Hi Michael, I just got to know tcc in recent few days, and I did not notice the "--with-selinux" option until my development centos box upgraded to the latest kernel, and then tcc tests started to segfault. With the option turned on, (at least) it enabled me to run tcc on a default selinux setting centos box.
I agree with you that tcc support for selinux has much room to be improved, while allowing JIT in a very confined selinux env this idea itself is dangerous from security perspective. Regards, Keren On Sat, Jan 11, 2014 at 2:38 PM, Michael Matz <[email protected]> wrote: > Hi, > > > On Sat, 11 Jan 2014, Michael Matz wrote: > > I just submitted a tentative patch to the mob branch about mmap. When >>> selinux is enabled, tccrun.c uses mmap to hold the dynamically generated >>> code/data. It is backed by a randomly named file under /tmp directory. My >>> patch is to use an anonymous file in mmap instead, so that the generated >>> code/data only resides in memory, and tcc does not depend on a writable >>> /tmp anymore. >>> >> >> It's customary to actually test changes before committing. In your case: >> >> % ./configure --with-selinux >> % make && make test >> ... >> ------------ test3 ------------ >> ../tcc -B.. -I.. -I.. -I../include -DCONFIG_LDDIR="\"lib64\"" >> -DTCC_TARGET_X86_64 -DONE_SOURCE -run ../tcc.c -B.. -I.. -I.. -I../include >> -DCONFIG_LDDIR="\"lib64\"" -DTCC_TARGET_X86_64 -DONE_SOURCE -run ../tcc.c >> -B.. -I.. -I.. -I../include -DCONFIG_LDDIR="\"lib64\"" -DTCC_TARGET_X86_64 >> -DONE_SOURCE -run ../tcc.c -B.. -I.. -I.. -I../include -run tcctest.c > >> test.out3 >> /bin/sh: line 1: 15954 Segmentation fault ../tcc -B.. -I.. -I.. >> -I../include -DCONFIG_LDDIR="\"lib64\"" -DTCC_TARGET_X86_64 -DONE_SOURCE >> -run ../tcc.c -B.. -I.. -I.. -I../include -DCONFIG_LDDIR="\"lib64\"" >> -DTCC_TARGET_X86_64 -DONE_SOURCE -run ../tcc.c -B.. -I.. -I.. -I../include >> -DCONFIG_LDDIR="\"lib64\"" -DTCC_TARGET_X86_64 -DONE_SOURCE -run ../tcc.c >> -B.. -I.. -I.. -I../include -run tcctest.c > test.out3 >> make[1]: *** [test3] Error 139 >> > > Actually I take back that this is caused by your change (it's not). I'll > maintain that the change you introduced would break a very confined SElinux > system for the stated reasons, _if it were working at all before your > change_. But after some more poking I conclude the whole SElinux support > seems to have either bitrotted or never was complete. In particular > ->runtime_mem (the mapping that's supposed to point to non-writable > executable memory reflecting the same data as ->write_mem) is never used > anywhere in the SElinux case except for munmapping it again, and tcc tries > to mprotect ->write_mem also in the SElinux case to be WRITE|EXEC, which > won't work for the reasons I mentioned in a very closed down SElinux system. > > That is all a preexisting problem, and from that perspective the whole > initialization and separation of ->runtime_mem and ->write_mem is useless > and merely confusing; it would probably be better to just do away with that > and use just one mapping (WRITE|EXEC, and because it's only one it can then > indeed be ANON) also in the SElinux case even though it wouldn't work for > all situations, like before (well, of course even better would be to make > the whole thing work for real even in a confined system :) ). > > > Ciao, > Michael. >
_______________________________________________ Tinycc-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/tinycc-devel
