时间戳

首页 > 解决方案 > 使用 ASAN 时如何修复错误“无法运行 C 编译程序”

linux - 使用 ASAN 时如何修复错误“无法运行 C 编译程序”

问题描述

问题:运行configure脚本工作正常,可以使用 C 编译器并运行生成的程序。一旦添加了 ASAN,配置脚本就会抱怨生成的程序无法运行。

./configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
...

对比

./configure CFLAGS="-fsanitize=address -fsanitize=undefined -fno-omit-frame-pointer -fstack-protector" LDFLAGS="-fsanitize=undefined -fsanitize=address" --enable-debug
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether CFLAGS can be modified... yes
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... configure: error: in `/tmp/test-asan':
configure: error: cannot run C compiled programs.
If you meant to cross compile, use `--host'.
See `config.log' for more details

config.log 显示:

configure:3653: checking whether we are cross compiling
configure:3661: gcc -o conftest -fsanitize=address -fsanitize=undefined -fno-omit-frame-pointer -fstack-protector  -fsanitize=undefined -fsanitize=address conftest.c  >&5
configure:3665: $? = 0
configure:3672: ./conftest
==9941==LeakSanitizer has encountered a fatal error.
==9941==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1
==9941==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)
configure:3676: $? = 1
configure:3683: error: in `/tmp/test-asan':
configure:3685: error: cannot run C compiled programs.

标签: linuxconfigureptraceaddress-sanitizer

解决方案

来自配置脚本的错误消息非常混乱(不涉及交叉编译),L​​eakSanitizer 的提示也好不了多少(我们不做任何调试)但包含一个重要提示:ptrace。

正如GDB + ptrace 问题所暗示的那样,问题是Yama 内核安全模块被配置为阻止 ASAN 使用 ptrace。

类似的,在 valgrind 中运行时可以看到更有用的消息:

调用 PR_SET_PTRACER 时出错,vgdb 可能会阻塞

要解决此问题:

  • 选项 1:在评估的 shell ( ) 中运行配置脚本(和以后的测试sudo bash
  • 选项 2(在本地/安全机器上 [可能是 VM/沙盒]):允许所有人使用 ptrace
    echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope

这样做时,配置脚本会按预期运行,如果清理程序发现任何错误,生成的程序会在退出时中止。

推荐阅读