Re: [Xen-devel] Unable to compile Xen-2.0

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

>>I am running Gentoo Linux with GCC 3.4.2 and glibc 2.3.4.20040808 
>>compiled with NPTL only (no LinuxThreads) and both a 2.6.9 and a 2.6.8.1 
>>kernel. 
>>
>>Any thoughts or suggestions are greatly appreciated. I will try with GCC 
>>3.3.3 to see if that helps.
> 
> It's probably a gcc version issue. We try to get stuff working
> with most gcc versions, but no-one round here uses 3.4 by default
> -- it's way too bleeding edge.

Compiled the xenU fine with gcc 3.3.3 - must be a gcc issue. I'm testing 
on a box at the moment, so have installed all the new toys to play with 
:) Might try with SSP and PIE again ...

>>The GCC has ssp-3.4.1 and pie-8.7.6.5 compiled in, but they are 
>>disabled for the compilation as Xen will not compile with them enabled 
>>(Are there plans to allow this?). 
> 
> What are ssp and pie?

SSP is Stack Smashing Protection - formerly ProPolice (see 
http://www.trl.ibm.com/projects/security/ssp/ for more info) and PIE is 
Position Independent Executable i.e. PIC for binaries. SSP modifies the 
C compiler to insert initialization code into functions that create a 
buffer in memory. At run time, when a buffer is created, SSP adds a 
secret random value, the canary, to the end of the buffer. When the 
function returns, SSP makes sure that the canary is still intact. If an 
attacker were to perform a buffer overflow, he would overwrite this 
value and trigger that stack smashing handler. Currently this kills the 
target process. (Descriptions borrowed from Gentoo Hardened Project 
http://www.gentoo.org/proj/en/hardened/) They provide an extra layer of 
security from attack on a server open to the world.