[Server-devel] pam-sotp rpm package

Douglas Bagnall douglas at paradise.net.nz
Thu Oct 23 22:45:58 EDT 2008


hi Rahul, server-devel,

I've made a new pam_sotp RPM, which differs only in that it is
compiled with CFLAGS="-fno-stack-protector".  I made this change
because the original was causing errors like this:

PAM unable to dlopen(/lib/security/pam_sotp.so): \
  /lib/security/pam_sotp.so: undefined symbol: __stack_chk_fail_local

It makes me nervous to be turning off stack smashing checks on pam
modules, notwithstanding that this error seems to be caused by gcc
incompatibilities (-fstack-protector is newish) rather than any actual
deficiency.

Does anyone have a better patch or understanding of the cause?  In
similar looking cases Google suggests linking using gcc rather than
ld, but my rpm-fu is too weak to cause that.

Douglas


$ diff -u /usr/src/redhat/SPECS/pam_sotp.spec  pam_sotp.spec
--- /usr/src/redhat/SPECS/pam_sotp.spec	2008-07-23 18:10:53.000000000 +1200
+++ pam_sotp.spec	2008-10-24 15:08:55.000000000 +1300
@@ -4,7 +4,7 @@

 Name:           pam_sotp
 Version:        0.3.3
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        PAM module that provides support for One Time
Passwords (OTP) authentication

 Group:          System Environment/Base
@@ -32,7 +32,7 @@

 %build
 %{configure} --with-randomdev=/dev/urandom
-%{__make} %{?_smp_mflags}
+%{__make} %{?_smp_mflags} CFLAGS="-fno-stack-protector"
 /usr/bin/links -dump file://./doc/manual/html/manual.html > manual.txt


@@ -70,5 +70,7 @@
 %{_bindir}/otppasswd

 %changelog
+* Fri Oct 24 2008  Douglas Bagnall  <douglas at paradise.net.nz> 0.3.3-2
+- add '-fno-stack-protector' to CFLAGS.
 * Wed Jul 23 2008  Rahul Sundaram  <sundaram at fedoraproject.org> 0.3.3-1
 - initial build


More information about the Server-devel mailing list