[gmx-users] Using gromacs 4.0.5 built with FORTIFY_SOURCE feature
Yasuyuki Araki
yasu.araki at gmail.com
Wed Sep 9 04:10:12 CEST 2009
Hi,
Thanks for the reply,
>> I now use gentoo linux with gcc 4.3.4, which has FORTIFY_SOURCE feature.
>>
>> When I built gromacs 4.0.5 with this gcc, every command, like grompp,
>> pdb2gmx
>> and so on, makes buffer overflow and stoppes immediately.
>
> Whatever FORTIFY_SOURCE does, either it is poorly-constructed or the way
> you're using it is.
I guess it's depend on my lack of knowledge about gcc.
> If you have a link, you should provide us with it :-) Right-click on the
> frame to copy a URL.
This topic was in the thread followed by this reoprt;
http://lists.gromacs.org/pipermail/gmx-users/2009-July/043177.html
>> I found these two additional troubles;
>> 3: Commands including gromacs make no problems when I appoint it by
>> absolute path, for example /usr/bin/grompp (in my gentoo box),
>> however in this case,
>> just typing command only "grompp" makes buffer overflow.
>> 4: Super user has no problems to use gromacs in my gentoo box.
>
> Probably you are calling different versions with different PATH variables.
> Use "which" to find out.
It is not the point. I am installing gromacs with the package
manager available in gentoo linux, so only one version of gromacs (4.0.5)
exists in my gentoo box.
>> As it happened I re-build gromacs with the environmental variable
>> CFLAGS="-U_FORTIFY_SOURCE" to turn off the FORTIFY_SOURCE feature,
>> all problems mentioned above seem clear.
>
> My Googling suggests -U-FORTIFY-SOURCE is the way to turn it off.
Yes, so I guess this buffer overflow have triggered by FORTIFY_SOURCE feature.
>> Can I ask you I should turn off the FORTIFY_SOURCE feature to build and
>> use
>> gromacs with such a gcc version or I can find the other way?
>
> This "feature" is probably a security thing to prevent malicious code using
> buffer overruns to get access to do bad things. Unless you're making GROMACS
> freely available to a potential hacker, if you trust the GROMACS developers,
> then you don't want FORTIFY_SOURCE enabled if it causes problems.
OK, I just turn off FORTIFY_SOURCE feature when I build gromacs.
Thanks,
Yasuyuki Araki
More information about the gromacs.org_gmx-users
mailing list