On Thu, Jun 09, 2011 at 11:26:26AM -0400, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 06/09/2011 09:19 AM, Neal Becker wrote: > > I just compiled 'hello world.go' with gccgo on F15 and got selinux alert > > about > > mmap_zero when executable was run. > > > THen I would open a big bug with gccgo and tell them to fix their code. > > mmap_zero is a known attack vector for exploiting kernel flaws, and > almost no applications should need this access. > > Here is a discussion on it, and the problems that it caused SELinux. > > http://eparis.livejournal.com/
See https://bugzilla.redhat.com/show_bug.cgi?id=693143 mmap_zero audit message sounds like a kernel bug rather than gccgo, all it needs is executable stack (well, I think it really wants executable heap but is marked as needing executable stack). It has been reported to Ian, but nothing has been rewritten upstream yet. Jakub -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
