[Server-devel] pam-sotp rpm package
Douglas Bagnall
douglas at paradise.net.nz
Thu Oct 23 22:45:58 EDT 2008
hi Rahul, server-devel,
I've made a new pam_sotp RPM, which differs only in that it is
compiled with CFLAGS="-fno-stack-protector". I made this change
because the original was causing errors like this:
PAM unable to dlopen(/lib/security/pam_sotp.so): \
/lib/security/pam_sotp.so: undefined symbol: __stack_chk_fail_local
It makes me nervous to be turning off stack smashing checks on pam
modules, notwithstanding that this error seems to be caused by gcc
incompatibilities (-fstack-protector is newish) rather than any actual
deficiency.
Does anyone have a better patch or understanding of the cause? In
similar looking cases Google suggests linking using gcc rather than
ld, but my rpm-fu is too weak to cause that.
Douglas
$ diff -u /usr/src/redhat/SPECS/pam_sotp.spec pam_sotp.spec
--- /usr/src/redhat/SPECS/pam_sotp.spec 2008-07-23 18:10:53.000000000 +1200
+++ pam_sotp.spec 2008-10-24 15:08:55.000000000 +1300
@@ -4,7 +4,7 @@
Name: pam_sotp
Version: 0.3.3
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: PAM module that provides support for One Time
Passwords (OTP) authentication
Group: System Environment/Base
@@ -32,7 +32,7 @@
%build
%{configure} --with-randomdev=/dev/urandom
-%{__make} %{?_smp_mflags}
+%{__make} %{?_smp_mflags} CFLAGS="-fno-stack-protector"
/usr/bin/links -dump file://./doc/manual/html/manual.html > manual.txt
@@ -70,5 +70,7 @@
%{_bindir}/otppasswd
%changelog
+* Fri Oct 24 2008 Douglas Bagnall <douglas at paradise.net.nz> 0.3.3-2
+- add '-fno-stack-protector' to CFLAGS.
* Wed Jul 23 2008 Rahul Sundaram <sundaram at fedoraproject.org> 0.3.3-1
- initial build
More information about the Server-devel
mailing list