# lshw stack smashing detected!

## richard.scott

I get this error while running "lshw":

```
# lshw

*** stack smashing detected ***: lshw - terminated

lshw: stack smashing attack in function bool load_usbids(const std::string&) -

terminated

Report to http://bugs.gentoo.org/

Killed
```

I have recompiled everything with emwrap.sh over the last day and it still does it   :Shocked: 

Here's my "emerge --info"

```
Portage 2.1.4.4 (hardened/x86/2.6, gcc-3.4.6, glibc-2.6.1-r0, 2.6.23-hardened-r9 i686)

=================================================================

System uname: 2.6.23-hardened-r9 i686 Intel(R) Celeron(R) CPU 2.93GHz

Timestamp of tree: Sun, 23 Mar 2008 17:30:04 +0000

ccache version 2.4 [disabled]

app-shells/bash:     3.2_p17-r1

dev-lang/python:     2.4.4-r9

dev-python/pycrypto: 2.0.1-r6

dev-util/ccache:     2.4-r7

sys-apps/baselayout: 1.12.11.1

sys-apps/sandbox:    1.2.18.1-r2

sys-devel/autoconf:  2.13, 2.61-r1

sys-devel/automake:  1.4_p6, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10

sys-devel/binutils:  2.18-r1

sys-devel/gcc-config: 1.4.0-r4

sys-devel/libtool:   1.5.26

virtual/os-headers:  2.6.23-r3

ACCEPT_KEYWORDS="x86"

CBUILD="i686-pc-linux-gnu"

CFLAGS="-mtune=pentium4 -O2 -pipe -fforce-addr"

CHOST="i686-pc-linux-gnu"

CONFIG_PROTECT="/etc /var/bind /var/service"

CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/udev/rules.d"

CXXFLAGS="-mtune=pentium4 -O2 -pipe -fforce-addr"

DISTDIR="/var/lib/portage/distfiles"

FEATURES="distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch"

GENTOO_MIRRORS="ftp://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://128.61.111.10/pub/gentoo http://128.61.111.11/pub/gentoo http://128.61.111.9/pub/gentoo"

MAKEOPTS="-j2"

PKGDIR="/var/lib/portage/packages"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

PORTDIR_OVERLAY="/opt/portage"

SYNC="rsync://rsync.gentoo.org/gentoo-portage"

USE="berkdb cracklib crypt hardened midi nls nptl nptlonly pam pic readline ssl tcpd urandom x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias asis auth_digest authn_dbd cern_meta charset_lite dbd dumpio ident imagemap log_forensic proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo"

Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
```

I've opened a bug for this too: #214748

Not sure if this will help:

```
# ldd `which lshw`

        linux-gate.so.1 =>  (0xb7f6e000)

        libstdc++.so.6 => /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/libstdc++.so.6 (0xb7e33000)

        libgcc_s.so.1 => /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/libgcc_s.so.1 (0xb7e29000)

        libc.so.6 => /lib/libc.so.6 (0xb7cfc000)

        libm.so.6 => /lib/libm.so.6 (0xb7cd7000)

        /lib/ld-linux.so.2 (0xb7f6f000)
```

I've always had the same "lshw" version:

```
# emerge -s lshw

Searching...

[ Results for search key : lshw ]

[ Applications found : 1 ]

*  sys-apps/lshw

      Latest version available: 02.11.01b

      Latest version installed: 02.11.01b

      Size of files: 1,138 kB

      Homepage:      http://ezix.org/project/wiki/HardwareLiSter

      Description:   Hardware Lister

      License:       GPL-2
```

I've always kept my system up to date, and something that I've upgraded recently has caused this.

----------

## schachti

It runs well here (hardened gcc 4.2.3, vanilla-sources-2.6.24.4 patched with grsecurity).

----------

## richard.scott

exactly, thanks for clarification   :Smile: 

I don't think its a problem with the kernel or hardened gcc.... its just a feature of lshw that is now showing up!   :Embarassed: 

----------

