes) 0x0000000b (SYMENT) 16 (bytes) 0x00000015 (DEBUG) 0x0 0x00000003 (PLTGOT) 0x8049ff4 0x00000002 (PLTRELSZ) 40 (bytes) 0x00000014 (PLTREL) REL 0x00000017 (JMPREL) 0x80482ec 0x00000011 (REL) 0x80482e4 0x00000012 (RELSZ) 8 (bytes) 0x00000013 (RELENT) 8 (bytes) 0x6ffffffe (VERNEED) 0x80482b4 0x6fffffff (VERNEEDNUM) 1 0x6ffffff0 (VERSYM) 0x80482a6 0x00000000 (NULL) 0x0 Relocation section '.rel.dyn' at offset 0x2e4 contains 1 entries: Offset Info Type Sym. Value Symbol's Name 08049ff0 00000306 R_386_GLOB_DAT 00000000 __gmon_start__ Relocation section '.rel.plt' at offset 0x2ec contains 5 entries: Offset Info Type Sym. Value Symbol's Name 0804a000 00000107 R_386_JUMP_SLOT 00000000 printf 0804a004 00000207 R_386_JUMP_SLOT 00000000 __stack_chk_fail 0804a008 00000307 R_386_JUMP_SLOT 00000000 __gmon_start__ 0804a00c 00000407 R_386_JUMP_SLOT 00000000 __libc_start_main 0804a010 00000507 R_386_JUMP_SLOT 00000000 snprintf Symbol table '.dynsym' contains 7 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000000 0 FUNC GLOBAL DEFAULT UND printf@GLIBC_2.0 (2) 2: 00000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@GLIBC_2.4 (3) 3: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 4: 00000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (2) 5: 00000000 0 FUNC GLOBAL DEFAULT UND snprintf@GLIBC_2.0 (2) 6: 080485cc 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used Symbol table '.symtab' contains 68 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 08048154 0 SECTION LOCAL DEFAULT 1 2: 08048168 0 SECTION LOCAL DEFAULT 2 3: 08048188 0 SECTION LOCAL DEFAULT 3 4: 080481ac 0 SECTION LOCAL DEFAULT 4 5: 080481cc 0 SECTION LOCAL DEFAULT 5 6: 0804823c 0 SECTION LOCAL DEFAULT 6 7: 080482a6 0 SECTION LOCAL DEFAULT 7 8: 080482b4 0 SECTION LOCAL DEFAULT 8 9: 080482e4 0 SECTION LOCAL DEFAULT 9 10: 080482ec 0 SECTION LOCAL DEFAULT 10 11: 08048314 0 SECTION LOCAL DEFAULT 11 12: 08048350 0 SECTION LOCAL DEFAULT 12 13: 080483b0 0 SECTION LOCAL DEFAULT 13 14: 080485ac 0 SECTION LOCAL DEFAULT 14 15: 080485c8 0 SECTION LOCAL DEFAULT 15 16: 080485e0 0 SECTION LOCAL DEFAULT 16 17: 0804861c 0 SECTION LOCAL DEFAULT 17 18: 08049f14 0 SECTION LOCAL DEFAULT 18 19: 08049f1c 0 SECTION LOCAL DEFAULT 19 20: 08049f24 0 SECTION LOCAL DEFAULT 20 21: 08049f28 0 SECTION LOCAL DEFAULT 21 22: 08049ff0 0 SECTION LOCAL DEFAULT 22 23: 08049ff4 0 SECTION LOCAL DEFAULT 23 24: 0804a014 0 SECTION LOCAL DEFAULT 24 25: 0804a01c 0 SECTION LOCAL DEFAULT 25 26: 00000000 0 SECTION LOCAL DEFAULT 26 27: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 28: 08049f14 0 OBJECT LOCAL DEFAULT 18 __CTOR_LIST__ 29: 08049f1c 0 OBJECT LOCAL DEFAULT 19 __DTOR_LIST__ 30: 08049f24 0 OBJECT LOCAL DEFAULT 20 __JCR_LIST__ 31: 080483e0 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux 32: 0804a01c 1 OBJECT LOCAL DEFAULT 25 completed.6159 33: 0804a020 4 OBJECT LOCAL DEFAULT 25 dtor_idx.6161 34: 08048440 0 FUNC LOCAL DEFAULT 13 frame_dummy 35: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 36: 08049f18 0 OBJECT LOCAL DEFAULT 18 __CTOR_END__ 37: 080486fc 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ 38: 08049f24 0 OBJECT LOCAL DEFAULT 20 __JCR_END__ 39: 08048580 0 FUNC LOCAL DEFAULT 13 __do_global_ctors_aux 40: 00000000 0 FILE LOCAL DEFAULT ABS hello.c 41: 08049f14 0 NOTYPE LOCAL DEFAULT 18 __init_array_end 42: 08049f28 0 OBJECT LOCAL DEFAULT 21 _DYNAMIC 43: 08049f14 0 NOTYPE LOCAL DEFAULT 18 __init_array_start 44: 08049ff4 0 OBJECT LOCAL DEFAULT 23 _GLOBAL_OFFSET_TABLE_ 45: 08048570 2 FUNC GLOBAL DEFAULT 13 __libc_csu_fini 46: 08048572 0 FUNC GLOBAL HIDDEN 13 __i686.get_pc_thunk.bx 47: 0804a014 0 NOTYPE WEAK DEFAULT 24 data_start 48: 00000000 0 FUNC GLOBAL DEFAULT UND printf@@GLIBC_2.0 49: 0804a01c 0 NOTYPE GLOBAL DEFAULT ABS _edata 50: 080485ac 0 FUNC GLOBAL DEFAULT 14 _fini 51: 00000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@@GLIBC_2.4 52: 08049f20 0 OBJECT GLOBAL HIDDEN 19 __DTOR_END__ 53: 0804a014 0 NOTYPE GLOBAL DEFAULT 24 __data_start 54: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 55: 0804a018 0 OBJECT GLOBAL HIDDEN 24 __dso_handle 56: 08048464 120 FUNC GLOBAL DEFAULT 13 announcement 57: 080485cc 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 58: 00000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_2.0 59: 08048500 97 FUNC GLOBAL DEFAULT 13 __libc_csu_init 60: 00000000 0 FUNC GLOBAL DEFAULT UND snprintf@@GLIBC_2.0 61: 0804a024 0 NOTYPE GLOBAL DEFAULT ABS _end 62: 080483b0 0 FUNC GLOBAL DEFAULT 13 _start 63: 080485c8 4 OBJECT GLOBAL DEFAULT 15 _fp_hw 64: 0804a01c 0 NOTYPE GLOBAL DEFAULT ABS __bss_start 65: 080484dc 32 FUNC GLOBAL DEFAULT 13 main 66: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 67: 08048314 0 FUNC GLOBAL DEFAULT 11 _init ../build-tree/includes-test-stock ../build-tree/includes-test-stock: ok (0x8048464) # Compiler options enabled. (linker is not wrapper) cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fPIE -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -fPIE -pie -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-compiled hello.c readelf -ldrsW ../build-tree/includes-test-compiled Elf file type is DYN (Shared object file) Entry point 0x520 There are 9 program headers, starting at offset 52 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000034 0x00000034 0x00000034 0x00120 0x00120 R E 0x4 INTERP 0x000154 0x00000154 0x00000154 0x00013 0x00013 R 0x1 [Requesting program interpreter: /lib/ld-linux.so.2] LOAD 0x000000 0x00000000 0x00000000 0x008f4 0x008f4 R E 0x1000 LOAD 0x000ee0 0x00001ee0 0x00001ee0 0x00128 0x00130 RW 0x1000 DYNAMIC 0x000ef4 0x00001ef4 0x00001ef4 0x000d8 0x000d8 RW 0x4 NOTE 0x000168 0x00000168 0x00000168 0x00044 0x00044 R 0x4 GNU_EH_FRAME 0x0007bc 0x000007bc 0x000007bc 0x0003c 0x0003c R 0x4 GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4 GNU_RELRO 0x000ee0 0x00001ee0 0x00001ee0 0x00120 0x00120 R 0x1 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03 .ctors .dtors .jcr .dynamic .got .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .ctors .dtors .jcr .dynamic .got Dynamic section at offset 0xef4 contains 23 entries: Tag Type Name/Value 0x00000001 (NEEDED) Shared library: [libc.so.6] 0x0000000c (INIT) 0x45c 0x0000000d (FINI) 0x788 0x6ffffef5 (GNU_HASH) 0x1ac 0x00000005 (STRTAB) 0x2c8 0x00000006 (SYMTAB) 0x1e8 0x0000000a (STRSZ) 208 (bytes) 0x0000000b (SYMENT) 16 (bytes) 0x00000015 (DEBUG) 0x0 0x00000003 (PLTGOT) 0x1fcc 0x00000002 (PLTRELSZ) 48 (bytes) 0x00000014 (PLTREL) REL 0x00000017 (JMPREL) 0x42c 0x00000011 (REL) 0x404 0x00000012 (RELSZ) 40 (bytes) 0x00000013 (RELENT) 8 (bytes) 0x00000018 (BIND_NOW) 0x6ffffffb (FLAGS_1) Flags: NOW 0x6ffffffe (VERNEED) 0x3b4 0x6fffffff (VERNEEDNUM) 1 0x6ffffff0 (VERSYM) 0x398 0x6ffffffa (RELCOUNT) 2 0x00000000 (NULL) 0x0 Relocation section '.rel.dyn' at offset 0x404 contains 5 entries: Offset Info Type Sym. Value Symbol's Name 00001ff8 00000008 R_386_RELATIVE 00002004 00000008 R_386_RELATIVE 00001ff0 00000206 R_386_GLOB_DAT 00000000 __cxa_finalize 00001ff4 00000306 R_386_GLOB_DAT 00000000 __gmon_start__ 00001ffc 00000706 R_386_GLOB_DAT 00000000 _Jv_RegisterClasses Relocation section '.rel.plt' at offset 0x42c contains 6 entries: Offset Info Type Sym. Value Symbol's Name 00001fd8 00000107 R_386_JUMP_SLOT 00000000 __stack_chk_fail 00001fdc 00000207 R_386_JUMP_SLOT 00000000 __cxa_finalize 00001fe0 00000307 R_386_JUMP_SLOT 00000000 __gmon_start__ 00001fe4 00000407 R_386_JUMP_SLOT 00000000 __libc_start_main 00001fe8 00000507 R_386_JUMP_SLOT 00000000 snprintf 00001fec 00000607 R_386_JUMP_SLOT 00000000 __printf_chk Symbol table '.dynsym' contains 14 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@GLIBC_2.4 (2) 2: 00000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.1.3 (3) 3: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 4: 00000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (4) 5: 00000000 0 FUNC GLOBAL DEFAULT UND snprintf@GLIBC_2.0 (4) 6: 00000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@GLIBC_2.3.4 (5) 7: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 8: 00002008 0 NOTYPE GLOBAL DEFAULT ABS _edata 9: 00002010 0 NOTYPE GLOBAL DEFAULT ABS _end 10: 000007a8 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 11: 000007a4 4 OBJECT GLOBAL DEFAULT 15 _fp_hw 12: 00002008 0 NOTYPE GLOBAL DEFAULT ABS __bss_start 13: 00000500 32 FUNC GLOBAL DEFAULT 13 main Symbol table '.symtab' contains 76 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000154 0 SECTION LOCAL DEFAULT 1 2: 00000168 0 SECTION LOCAL DEFAULT 2 3: 00000188 0 SECTION LOCAL DEFAULT 3 4: 000001ac 0 SECTION LOCAL DEFAULT 4 5: 000001e8 0 SECTION LOCAL DEFAULT 5 6: 000002c8 0 SECTION LOCAL DEFAULT 6 7: 00000398 0 SECTION LOCAL DEFAULT 7 8: 000003b4 0 SECTION LOCAL DEFAULT 8 9: 00000404 0 SECTION LOCAL DEFAULT 9 10: 0000042c 0 SECTION LOCAL DEFAULT 10 11: 0000045c 0 SECTION LOCAL DEFAULT 11 12: 00000490 0 SECTION LOCAL DEFAULT 12 13: 00000500 0 SECTION LOCAL DEFAULT 13 14: 00000788 0 SECTION LOCAL DEFAULT 14 15: 000007a4 0 SECTION LOCAL DEFAULT 15 16: 000007bc 0 SECTION LOCAL DEFAULT 16 17: 000007f8 0 SECTION LOCAL DEFAULT 17 18: 00001ee0 0 SECTION LOCAL DEFAULT 18 19: 00001ee8 0 SECTION LOCAL DEFAULT 19 20: 00001ef0 0 SECTION LOCAL DEFAULT 20 21: 00001ef4 0 SECTION LOCAL DEFAULT 21 22: 00001fcc 0 SECTION LOCAL DEFAULT 22 23: 00002000 0 SECTION LOCAL DEFAULT 23 24: 00002008 0 SECTION LOCAL DEFAULT 24 25: 00000000 0 SECTION LOCAL DEFAULT 25 26: 00000000 0 SECTION LOCAL DEFAULT 26 27: 00000000 0 SECTION LOCAL DEFAULT 27 28: 00000000 0 SECTION LOCAL DEFAULT 28 29: 00000000 0 SECTION LOCAL DEFAULT 29 30: 00000000 0 SECTION LOCAL DEFAULT 30 31: 00000000 0 SECTION LOCAL DEFAULT 31 32: 00000000 0 SECTION LOCAL DEFAULT 32 33: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 34: 00001ee0 0 OBJECT LOCAL DEFAULT 18 __CTOR_LIST__ 35: 00001ee8 0 OBJECT LOCAL DEFAULT 19 __DTOR_LIST__ 36: 00001ef0 0 OBJECT LOCAL DEFAULT 20 __JCR_LIST__ 37: 00000560 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux 38: 00002008 1 OBJECT LOCAL DEFAULT 24 completed.6159 39: 0000200c 4 OBJECT LOCAL DEFAULT 24 dtor_idx.6161 40: 000005e0 0 FUNC LOCAL DEFAULT 13 frame_dummy 41: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 42: 00001ee4 0 OBJECT LOCAL DEFAULT 18 __CTOR_END__ 43: 000008f0 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ 44: 00001ef0 0 OBJECT LOCAL DEFAULT 20 __JCR_END__ 45: 00000750 0 FUNC LOCAL DEFAULT 13 __do_global_ctors_aux 46: 00000000 0 FILE LOCAL DEFAULT ABS hello.c 47: 00001eec 0 OBJECT LOCAL DEFAULT 19 __DTOR_END__ 48: 00001ee0 0 NOTYPE LOCAL DEFAULT 18 __init_array_end 49: 00002004 0 OBJECT LOCAL DEFAULT 23 __dso_handle 50: 00001ef4 0 OBJECT LOCAL DEFAULT ABS _DYNAMIC 51: 00001ee0 0 NOTYPE LOCAL DEFAULT 18 __init_array_start 52: 00001fcc 0 OBJECT LOCAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_ 53: 00000720 2 FUNC GLOBAL DEFAULT 13 __libc_csu_fini 54: 00000617 0 FUNC GLOBAL HIDDEN 13 __i686.get_pc_thunk.bx 55: 00002000 0 NOTYPE WEAK DEFAULT 23 data_start 56: 00002008 0 NOTYPE GLOBAL DEFAULT ABS _edata 57: 00000788 0 FUNC GLOBAL DEFAULT 14 _fini 58: 00000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@@GLIBC_2.4 59: 00000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@@GLIBC_2.1.3 60: 00002000 0 NOTYPE GLOBAL DEFAULT 23 __data_start 61: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 62: 00000620 141 FUNC GLOBAL DEFAULT 13 announcement 63: 000007a8 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 64: 00000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_2.0 65: 000006b0 97 FUNC GLOBAL DEFAULT 13 __libc_csu_init 66: 00000000 0 FUNC GLOBAL DEFAULT UND snprintf@@GLIBC_2.0 67: 00002010 0 NOTYPE GLOBAL DEFAULT ABS _end 68: 00000520 0 FUNC GLOBAL DEFAULT 13 _start 69: 000007a4 4 OBJECT GLOBAL DEFAULT 15 _fp_hw 70: 00002008 0 NOTYPE GLOBAL DEFAULT ABS __bss_start 71: 00000500 32 FUNC GLOBAL DEFAULT 13 main 72: 00000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@@GLIBC_2.3.4 73: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 74: 00000730 20 FUNC GLOBAL HIDDEN 13 __stack_chk_fail_local 75: 0000045c 0 FUNC GLOBAL DEFAULT 11 _init # Run twice to show off PIE, if available in kernel ../build-tree/includes-test-compiled ../build-tree/includes-test-compiled: ok (0x55555620) ../build-tree/includes-test-compiled ../build-tree/includes-test-compiled: ok (0x55555620) # Compiler and linker options enabled. cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fPIE -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -fPIE -pie -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-linked hello.c readelf -ldrsW ../build-tree/includes-test-linked Elf file type is DYN (Shared object file) Entry point 0x520 There are 9 program headers, starting at offset 52 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000034 0x00000034 0x00000034 0x00120 0x00120 R E 0x4 INTERP 0x000154 0x00000154 0x00000154 0x00013 0x00013 R 0x1 [Requesting program interpreter: /lib/ld-linux.so.2] LOAD 0x000000 0x00000000 0x00000000 0x008f4 0x008f4 R E 0x1000 LOAD 0x000ee0 0x00001ee0 0x00001ee0 0x00128 0x00130 RW 0x1000 DYNAMIC 0x000ef4 0x00001ef4 0x00001ef4 0x000d8 0x000d8 RW 0x4 NOTE 0x000168 0x00000168 0x00000168 0x00044 0x00044 R 0x4 GNU_EH_FRAME 0x0007bc 0x000007bc 0x000007bc 0x0003c 0x0003c R 0x4 GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4 GNU_RELRO 0x000ee0 0x00001ee0 0x00001ee0 0x00120 0x00120 R 0x1 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03 .ctors .dtors .jcr .dynamic .got .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .ctors .dtors .jcr .dynamic .got Dynamic section at offset 0xef4 contains 23 entries: Tag Type Name/Value 0x00000001 (NEEDED) Shared library: [libc.so.6] 0x0000000c (INIT) 0x45c 0x0000000d (FINI) 0x788 0x6ffffef5 (GNU_HASH) 0x1ac 0x00000005 (STRTAB) 0x2c8 0x00000006 (SYMTAB) 0x1e8 0x0000000a (STRSZ) 208 (bytes) 0x0000000b (SYMENT) 16 (bytes) 0x00000015 (DEBUG) 0x0 0x00000003 (PLTGOT) 0x1fcc 0x00000002 (PLTRELSZ) 48 (bytes) 0x00000014 (PLTREL) REL 0x00000017 (JMPREL) 0x42c 0x00000011 (REL) 0x404 0x00000012 (RELSZ) 40 (bytes) 0x00000013 (RELENT) 8 (bytes) 0x00000018 (BIND_NOW) 0x6ffffffb (FLAGS_1) Flags: NOW 0x6ffffffe (VERNEED) 0x3b4 0x6fffffff (VERNEEDNUM) 1 0x6ffffff0 (VERSYM) 0x398 0x6ffffffa (RELCOUNT) 2 0x00000000 (NULL) 0x0 Relocation section '.rel.dyn' at offset 0x404 contains 5 entries: Offset Info Type Sym. Value Symbol's Name 00001ff8 00000008 R_386_RELATIVE 00002004 00000008 R_386_RELATIVE 00001ff0 00000206 R_386_GLOB_DAT 00000000 __cxa_finalize 00001ff4 00000306 R_386_GLOB_DAT 00000000 __gmon_start__ 00001ffc 00000706 R_386_GLOB_DAT 00000000 _Jv_RegisterClasses Relocation section '.rel.plt' at offset 0x42c contains 6 entries: Offset Info Type Sym. Value Symbol's Name 00001fd8 00000107 R_386_JUMP_SLOT 00000000 __stack_chk_fail 00001fdc 00000207 R_386_JUMP_SLOT 00000000 __cxa_finalize 00001fe0 00000307 R_386_JUMP_SLOT 00000000 __gmon_start__ 00001fe4 00000407 R_386_JUMP_SLOT 00000000 __libc_start_main 00001fe8 00000507 R_386_JUMP_SLOT 00000000 snprintf 00001fec 00000607 R_386_JUMP_SLOT 00000000 __printf_chk Symbol table '.dynsym' contains 14 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@GLIBC_2.4 (2) 2: 00000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.1.3 (3) 3: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 4: 00000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (4) 5: 00000000 0 FUNC GLOBAL DEFAULT UND snprintf@GLIBC_2.0 (4) 6: 00000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@GLIBC_2.3.4 (5) 7: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 8: 00002008 0 NOTYPE GLOBAL DEFAULT ABS _edata 9: 00002010 0 NOTYPE GLOBAL DEFAULT ABS _end 10: 000007a8 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 11: 000007a4 4 OBJECT GLOBAL DEFAULT 15 _fp_hw 12: 00002008 0 NOTYPE GLOBAL DEFAULT ABS __bss_start 13: 00000500 32 FUNC GLOBAL DEFAULT 13 main Symbol table '.symtab' contains 76 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000154 0 SECTION LOCAL DEFAULT 1 2: 00000168 0 SECTION LOCAL DEFAULT 2 3: 00000188 0 SECTION LOCAL DEFAULT 3 4: 000001ac 0 SECTION LOCAL DEFAULT 4 5: 000001e8 0 SECTION LOCAL DEFAULT 5 6: 000002c8 0 SECTION LOCAL DEFAULT 6 7: 00000398 0 SECTION LOCAL DEFAULT 7 8: 000003b4 0 SECTION LOCAL DEFAULT 8 9: 00000404 0 SECTION LOCAL DEFAULT 9 10: 0000042c 0 SECTION LOCAL DEFAULT 10 11: 0000045c 0 SECTION LOCAL DEFAULT 11 12: 00000490 0 SECTION LOCAL DEFAULT 12 13: 00000500 0 SECTION LOCAL DEFAULT 13 14: 00000788 0 SECTION LOCAL DEFAULT 14 15: 000007a4 0 SECTION LOCAL DEFAULT 15 16: 000007bc 0 SECTION LOCAL DEFAULT 16 17: 000007f8 0 SECTION LOCAL DEFAULT 17 18: 00001ee0 0 SECTION LOCAL DEFAULT 18 19: 00001ee8 0 SECTION LOCAL DEFAULT 19 20: 00001ef0 0 SECTION LOCAL DEFAULT 20 21: 00001ef4 0 SECTION LOCAL DEFAULT 21 22: 00001fcc 0 SECTION LOCAL DEFAULT 22 23: 00002000 0 SECTION LOCAL DEFAULT 23 24: 00002008 0 SECTION LOCAL DEFAULT 24 25: 00000000 0 SECTION LOCAL DEFAULT 25 26: 00000000 0 SECTION LOCAL DEFAULT 26 27: 00000000 0 SECTION LOCAL DEFAULT 27 28: 00000000 0 SECTION LOCAL DEFAULT 28 29: 00000000 0 SECTION LOCAL DEFAULT 29 30: 00000000 0 SECTION LOCAL DEFAULT 30 31: 00000000 0 SECTION LOCAL DEFAULT 31 32: 00000000 0 SECTION LOCAL DEFAULT 32 33: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 34: 00001ee0 0 OBJECT LOCAL DEFAULT 18 __CTOR_LIST__ 35: 00001ee8 0 OBJECT LOCAL DEFAULT 19 __DTOR_LIST__ 36: 00001ef0 0 OBJECT LOCAL DEFAULT 20 __JCR_LIST__ 37: 00000560 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux 38: 00002008 1 OBJECT LOCAL DEFAULT 24 completed.6159 39: 0000200c 4 OBJECT LOCAL DEFAULT 24 dtor_idx.6161 40: 000005e0 0 FUNC LOCAL DEFAULT 13 frame_dummy 41: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 42: 00001ee4 0 OBJECT LOCAL DEFAULT 18 __CTOR_END__ 43: 000008f0 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ 44: 00001ef0 0 OBJECT LOCAL DEFAULT 20 __JCR_END__ 45: 00000750 0 FUNC LOCAL DEFAULT 13 __do_global_ctors_aux 46: 00000000 0 FILE LOCAL DEFAULT ABS hello.c 47: 00001eec 0 OBJECT LOCAL DEFAULT 19 __DTOR_END__ 48: 00001ee0 0 NOTYPE LOCAL DEFAULT 18 __init_array_end 49: 00002004 0 OBJECT LOCAL DEFAULT 23 __dso_handle 50: 00001ef4 0 OBJECT LOCAL DEFAULT ABS _DYNAMIC 51: 00001ee0 0 NOTYPE LOCAL DEFAULT 18 __init_array_start 52: 00001fcc 0 OBJECT LOCAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_ 53: 00000720 2 FUNC GLOBAL DEFAULT 13 __libc_csu_fini 54: 00000617 0 FUNC GLOBAL HIDDEN 13 __i686.get_pc_thunk.bx 55: 00002000 0 NOTYPE WEAK DEFAULT 23 data_start 56: 00002008 0 NOTYPE GLOBAL DEFAULT ABS _edata 57: 00000788 0 FUNC GLOBAL DEFAULT 14 _fini 58: 00000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@@GLIBC_2.4 59: 00000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@@GLIBC_2.1.3 60: 00002000 0 NOTYPE GLOBAL DEFAULT 23 __data_start 61: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 62: 00000620 141 FUNC GLOBAL DEFAULT 13 announcement 63: 000007a8 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 64: 00000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_2.0 65: 000006b0 97 FUNC GLOBAL DEFAULT 13 __libc_csu_init 66: 00000000 0 FUNC GLOBAL DEFAULT UND snprintf@@GLIBC_2.0 67: 00002010 0 NOTYPE GLOBAL DEFAULT ABS _end 68: 00000520 0 FUNC GLOBAL DEFAULT 13 _start 69: 000007a4 4 OBJECT GLOBAL DEFAULT 15 _fp_hw 70: 00002008 0 NOTYPE GLOBAL DEFAULT ABS __bss_start 71: 00000500 32 FUNC GLOBAL DEFAULT 13 main 72: 00000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@@GLIBC_2.3.4 73: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 74: 00000730 20 FUNC GLOBAL HIDDEN 13 __stack_chk_fail_local 75: 0000045c 0 FUNC GLOBAL DEFAULT 11 _init # Run twice to show off PIE, if available in kernel ../build-tree/includes-test-linked ../build-tree/includes-test-linked: ok (0x55555620) ../build-tree/includes-test-linked ../build-tree/includes-test-linked: ok (0x55555620) # Check state of hardening features via check script perl ../hardening-check ../build-tree/includes-test-linked ../build-tree/includes-test-linked: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes # Manually check state of hardening features # Test PIE readelf -lW ../build-tree/includes-test-linked | grep '^Elf file type is DYN' Elf file type is DYN (Shared object file) # Test Stack Protector nm ../build-tree/includes-test-linked | egrep '__stack_chk_fail($|@@GLIBC)' U __stack_chk_fail@@GLIBC_2.4 # Test Fortify nm ../build-tree/includes-test-linked | egrep '__(sn)?printf_chk($|@@GLIBC)' U __printf_chk@@GLIBC_2.3.4 # Test Format (no-op currently) # Test for RELRO readelf -lW ../build-tree/includes-test-linked | grep GNU_RELRO GNU_RELRO 0x000ee0 0x00001ee0 0x00001ee0 0x00120 0x00120 R 0x1 # Test for BIND_NOW readelf -dW ../build-tree/includes-test-linked | grep BIND_NOW 0x00000018 (BIND_NOW) # Build directly with -fPIC already defined cc -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fPIE -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -fPIE -pie -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-fPIC-direct hello.c ../build-tree/includes-test-fPIC-direct ../build-tree/includes-test-fPIC-direct: ok (0x55555620) # Build .o with -fPIC already defined cc -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fPIE -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -fPIE -pie -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-fPIC.o -c hello.c # Link .o with -fPIC already defined cc -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fPIE -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -fPIE -pie -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-fPIC ../build-tree/includes-test-fPIC.o ../build-tree/includes-test-fPIC ../build-tree/includes-test-fPIC: ok (0x55555620) # Make sure build fails due to -Werror=format-security ! cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fPIE -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -fPIE -pie -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-format-security format.c format.c: In function 'main': format.c:11:5: error: format not a string literal and no format arguments [-Werror=format-security] cc1: some warnings being treated as errors # Make sure build succeeds with -Wno-format-security cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fPIE -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wno-format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -fPIE -pie -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-format-security format.c # Make sure build stack-protects a small ssp buffer cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fPIE -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -fPIE -pie -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-ssp-buffer-size-protect ssp-buffer-size-protect.c # Test Stack Protector nm ../build-tree/includes-test-ssp-buffer-size-protect | egrep '__stack_chk_fail($|@@GLIBC)' U __stack_chk_fail@@GLIBC_2.4 # Make sure build does not stack-protects a tiny ssp buffer cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fPIE -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -fPIE -pie -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-ssp-buffer-size-skip ssp-buffer-size-skip.c # Test Stack Protector is correctly skipped ! nm ../build-tree/includes-test-ssp-buffer-size-skip | egrep '__stack_chk_fail($|@@GLIBC)' # Disable PIE cc \ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 \ -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,relro -Wl,-z,now \ -o ../build-tree/includes-disabled hello.c if perl ../hardening-check ../build-tree/includes-disabled; then exit 1; fi ../build-tree/includes-disabled: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes # Disable stack protector cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fPIE -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -fPIE -pie -Wl,-z,relro -Wl,-z,now -fno-stack-protector -o ../build-tree/includes-disabled hello.c if perl ../hardening-check ../build-tree/includes-disabled; then exit 1; fi ../build-tree/includes-disabled: Position Independent Executable: yes Stack protected: no, not found! Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes # Disable fortify cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fPIE -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -fPIE -pie -Wl,-z,relro -Wl,-z,now -U_FORTIFY_SOURCE -o ../build-tree/includes-disabled hello.c if perl ../hardening-check ../build-tree/includes-disabled; then exit 1; fi ../build-tree/includes-disabled: Position Independent Executable: yes Stack protected: yes Fortify Source functions: no, only unprotected functions found! Read-only relocations: yes Immediate binding: yes # Disable relro cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fPIE -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -fPIE -pie -Wl,-z,relro -Wl,-z,now -Wl,-z,norelro -o ../build-tree/includes-disabled hello.c if perl ../hardening-check ../build-tree/includes-disabled; then exit 1; fi ../build-tree/includes-disabled: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: no, not found! Immediate binding: yes # Disable bindnow cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fPIE -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-Bsymbolic-functions -Wl,-z,relro -fPIE -pie -Wl,-z,relro -Wl,-z,now -Wl,-z,lazy -o ../build-tree/includes-disabled hello.c if perl ../hardening-check ../build-tree/includes-disabled; then exit 1; fi ../build-tree/includes-disabled: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no not found! # Disable everything cc \ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 \ -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,relro -Wl,-z,now \ -fno-stack-protector \ -U_FORTIFY_SOURCE \ -Wno-format-security \ -Wl,-z,norelro \ -Wl,-z,lazy \ -o ../build-tree/includes-disabled hello.c if perl ../hardening-check ../build-tree/includes-disabled; then exit 1; fi ../build-tree/includes-disabled: Position Independent Executable: no, normal executable! Stack protected: no, not found! Fortify Source functions: no, only unprotected functions found! Read-only relocations: no, not found! Immediate binding: no not found! readelf -ldW ../build-tree/includes-disabled Elf file type is EXEC (Executable file) Entry point 0x8048350 There are 8 program headers, starting at offset 52 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000034 0x08048034 0x08048034 0x00100 0x00100 R E 0x4 INTERP 0x000134 0x08048134 0x08048134 0x00013 0x00013 R 0x1 [Requesting program interpreter: /lib/ld-linux.so.2] LOAD 0x000000 0x08048000 0x08048000 0x00664 0x00664 R E 0x1000 LOAD 0x000664 0x08049664 0x08049664 0x00104 0x0010c RW 0x1000 DYNAMIC 0x000678 0x08049678 0x08049678 0x000c8 0x000c8 RW 0x4 NOTE 0x000148 0x08048148 0x08048148 0x00044 0x00044 R 0x4 GNU_EH_FRAME 0x000540 0x08048540 0x08048540 0x0003c 0x0003c R 0x4 GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 Dynamic section at offset 0x678 contains 20 entries: Tag Type Name/Value 0x00000001 (NEEDED) Shared library: [libc.so.6] 0x0000000c (INIT) 0x80482b0 0x0000000d (FINI) 0x804850c 0x6ffffef5 (GNU_HASH) 0x804818c 0x00000005 (STRTAB) 0x804820c 0x00000006 (SYMTAB) 0x80481ac 0x0000000a (STRSZ) 78 (bytes) 0x0000000b (SYMENT) 16 (bytes) 0x00000015 (DEBUG) 0x0 0x00000003 (PLTGOT) 0x8049744 0x00000002 (PLTRELSZ) 32 (bytes) 0x00000014 (PLTREL) REL 0x00000017 (JMPREL) 0x8048290 0x00000011 (REL) 0x8048288 0x00000012 (RELSZ) 8 (bytes) 0x00000013 (RELENT) 8 (bytes) 0x6ffffffe (VERNEED) 0x8048268 0x6fffffff (VERNEEDNUM) 1 0x6ffffff0 (VERSYM) 0x804825a 0x00000000 (NULL) 0x0 make[2]: Leaving directory `/build/buildd/hardening-wrapper-1.36ubuntu1/tests' make[1]: Leaving directory `/build/buildd/hardening-wrapper-1.36ubuntu1/tests' # Done testing touch test-stamp /usr/bin/fakeroot debian/rules binary dh_testdir dh_testroot dh_clean -k dh_clean: dh_clean -k is deprecated; use dh_prep instead dh_installdirs usr/bin dh_installdirs -phardening-wrapper -A usr/share/lintian/overrides install -m644 debian/lintian.overrides debian/hardening-wrapper/usr/share/lintian/overrides/hardening-wrapper install build-tree/hardened-cc build-tree/hardened-c++ build-tree/hardened-ld debian/hardening-wrapper/usr/bin # programatically build links (change debian/h-w.{preinst,postrm} too) for ver in 4.2 4.3 4.4 4.5 4.6; do dh_link -phardening-wrapper \ usr/bin/hardened-cc usr/bin/gcc-$ver \ usr/bin/hardened-c++ usr/bin/g++-$ver \ ;\ done dh_link -phardening-wrapper usr/bin/hardened-ld usr/bin/ld.bfd dh_link -phardening-wrapper usr/bin/hardened-ld usr/bin/ld.gold install -m644 -D hardening.make debian/hardening-includes/usr/share/hardening-includes/hardening.make install -m755 -D hardening-check debian/hardening-includes/usr/bin/hardening-check dh_testdir -i dh_testroot -i dh_installchangelogs -i dh_installdocs -i dh_installexamples -i dh_installman -i dh_link -i dh_compress -i dh_fixperms -i dh_perl -i dh_installdeb -i dh_gencontrol -i dh_md5sums -i dh_builddeb -i INFO: pkgstriptranslations version 116 pkgstriptranslations: processing hardening-includes (in debian/hardening-includes); do_strip: 1, oemstrip: pkgstriptranslations: hardening-includes does not contain translations, skipping pkgstriptranslations: no translation files, not creating tarball pkgmaintainermangler: Not overriding Maintainer for domain lists.ubuntu.com pkgstripfiles: processing control file: debian/hardening-includes/DEBIAN/control, package hardening-includes, directory debian/hardening-includes pkgstripfiles: Truncating usr/share/doc/hardening-includes/changelog.gz to topmost ten records pkgstripfiles: PNG optimization for package hardening-includes took 0 s dpkg-deb: warning: 'debian/hardening-includes/DEBIAN/control' contains user-defined field 'Original-Maintainer' dpkg-deb: warning: ignoring 1 warning about the control file(s) dpkg-deb: building package `hardening-includes' in `../hardening-includes_1.36ubuntu1_all.deb'. dh_perl -a dh_testdir -a dh_testroot -a dh_installdocs -a AUTHORS TODO dh_installexamples -a dh_installmenu -a dh_installcron -a dh_installman -a dh_installchangelogs -a dh_strip -a dh_strip debug symbol extraction: all non-arch-all packages for this build platform i386: hardening-wrapper dh_strip debug symbol extraction: packages to act on: hardening-wrapper dh_strip debug symbol extraction: ignored packages: hardening-wrapper is already stripped, ignoring dh_compress -a dh_fixperms -a dh_installdeb -a dh_shlibdeps -a dh_gencontrol -a dh_md5sums -a dh_builddeb -a INFO: pkgstriptranslations version 116 pkgstriptranslations: processing hardening-wrapper (in debian/hardening-wrapper); do_strip: 1, oemstrip: pkgstriptranslations: hardening-wrapper does not contain translations, skipping pkgstriptranslations: no translation files, not creating tarball pkgmaintainermangler: Not overriding Maintainer for domain lists.ubuntu.com pkgstripfiles: processing control file: debian/hardening-wrapper/DEBIAN/control, package hardening-wrapper, directory debian/hardening-wrapper pkgstripfiles: Truncating usr/share/doc/hardening-wrapper/changelog.gz to topmost ten records pkgstripfiles: PNG optimization for package hardening-wrapper took 0 s dpkg-deb: warning: 'debian/hardening-wrapper/DEBIAN/control' contains user-defined field 'Original-Maintainer' dpkg-deb: warning: ignoring 1 warning about the control file(s) dpkg-deb: building package `hardening-wrapper' in `../hardening-wrapper_1.36ubuntu1_i386.deb'. dpkg-genchanges -b -mUbuntu/amd64 Build Daemon >../hardening-wrapper_1.36ubuntu1_i386.changes dpkg-genchanges: binary-only upload - not including any source code dpkg-source --after-build hardening-wrapper-1.36ubuntu1 dpkg-buildpackage: binary only upload (no source included) ****************************************************************************** Build finished at 20120331-0116 chroot-autobuild/build/buildd/hardening-includes_1.36ubuntu1_all.deb: new debian package, version 2.0. size 13782 bytes: control archive= 796 bytes. 772 bytes, 19 lines control 367 bytes, 5 lines md5sums Package: hardening-includes Source: hardening-wrapper Version: 1.36ubuntu1 Architecture: all Maintainer: Ubuntu Developers Installed-Size: 67 Depends: perl Section: devel Priority: optional Multi-Arch: foreign Homepage: http://wiki.debian.org/Hardening Description: Makefile for enabling compiler flags for security hardening Makefile to be included in Debian rules files. CFLAGS and LDFLAGS can be extended to include the respective HARDENING_* variables which contain architecture-validated security hardening compiler options. . Also includes the "hardening-check" script to help evaluate the hardening status of already compiled binaries. Original-Maintainer: Package Hardening chroot-autobuild/build/buildd/hardening-wrapper_1.36ubuntu1_i386.deb: new debian package, version 2.0. size 10632 bytes: control archive= 1423 bytes. 607 bytes, 15 lines control 910 bytes, 13 lines md5sums 592 bytes, 32 lines * postinst #!/bin/sh 364 bytes, 22 lines * postrm #!/bin/sh 375 bytes, 22 lines * preinst #!/bin/sh Package: hardening-wrapper Version: 1.36ubuntu1 Architecture: i386 Maintainer: Ubuntu Developers Installed-Size: 70 Depends: gcc | g++, perl Section: devel Priority: optional Multi-Arch: foreign Homepage: http://wiki.debian.org/Hardening Description: Compiler wrapper to enable security hardening flags Replaces gcc, g++, and ld with wrapper scripts that set security hardening compilation flags, as an alternative to changing gcc specs. Enabled when DEB_BUILD_HARDENING=1 is set. Original-Maintainer: Package Hardening chroot-autobuild/build/buildd/hardening-includes_1.36ubuntu1_all.deb: drwxr-xr-x root/root 0 2012-03-31 01:16 ./ drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/ drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/bin/ -rwxr-xr-x root/root 12048 2012-03-31 01:16 ./usr/bin/hardening-check drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/share/ drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/share/hardening-includes/ -rw-r--r-- root/root 6113 2012-03-31 01:16 ./usr/share/hardening-includes/hardening.make drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/share/doc/ drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/share/doc/hardening-includes/ -rw-r--r-- root/root 1181 2011-07-03 20:13 ./usr/share/doc/hardening-includes/copyright -rw-r--r-- root/root 1509 2012-03-31 01:16 ./usr/share/doc/hardening-includes/changelog.gz drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/share/man/ drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/share/man/man1/ -rw-r--r-- root/root 3612 2012-03-31 01:16 ./usr/share/man/man1/hardening-check.1.gz chroot-autobuild/build/buildd/hardening-wrapper_1.36ubuntu1_i386.deb: drwxr-xr-x root/root 0 2012-03-31 01:16 ./ drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/ drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/bin/ -rwxr-xr-x root/root 5352 2012-03-31 01:16 ./usr/bin/hardened-c++ -rwxr-xr-x root/root 5349 2012-03-31 01:16 ./usr/bin/hardened-cc -rwxr-xr-x root/root 2503 2012-03-31 01:16 ./usr/bin/hardened-ld drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/share/ drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/share/lintian/ drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/share/lintian/overrides/ -rw-r--r-- root/root 108 2012-03-31 01:16 ./usr/share/lintian/overrides/hardening-wrapper drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/share/doc/ drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/share/doc/hardening-wrapper/ -rw-r--r-- root/root 18 2011-07-03 20:12 ./usr/share/doc/hardening-wrapper/TODO -rw-r--r-- root/root 1181 2011-07-03 20:13 ./usr/share/doc/hardening-wrapper/copyright -rw-r--r-- root/root 64 2011-07-03 20:12 ./usr/share/doc/hardening-wrapper/AUTHORS -rw-r--r-- root/root 2949 2011-07-03 20:13 ./usr/share/doc/hardening-wrapper/README.Debian -rw-r--r-- root/root 1509 2012-03-31 01:16 ./usr/share/doc/hardening-wrapper/changelog.gz drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/share/man/ drwxr-xr-x root/root 0 2012-03-31 01:16 ./usr/share/man/man1/ -rw-r--r-- root/root 825 2012-03-31 01:16 ./usr/share/man/man1/hardening-wrapper.1.gz -rw-r--r-- root/root 825 2012-03-31 01:16 ./usr/share/man/man1/hardened-cc.1.gz -rw-r--r-- root/root 734 2012-03-31 01:16 ./usr/share/man/man1/hardened-ld.1.gz -rw-r--r-- root/root 827 2012-03-31 01:16 ./usr/share/man/man1/hardened-c++.1.gz lrwxrwxrwx root/root 0 2012-03-31 01:16 ./usr/bin/gcc-4.4 -> hardened-cc lrwxrwxrwx root/root 0 2012-03-31 01:16 ./usr/bin/g++-4.2 -> hardened-c++ lrwxrwxrwx root/root 0 2012-03-31 01:16 ./usr/bin/gcc-4.6 -> hardened-cc lrwxrwxrwx root/root 0 2012-03-31 01:16 ./usr/bin/gcc-4.5 -> hardened-cc lrwxrwxrwx root/root 0 2012-03-31 01:16 ./usr/bin/g++-4.5 -> hardened-c++ lrwxrwxrwx root/root 0 2012-03-31 01:16 ./usr/bin/g++-4.6 -> hardened-c++ lrwxrwxrwx root/root 0 2012-03-31 01:16 ./usr/bin/g++-4.4 -> hardened-c++ lrwxrwxrwx root/root 0 2012-03-31 01:16 ./usr/bin/ld.gold -> hardened-ld lrwxrwxrwx root/root 0 2012-03-31 01:16 ./usr/bin/gcc-4.3 -> hardened-cc lrwxrwxrwx root/root 0 2012-03-31 01:16 ./usr/bin/g++-4.3 -> hardened-c++ lrwxrwxrwx root/root 0 2012-03-31 01:16 ./usr/bin/gcc-4.2 -> hardened-cc lrwxrwxrwx root/root 0 2012-03-31 01:16 ./usr/bin/ld.bfd -> hardened-ld hardening-wrapper_1.36ubuntu1_i386.changes: Format: 1.8 Date: Sat, 31 Mar 2012 02:11:12 +0100 Source: hardening-wrapper Binary: hardening-wrapper hardening-includes Architecture: all i386 Version: 1.36ubuntu1 Distribution: precise Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Colin Watson Description: hardening-includes - Makefile for enabling compiler flags for security hardening hardening-wrapper - Compiler wrapper to enable security hardening flags Changes: hardening-wrapper (1.36ubuntu1) precise; urgency=low . * Make bash-completion Multi-Arch: foreign, so that it can satisfy cross-build-dependencies. Checksums-Sha1: 8d47558634f3d750e4a9deaa703658102e569ed8 13782 hardening-includes_1.36ubuntu1_all.deb 2de6820f3c433f1160565cd6c0d314035c3a0839 10632 hardening-wrapper_1.36ubuntu1_i386.deb Checksums-Sha256: 070a607defd1d6ab415f2832723242bc246062460d84ef5c0cf1c6a4683e4564 13782 hardening-includes_1.36ubuntu1_all.deb 765677fcfacc6b9e3215a2102ae1ce2630c674543671c55b55b1f98896edeead 10632 hardening-wrapper_1.36ubuntu1_i386.deb Files: c4216441e3b0f811e775300a104ae6fd 13782 devel optional hardening-includes_1.36ubuntu1_all.deb 0cae166916ace0e0a5d764de9560d9d1 10632 devel optional hardening-wrapper_1.36ubuntu1_i386.deb Original-Maintainer: Package Hardening ****************************************************************************** Built successfully ****************************************************************************** Finished at 20120331-0116 Build needed 00:00:08, 676k disk space RUN: /usr/share/launchpad-buildd/slavebin/scan-for-processes ['/usr/share/launchpad-buildd/slavebin/scan-for-processes', 'afb7525432dd2bea9c8b4571f5e74779c3ea22c9'] Scanning for processes to kill in build /home/buildd/build-afb7525432dd2bea9c8b4571f5e74779c3ea22c9/chroot-autobuild... RUN: /usr/share/launchpad-buildd/slavebin/umount-chroot ['umount-chroot', 'afb7525432dd2bea9c8b4571f5e74779c3ea22c9'] Unmounting chroot for build afb7525432dd2bea9c8b4571f5e74779c3ea22c9... RUN: /usr/share/launchpad-buildd/slavebin/remove-build ['remove-build', 'afb7525432dd2bea9c8b4571f5e74779c3ea22c9'] Removing build afb7525432dd2bea9c8b4571f5e74779c3ea22c9