# hardened-sources and repeatable segfaults

## richard.scott

Hi,

I have a system that will always segfault under 2.6.25-hardened-r11 but is fine under r10.

For example, the latest one is ntp:

```
configure: Using supplied libopts tearoff

checking for ANSI C header files... (cached) yes

checking for dirent.h that defines DIR... /usr/lib/portage/bin/ebuild.sh: line 444: 15107 Segmentation fault      "${ECONF_SOURCE}/configure" --prefix=/usr --host=${CHOST} --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib "$@" ${LOCAL_EXTRA_ECONF}

!!! Please attach the following file when seeking support:

!!! /var/tmp/portage/net-misc/ntp-4.2.4_p6/work/ntp-4.2.4p6/config.log

 *

 * ERROR: net-misc/ntp-4.2.4_p6 failed.

 * Call stack:

 *               ebuild.sh, line   49:  Called src_compile

 *             environment, line 2106:  Called econf '--disable-linuxcaps' '--disable-parse-clocks' '--disable-ipv6' '--disable-debugging' '--with-crypto'

 *               ebuild.sh, line  529:  Called die

 * The specific snippet of code:

 *                      die "econf failed"

 *  The die message:

 *   econf failed
```

This fails when emerging under 2.6.25-hardened-r11, but under r10 its fine.

I've used the same kernel config from the r10 to compile r11!

Anyone else had this?

Rich.Last edited by richard.scott on Tue Jan 20, 2009 9:14 am; edited 1 time in total

----------

## Hu

This problem sounds familiar, but I cannot find any bugs about it in the Gentoo bug tracker.  Is there anything in the kernel log about a PaX event?  Does -r12 work better?  Can you try using the grsecurity code from -r10 with the genpatches from -r11, to determine whether the problem came from a grsecurity change or a vanilla change?  The ChangeLog does not mention any grsecurity changes between -r10 and -r11, but I no longer have a -r10 ebuild locally to confirm that.

----------

## richard.scott

I'm not totally sure what it is.

I was installing ntp into a chroot and I've deleted it all and started again and it seems ok so far?

Very strange.

Rich

----------

## zorry

Bug on b.g.o net-misc/ntp-4.2.4_p6 - /bin/sh crashes while running configure on hardened

----------

## richard.scott

That's excellent news.... reading the bug report has made me realise that the other random segfaults I was having are all hardened related too!

It's just that the NTP one was the only one I could reproduce!

Thanks for the info   :Very Happy: 

----------

## richard.scott

Booting from a 2.6.25-hardened-r13 kernel enabled me to install NTP   :Very Happy: 

I've also noticed tho that if your installing into a chrooted environment (even doing a non hardened installation in your chroot) it also fails if your booting from one of the suspect hardened kernels.

----------

