#738: ghc can't load files with selinux Enforcing
-------------------------------------------+--------------------------------
Reporter: [EMAIL PROTECTED] | Owner:
Type: feature request | Status: reopened
Priority: normal | Milestone: 6.6.2
Component: Runtime System | Version: 6.6.1
Severity: normal | Resolution:
Keywords: selinux | Difficulty: Unknown
Os: Linux | Testcase:
Architecture: x86 |
-------------------------------------------+--------------------------------
Changes (by [EMAIL PROTECTED]):
* milestone: 6.4.3 => 6.6.2
Comment:
The error I mentioned was caused by mmap-ing memory with PROT_EXEC and
PROT_WRITE permissions simultaneously, which security people consider as
bad thing.
This mmap resides at rts/MBlock.c:194
{{{
ret = mmap(addr, size, PROT_READ | PROT_WRITE | PROT_EXEC,
MAP_ANON | MAP_PRIVATE, -1, 0);
}}}
Just for experiment, I removed PROT_EXEC from this line and tried to
recompile GHC (this time at x86_64 platform). To my suprise it compiled
well. I've installed the compiled GHC and tried to build some programs
using it. It compiled all of my programs and they also worked fine.
So, the question is, does GHC really need executable memory here?
However, I found that GHCi become broken (but in a different way). At
starts it says:
{{{
$ ghci
___ ___ _
/ _ \ /\ /\/ __(_)
/ /_\// /_/ / / | | GHC Interactive, version 6.6.1, for Haskell 98.
/ /_\\/ __ / /___| | http://www.haskell.org/ghc/
\____/\/ /_/\____/|_| Type :? for help.
ghc-6.6.1: internal error: loadObj: can't map
`/usr/lib/ghc-6.6.1/HSbase.o'
(GHC version 6.6.1 for x86_64_unknown_linux)
Please report this as a GHC bug:
http://www.haskell.org/ghc/reportabug
Aborted
$
}}}
Running under strace shows following:
{{{
$ strace /usr/lib/ghc-6.6.1/ghc-6.6.1 -B/usr/lib/ghc-6.6.1 --interactive
/* ... some info skipped ... */
stat("/usr/lib/ghc-6.6.1/HSbase.o", {st_mode=S_IFREG|0644,
st_size=10789086, ...}) = 0
open("/usr/lib/ghc-6.6.1/HSbase.o", O_RDONLY) = 5
mmap(NULL, 10792960, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|0x40, 5,
0) = -1 EACCES (Permission denied)
write(2, "ghc-6.6.1: internal error: ", 27ghc-6.6.1: internal error: ) =
27
write(2, "loadObj: can\'t map `/usr/lib/ghc"..., 48loadObj: can't map
`/usr/lib/ghc-6.6.1/HSbase.o') = 48
}}}
The offending mmap is located rts/Linker.c:1354
{{{
oc->image = mmap(map_addr, n, PROT_EXEC|PROT_READ|PROT_WRITE,
MAP_PRIVATE|EXTRA_MAP_FLAGS, fd, 0);
if (oc->image == MAP_FAILED)
barf("loadObj: can't map `%s'", path);
}}}
Obviously PROT_EXEC and PROT_WRITE is the thing SELinux doesn't like. Does
this code
really need PROT_EXEC here?
May be it possible to map image with PROT_WRITE and without PROT_EXEC, fix
up all relocation/jumps/PLT/all-this-linker-stuff, and then remap it with
PROT_EXEC but without PROT_WRITE?
Another solution is mentioned at http://people.redhat.com/drepper/selinux-
mem.html
(see section "Example code to avoid execmem violations").
All major Linux distributions are slowly adopting SELinux, so the problem
may become quite annoying.
--
Ticket URL: <http://hackage.haskell.org/trac/ghc/ticket/738>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler_______________________________________________
Glasgow-haskell-bugs mailing list
[email protected]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-bugs
