Hello,
I run a Gentoo (hardened/amd64) and after some modifications to my system
(updates, new kernel, new softwares) I decided to reboot it. After the
reboot, X.org did not start, neither did Amarok.
After some investigations, I found that the X server could run with the nv
driver but not with the nvidia driver, and Amarok crashed within a function
in /usr/lib64/opengl/nvidia/lib/...
A strace gave me :
open("/dev/zero", O_RDWR) = 3
mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|0x40, 3, 0) = -1
EPERM (Operation not permitted)
mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE, 3, 0) = -1 EPERM
(Operation not permitted)
close(3) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
With google, I found :
http://mail-index.netbsd.org/tech-security/2004/06/24/0010.html
> Now that we have noexec permissions on pages (for some architectures),
> make the mapping of vnode backed pages with PROT_EXEC only be allowed
> on filesystems that were not mounted with noexec. Otherwise,
> mmap/uvm_map/mprotect will return EPERM for the mapping operation.
So, I watched my /etc/fstab and found :
udev /dev tmpfs nosuid,noexec,size=16M 0 0
After I removed the noexec flag, all worked perfectly.
I hope this will help somebody.
Nicolas MASSE
--
[email protected] mailing list
