| 1 |
Hello, |
| 2 |
|
| 3 |
I run a Gentoo (hardened/amd64) and after some modifications to my system |
| 4 |
(updates, new kernel, new softwares) I decided to reboot it. After the |
| 5 |
reboot, X.org did not start, neither did Amarok. |
| 6 |
|
| 7 |
After some investigations, I found that the X server could run with the nv |
| 8 |
driver but not with the nvidia driver, and Amarok crashed within a function |
| 9 |
in /usr/lib64/opengl/nvidia/lib/... |
| 10 |
|
| 11 |
A strace gave me : |
| 12 |
|
| 13 |
open("/dev/zero", O_RDWR) = 3 |
| 14 |
mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|0x40, 3, 0) = -1 |
| 15 |
EPERM (Operation not permitted) |
| 16 |
mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE, 3, 0) = -1 EPERM |
| 17 |
(Operation not permitted) |
| 18 |
close(3) = 0 |
| 19 |
--- SIGSEGV (Segmentation fault) @ 0 (0) --- |
| 20 |
|
| 21 |
With google, I found : |
| 22 |
|
| 23 |
http://mail-index.netbsd.org/tech-security/2004/06/24/0010.html |
| 24 |
> Now that we have noexec permissions on pages (for some architectures), |
| 25 |
> make the mapping of vnode backed pages with PROT_EXEC only be allowed |
| 26 |
> on filesystems that were not mounted with noexec. Otherwise, |
| 27 |
> mmap/uvm_map/mprotect will return EPERM for the mapping operation. |
| 28 |
|
| 29 |
|
| 30 |
So, I watched my /etc/fstab and found : |
| 31 |
udev /dev tmpfs nosuid,noexec,size=16M 0 0 |
| 32 |
|
| 33 |
After I removed the noexec flag, all worked perfectly. |
| 34 |
|
| 35 |
I hope this will help somebody. |
| 36 |
|
| 37 |
Nicolas MASSE |
| 38 |
|
| 39 |
-- |
| 40 |
gentoo-amd64@g.o mailing list |
Archives