SBCL working at all with GRsec and PaX?
I was never able to get SBCL to run when compiled with a hardened gcc. There
are several bugs already filed about it but so far there has been no
resolution that I know of. It looks like a significant amount of effort was
put into fixing the build process to work with a PIE-enabled compiler with
not much luck.
If you are using the latest versions of SBCL you may want to check in with
one or more of these bugs and report your findings:
https://bugs.gentoo.org/show_bug.cgi?id=380797
https://bugs.gentoo.org/show_bug.cgi?id=154887
https://bugs.gentoo.org/show_bug.cgi?id=264159
I had better luck with some of the other Lisp implementations, but
eventually just switched over to Scheme (mit-scheme and guile, at least,
work just fine under hardened.)
--Mike
> -----Original Message-----
> From: napalm@squareownz.org [mailto:napalm@squareownz.org]
> Sent: Monday, April 16, 2012 6:44 PM
> To: gentoo-hardened@lists.gentoo.org
> Subject: [gentoo-hardened] SBCL working at all with GRsec and PaX?
>
> Heya folks,
>
> The only version of SBCL I have that actually works is one I compiled
> under gentoo-sources with vanilla GCC.
>
> Has anyone managed to compile even a remotely recent version of SBCL
> under hardened?
>
> I was using an overlay to attempt to get dev-lisp/sbcl-1.0.55-r1 but
> absolutely no version I've found works (even after changing the one in
> the overlay because it was using pax-tool or something instead of
> paxctl to deal with the sbcl kernel-image-thinger).
>
> This is the last build log I got out of it:
> http://bpaste.net/show/7iYaCGigirPZI6UQFrac/
> Sorry it's a huge mess but it seems a lot of the dev-lisp packages like
> to ignore some of the common conventions!
>
> It's mainly for a friend who has an account on the machine that I'm
> trying to get a relatively recent version of SBCL on the go since the
> machine's a bit of a powerhouse and SBCL can output some blazingly fast
> programs.
>
> Cheers!
> Nay
|
