devenv
devenv copied to clipboard
Published
20 hours ago •
cachix
cachix
When using gcc cannot use -fno-stack-protector even though im passing the flag
Describe the bug Title
SOrry dont have time for more information, its just what the title says. Get gcc from nix. Try to compile w -fno-stack-protector has no effect? Its maybe the nix store gcc wrapper?
Ok so this is my output when running gcc with NIX_DEBUG=1
NIX_DEBUG=1 gcc
HARDENING: disabled flags: pie stackclashprotection fortify trivialautovarinit
HARDENING: Is active (not completely disabled with "all" flag)
HARDENING: enabling pic
HARDENING: enabling fortify3
HARDENING: enabling format
HARDENING: enabling zerocallusedregs
HARDENING: enabling stackprotector
HARDENING: enabling strictoverflow
extra flags before to /nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/bin/gcc:
-fPIC
-O2
-U_FORTIFY_SOURCE
-Wformat
-Wformat-security
-Werror=format-security
-fzero-call-used-regs=used-gpr
-fstack-protector-strong
--param
ssp-buffer-size=4
-fno-strict-overflow
original flags to /nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/bin/gcc:
''
extra flags after to /nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/bin/gcc:
-U_FORTIFY_SOURCE
-D_FORTIFY_SOURCE=3
-B/nix/store/0wydilnf1c9vznywsvxqnaing4wraaxp-glibc-2.39-52/lib/
-idirafter
/nix/store/1vp54ln0frvhzgasr2a377mfbwvqdm6i-glibc-2.39-52-dev/include
-idirafter
/nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/lib/gcc/x86_64-unknown-linux-gnu/13.3.0/include-fixed
-B/nix/store/kgmfgzb90h658xg0i7mxh9wgyx0nrqac-gcc-13.3.0-lib/lib
-B/nix/store/62zpnw69ylcfhcpy1di8152zlzmbls91-gcc-wrapper-13.3.0/bin/
-frandom-seed=mz5slkrbm0
-isystem
/nix/store/8gr5ybhmdkafii5idcg57p66nk1qd6sf-postgresql-15.7/include
-isystem
/nix/store/3ssglpx5xilkrmkhyl4bg0501wshmsgv-gnumake-4.4.1/include
-isystem
/nix/store/3w65f90aqzb03ldsyjdp4hbxvgbcqz5l-gdb-15.1/include
-isystem
/nix/store/vmkz2plcbvmikjxlpjklh77w5ygy4aw3-valgrind-3.23.0-dev/include
-isystem
/nix/store/8gr5ybhmdkafii5idcg57p66nk1qd6sf-postgresql-15.7/include
-isystem
/nix/store/3ssglpx5xilkrmkhyl4bg0501wshmsgv-gnumake-4.4.1/include
-isystem
/nix/store/3w65f90aqzb03ldsyjdp4hbxvgbcqz5l-gdb-15.1/include
-isystem
/nix/store/vmkz2plcbvmikjxlpjklh77w5ygy4aw3-valgrind-3.23.0-dev/include
gcc: fatal error: no input files
compilation terminated.
then I add env.hardeningDisable = ["all"]; to my devenv.nix file. This the debug result
NIX_DEBUG=1 gcc
HARDENING: disabled flags: pie pic stackclashprotection fortify3 format zerocallusedregs stackprotector fortify strictoverflow trivialautovarinit
extra flags before to /nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/bin/gcc:
''
original flags to /nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/bin/gcc:
''
extra flags after to /nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/bin/gcc:
-B/nix/store/0wydilnf1c9vznywsvxqnaing4wraaxp-glibc-2.39-52/lib/
-idirafter
/nix/store/1vp54ln0frvhzgasr2a377mfbwvqdm6i-glibc-2.39-52-dev/include
-idirafter
/nix/store/zw4dkm2hl72kfz7j2ci4qbc0avgxzz75-gcc-13.3.0/lib/gcc/x86_64-unknown-linux-gnu/13.3.0/include-fixed
-B/nix/store/kgmfgzb90h658xg0i7mxh9wgyx0nrqac-gcc-13.3.0-lib/lib
-B/nix/store/62zpnw69ylcfhcpy1di8152zlzmbls91-gcc-wrapper-13.3.0/bin/
-frandom-seed=c6g8vvka1j
-isystem
/nix/store/8gr5ybhmdkafii5idcg57p66nk1qd6sf-postgresql-15.7/include
-isystem
/nix/store/3ssglpx5xilkrmkhyl4bg0501wshmsgv-gnumake-4.4.1/include
-isystem
/nix/store/3w65f90aqzb03ldsyjdp4hbxvgbcqz5l-gdb-15.1/include
-isystem
/nix/store/vmkz2plcbvmikjxlpjklh77w5ygy4aw3-valgrind-3.23.0-dev/include
-isystem
/nix/store/8gr5ybhmdkafii5idcg57p66nk1qd6sf-postgresql-15.7/include
-isystem
/nix/store/3ssglpx5xilkrmkhyl4bg0501wshmsgv-gnumake-4.4.1/include
-isystem
/nix/store/3w65f90aqzb03ldsyjdp4hbxvgbcqz5l-gdb-15.1/include
-isystem
/nix/store/vmkz2plcbvmikjxlpjklh77w5ygy4aw3-valgrind-3.23.0-dev/include
gcc: fatal error: no input files
compilation terminated.
soo using env.hardeningDisable = ["all"]; should fix your problem
Nixpkgs uses hardening flags by default, you should be able to turn them off. We should probaby add this to our tips&tricks docs
