| 1 |
On 05/16/2012 12:12 PM, PaX Team wrote: |
| 2 |
> On 16 May 2012 at 16:39, Hinnerk van Bruinehsen wrote: |
| 3 |
> |
| 4 |
>> at the moment the thunderbird-ebuild in the tree does a "pax mark m" |
| 5 |
>> on the binary. |
| 6 |
>> At least for me thunderbird works fine if I just disable jit. |
| 7 |
> |
| 8 |
> there're a few packages that define a local 'jit' USE flag, i'd say |
| 9 |
> thunderbird/firefox/etc should use it as well to disable JIT related |
| 10 |
> options and avoid the pax-mark (not sure why pax-kernel came to mean |
| 11 |
> this, that's for kernel modules, not userland, and this JIT stuff is |
| 12 |
> useful for more kernels than just PaX based ones). |
| 13 |
> |
| 14 |
>> What would be the workflow for reporting that. Should I file a bugreport? |
| 15 |
> |
| 16 |
> this i don't know, but probably bugzilla ;) |
| 17 |
> |
| 18 |
|
| 19 |
USE="pax_kernel" is supposed to mean "we are compiling this binary |
| 20 |
because it may be run under a pax enabled kernel". I say "may" here |
| 21 |
because people can have several kernels on their box, some may have pax |
| 22 |
and some may not. So, if you expect the binary might break without pax |
| 23 |
markings when running on a pax kernel, then set this flag. Since PT_PAX |
| 24 |
markings are ignored by a vanilla kernel, no harm done. |
| 25 |
|
| 26 |
This flag was introduced to distinguish the above from USE="hardened" |
| 27 |
which only refers to the toolchain, and the goodies it brings along. |
| 28 |
|
| 29 |
Having said that, its clearly better to disable JIT and not pax mark |
| 30 |
then vice versa. We have jit disabled by default in the hardened profiles. |
| 31 |
|
| 32 |
-- |
| 33 |
Anthony G. Basile, Ph. D. |
| 34 |
Chair of Information Technology |
| 35 |
D'Youville College |
| 36 |
Buffalo, NY 14201 |
| 37 |
(716) 829-8197 |
Archives