Re: MoarVM without executable stacks?
On Mon, Apr 13, 2015 at 12:25:25AM -0400, Mark Montague wrote: : Sorry for the noise. No need to apologize--I thought it was interesting. Larry
Re: MoarVM without executable stacks?
On 2015-04-12 11:22, Mark Montague wrote: It is possible to build and run MoarVM on systems that prohibit executable stacks? [...] Here's what happens when I try to build Rakudo Star: $ perl Configure.pl --backend=moar --gen-moar [... lots of output ...] Building NQP ... /usr/bin/perl Configure.pl --prefix=/home/markmont/rakudo/rakudo-star-2015.03/install --backends=moar --make-install /home/markmont/rakudo/rakudo-star-2015.03/install/bin/moar: error while loading shared libraries: libmoar.so: cannot enable executable stack as shared object requires: Permission denied It looks like executable stacks are not needed. If MoarVM is built with LDFLAGS="-Wl,-z,noexecstack" then even with JIT enabled everything seems fine. The SELinux execmem permission is still needed, regardless of whether JIT is enabled, but this seems reasonable to me (unlike execstack). Linking with -Wl,-z,noexecstack is an inelegant solution -- the cause of the problem and better solutions are discussed at https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart I'm going to do some more testing and investigation before considering whether submitting a patch is a reasonable thing to do. "make rakudo-spectest" passes except for S26-documentation/why-trailing.t although that test succeeds when run manually, and I'd also like to look into this issue before proposing any changes. I'll move this to the perl6-compiler list at that point. Sorry for the noise. -- Mark Montague m...@catseye.org
MoarVM without executable stacks?
rakudo-star-2015.03, Fedora 21 x86_64 It is possible to build and run MoarVM on systems that prohibit executable stacks? I have executable stacks and executable heaps turned off for security reasons on my web servers. Here's what happens when I try to build Rakudo Star: $ perl Configure.pl --backend=moar --gen-moar [... lots of output ...] Building NQP ... /usr/bin/perl Configure.pl --prefix=/home/markmont/rakudo/rakudo-star-2015.03/install --backends=moar --make-install /home/markmont/rakudo/rakudo-star-2015.03/install/bin/moar: error while loading shared libraries: libmoar.so: cannot enable executable stack as shared object requires: Permission denied ===SORRY!=== No suitable MoarVM (moar executable) found using the --prefix (You can get a MoarVM built automatically with --gen-moar.) Command failed (status 32512): /usr/bin/perl Configure.pl --prefix=/home/markmont/rakudo/rakudo-star-2015.03/install --backends=moar --make-install $ Hacking MoarVM/Configure.pl to turn off JIT doesn't help, the same problem still occurs. However, everything works fine if I undo the lockdown to permit executable heaps/stacks, relocatable text segments, and unconfined users. Parrot formerly worked fine on these systems. Is there any way to use MoarVM without needing executable stacks or executable heaps, so that it functions purely as a bytecode interpreter? -- Mark Montague m...@catseye.org
