Gentoo Archives: gentoo-amd64

From: Nicolas MASSE <nicolas27.masse@×××××××.net>
To: gentoo-hardened@l.g.o
Cc: gentoo-amd64@l.g.o
Subject: [gentoo-amd64] [SOLVED] Amarok and X.org crashing with hardened gentoo on amd64
Date: Sat, 14 Jan 2006 11:44:09
Message-Id: 200601141240.21751.nicolas27.masse@laposte.net
Hello,

I run a Gentoo (hardened/amd64) and after some modifications to my system 
(updates, new kernel, new softwares) I decided to reboot it. After the 
reboot, X.org did not start, neither did Amarok.

After some investigations, I found that the X server could run with the nv 
driver but not with the nvidia driver, and Amarok crashed within a function 
in /usr/lib64/opengl/nvidia/lib/... 

A strace gave me : 

open("/dev/zero", O_RDWR)               = 3
mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|0x40, 3, 0) = -1 
EPERM (Operation not permitted)
mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE, 3, 0) = -1 EPERM 
(Operation not permitted)
close(3)                                = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---

With google, I found : 

http://mail-index.netbsd.org/tech-security/2004/06/24/0010.html
> Now that we have noexec permissions on pages (for some architectures), > make the mapping of vnode backed pages with PROT_EXEC only be allowed > on filesystems that were not mounted with noexec. Otherwise, > mmap/uvm_map/mprotect will return EPERM for the mapping operation.
So, I watched my /etc/fstab and found : udev /dev tmpfs nosuid,noexec,size=16M 0 0 After I removed the noexec flag, all worked perfectly. I hope this will help somebody. Nicolas MASSE -- gentoo-amd64@g.o mailing list

Replies

Subject Author
Re: [gentoo-amd64] [SOLVED] Amarok and X.org crashing with hardened gentoo on amd64 Sebastian Redl <sebastian.redl@×××××××××××.at>