Nmap Development mailing list archives
Re: Error building nmap on amd64
From: David Fifield <david () bamsoftware com>
Date: Mon, 25 Aug 2008 18:02:10 -0600
On Fri, Aug 22, 2008 at 01:47:33PM -0600, David Fifield wrote:
On Tue, Aug 19, 2008 at 09:01:08PM +0200, Sven Klemm wrote:when trying to build nmap on amd64 I am getting the following error. make[2]: Entering directory `/tmp/nmap/nselib-bin' ./libtool --tag=CC --silent --mode=compile gcc -I../liblua -g -O2 -c bit.c ./libtool --tag=CC --silent --mode=link gcc -avoid-version -module - -rpath /usr/local/libexec/nmap/nselib-bin -L../liblua -o bit.la bit.lo -llua -lm /usr/bin/ld: /tmp/nmap/liblua/liblua.a(lapi.o): relocation R_X86_64_32 against `luaO_nilobject_' can not be used when making a shared object; recompile with -fPIC /tmp/nmap/liblua/liblua.a: could not read symbols: Bad value collect2: ld returned 1 exit status make[2]: *** [bit.so] Error 1 make[2]: Leaving directory `/tmp/nmap/nselib-bin' make[1]: *** [nsestdlib] Error 2 make[1]: Leaving directory `/tmp/nmap' make: *** [all] Error 2 The reason for the error is liblua is not compiled with -fPIC which is needed for shared libraries on amd64. When I manually build liblua with -fPIC I don't get any error. configure should probably check if - -fPIC is needed for shared libraries and enable it for liblua.I can reproduce this on amd64. It used to work, but it appears to have stopped working when I checked in r9353. That added -llua to the link line used to create shared modules; it was intended to make loading of shared modules work when Nmap was compiled statically. Note that it used to work without -fPIC, so I think the -fPIC warning is just a symptom of a different problem. The recommended way to build shared modules is to link the main executable with liblua, and use the linker flag -Wl,-E which causes symbols to be dynamically exported. When bit.so looks for lua_pushnumber it finds it within the nmap executable. "Static linking is incompatible with the use of dlopen()" http://lua-users.org/lists/lua-l/2007-11/msg00110.html When linking statically -Wl,-E has no effect and symbols like lua_pushnumber are not exported for the use of shared modules. That was a bug reported here: http://seclists.org/nmap-dev/2008/q1/0405.html That fixed the problem on x86 but (as I now know) it doesn't work on platforms like amd64 where you can't just link static and dynamic objects. Linking each module with liblua also makes them bigger: bit.so increases in size from 16000 to 390000 bytes. The ability to link Nmap statically is important because that's how the RPMs are built. Some solutions I see are * Compile liblua with -fPIC unconditionally, * Modify the liblua makefile to use -fPIC when necessary, * Modify the module loading system so that modules can be compiled in statically or loaded dynamically.
After thinking about this some more and discussing it with Fyodor, I have this proposal: remove support for shared modules from NSE. Currently there is only one shared module, bit.so, and it's tiny. We used to have another one, pcre.so, but it was changed to be linked statically into the nmap executable when we ran into a similar problem last year: Libtool, static libraries, and NSE modules http://seclists.org/nmap-dev/2007/q4/0085.html The base problem is that statically linking the nmap executable and having dyamically loaded NSE modules are incompatible. We could work around it by using -fPIC and linking each module separately with liblua, but the Lua wiki insists that this approach "is *not* a good idea." "Do Not Link Modules to the Lua Core Libraries" http://lua-users.org/wiki/BuildingModules This change change would remove support for shared NSE modules and change bit into a statically linked module like bin, hash, and pcre. This is a moderately substantial change so please speak up if you have a reason why shared modules should be retained. For more on NSE shared modules see http://nmap.org/book/nse-implementation.html#nse-implementation-c-modules David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Error building nmap on amd64 Sven Klemm (Aug 19)
- Re: Error building nmap on amd64 David Fifield (Aug 22)
- Re: Error building nmap on amd64 David Fifield (Aug 25)
- Re: Error building nmap on amd64 Sven Klemm (Aug 25)
- Re: Error building nmap on amd64 David Fifield (Aug 26)
- Re: Error building nmap on amd64 Sven Klemm (Aug 29)
- Re: Error building nmap on amd64 David Fifield (Aug 29)
- Re: Error building nmap on amd64 jah (Sep 03)
- Re: nselib-bin David Fifield (Sep 04)
- Re: nselib-bin Fyodor (Sep 04)
- RE: nselib-bin Rob Nicholls (Sep 05)
- Re: nselib-bin David Fifield (Sep 05)
- Re: Error building nmap on amd64 David Fifield (Aug 25)
- Re: nselib-bin David Fifield (Sep 04)
- Re: Error building nmap on amd64 David Fifield (Aug 22)