Ubuntu

libipt_icmp.so: undefined symbol: __stack_chk_fail_local

Reported by i3dmaster on 2006-10-18
78
Affects Status Importance Assigned to Milestone
iptables
Invalid
Undecided
Unassigned
iptables (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: iptables

zsh 1674 [2] # iptables -A FORWARD -p icmp -m icmp --icmp-type ping -d x.x.x.x/24 -j DROP
iptables v1.3.5: Couldn't load match `icmp':/lib/iptables/libipt_icmp.so: undefined symbol: __stack_chk_fail_local

Try `iptables -h' or 'iptables --help' for more information.

uname -a
Linux ubuntubaby 2.6.17-10-server #2 SMP Fri Oct 13 18:47:26 UTC 2006 i686 GNU/Linux
Ubuntu edgy eft

Changed in iptables:
status: Unconfirmed → Confirmed
Jürgen Kreileder (jk) wrote :

Adding -fno-stack-protector to CFLAGS fixes the problem.

i3dmaster (i3dmaster-gmail) wrote :

Any security concerns on taking out stack-protector?

Jürgen Kreileder (jk) wrote :

> Any security concerns on taking out stack-protector?

All older versions of iptables where compiled without this feature, so it doesn't get worse at least.
(-fstack-protector is now enabled by default in Ubuntu's gcc-4.1, that's how it got in.)

Rocco Stanzione (trappist) wrote :

Can anyone reproduce this on amd64? I can't.

Jose Bernardo (bernardo-bandos) wrote :

On amd64 it works. On x86 it gives the "Unknown arg `--icmp-type`" error that breaks shorewall and guarddog. At least for me.

Nitpicking a bit, but shouldn't this bug be a duplicate of 66106 rather than the other way around? :P

It would be easier to follow the comments if they would be directed to the original report instead of spreading them between the original and newer reports. Of course it doesn't matter much, I'm sure the issue will be resolved either way :)

amichair (amichai2) wrote :

I just upgraded dapper to edgy RC, and found guarddog is broken, giving the message
"iptables v1.3.5: Unknown arg `--icmp-type'
Try `iptables -h' or 'iptables --help' for more information." this appears to be related. any chance this will be fixed in edgy final? wouldn't want to break all them dapper firewalls down the moment they upgrade...

Laurent Bigonville (bigon) wrote :

It's working when compiled with -fno-stack-protector

Changed in iptables:
status: Unknown → Rejected
Andrew Mitchell (ajmitch) wrote :

 iptables (1.3.5.0debian1-1ubuntu2) edgy; urgency=low
 .
   * Build with -fno-stack-protector to fix failing ICMP module (Malone: #66681)

Changed in iptables:
status: Confirmed → Fix Committed
Changed in iptables:
status: Fix Committed → Fix Released

Confirmed, now guarddog and shorewall can manage icmp once again without problems. Thanks!

Matthias Klose (doko) wrote :

reopening, please could somebody recheck this with current gutsy (build with -fstack-protector enabled)?

Changed in iptables:
status: Fix Released → Incomplete
Martin Pitt (pitti) wrote :

Works for me on current gutsy amd64.

codetiger (nharishankar) wrote :

I have attached the error I recieved when I use DHCP function with firestarter

Gavin Panella (allenap) wrote :

The remote bug tracker no longer functional. Was watching https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=525

Connor Imes (rocket2dmn) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering is this still an issue for you? Can you try with latest Ubuntu release? Thanks in advance.

Daniel T Chen (crimsun) wrote :

Works fine for me in 8.10 alpha on amd64 and ia32.

Martin Pitt (pitti) on 2008-09-18
Changed in iptables:
status: Incomplete → Fix Released
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments