Re: [gentoo-hardened] [SOLVED] Amarok and X.org crashing with hardened gentoo on amd64

Sat, 14 Jan 2006 06:56:08 -0800 

On Saturday 14 January 2006 15:30, [EMAIL PROTECTED] wrote:
> On 14 Jan 2006 at 12:40, Nicolas MASSE wrote:
> > open("/dev/zero", O_RDWR)               = 3
> > mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|0x40, 3, 0)
> > = -1 EPERM (Operation not permitted)
> > mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE, 3, 0) = -1
> > EPERM (Operation not permitted)
>
> [snipped]
>
> > So, I watched my /etc/fstab and found :
> > udev /dev tmpfs nosuid,noexec,size=16M 0 0
> >
> > After I removed the noexec flag, all worked perfectly.
> >
> > I hope this will help somebody.
>
> thanks for the investigation but the cure is worse than the disease ;-).
> there's a reason why /dev is mounted noexec, and the correct solution
> is to tell the nvidia folks that mapping /dev/zero to obtain anonymous
> memory is old-school and completely unnecessary, mmap() has supported
> MAP_ANONYMOUS for a long time now. also, if they don't need PROT_EXEC
> then they shouldn't ask for it (that would also fix it for /dev/zero).

I reported the bug (https://bugs.gentoo.org/show_bug.cgi?id=118974) but I 
received the following response : 

>            What    |Removed                     |Added
> ---------------------------------------------------------------------------
>- Status|NEW                         |RESOLVED
>          Resolution|                            |INVALID
>
>
>
>
> ------- Comment #1 from [EMAIL PROTECTED]  2006-01-14 05:07 PST -------
> (In reply to comment #0)
>
> > So, I watched my /etc/fstab and found :
> > udev /dev tmpfs nosuid,noexec,size=16M 0 0
> >
> > After I removed the noexec flag, all worked perfectly.
>
> You are not supposed to have noexec for udev, it doesn't work on multiple
> occasions.

I think it's my fault because noexec and nosuid are not standard flags for 
udev. But I don't understand why it doesn't work...

The man page of mount does'nt mention the bug :
> noexec Do  not allow direct execution of any binaries on the mounted
> file system.  (Until recently it was possible to run binaries anyway using
> a command like /lib/ld*.so /mnt/binary. This trick fails since
> Linux 2.4.25 / 2.6.0.)


-- 
[email protected] mailing list

Reply via email to