| 1 |
2013.Május 29.(Sze) 03:29 időpontban Anthony G. Basile ezt írta: |
| 2 |
> On 05/28/2013 07:46 PM, "Tóth Attila" wrote: |
| 3 |
>> If PT_PAX has E, python2.7 would not start on my system. |
| 4 |
>> Let's correct that: |
| 5 |
>> paxctl-ng -e /usr/bin/python2.7 |
| 6 |
>> |
| 7 |
>> Now python works again. |
| 8 |
> |
| 9 |
> Something changed in the latest python upgrades because I'm having |
| 10 |
> problems of a different nature. I'll have to investigate. |
| 11 |
> |
| 12 |
|
| 13 |
I wanted the community to know, that the situation looks scary for the |
| 14 |
first time, but there's an easy fix. In case anybody else runs into this. |
| 15 |
|
| 16 |
>> |
| 17 |
>> Sidenote: |
| 18 |
>> Even after running migrate-pax -m, there are binaries on the system |
| 19 |
>> having |
| 20 |
>> only PT_PAX marking. Example: |
| 21 |
>> migrate-pax -m |
| 22 |
>> paxctl-ng -v /usr/bin/clear |
| 23 |
>> /usr/bin/clear: |
| 24 |
>> PT_PAX : -e--- |
| 25 |
>> XATTR_PAX : not found |
| 26 |
>> |
| 27 |
> |
| 28 |
> Unfortunately it is very difficult to find everything that links against |
| 29 |
> everything on a system. First there's just a simple logistic problem, |
| 30 |
> going through all ELF on a system and running ldd (or readelf -d) is |
| 31 |
> time consuming and likely to miss stuff. On gentoo with portage (not |
| 32 |
> paludis!) we have linkage info in NEEDED.ELF.2 in vdb created at build |
| 33 |
> time by examing linkage info, but this also can't be everything. |
| 34 |
> Consider plugins that dlopen-ed at runtime. |
| 35 |
> |
| 36 |
> So something will be missed. |
| 37 |
|
| 38 |
Is there an easy command I can use to list binaries having PT_PAX flags |
| 39 |
and missing XATTR_PAX flags? |
| 40 |
|
| 41 |
> |
| 42 |
> BUT! |
| 43 |
> |
| 44 |
> That's not what's happening there. No XATTR_PAX flags implies the |
| 45 |
> default markings which is "-e---". This is so we don't have to go |
| 46 |
> around creating xattrs on every ELF binary on your system just to get |
| 47 |
> the default. Upstream wanted it that way and it does make sense. |
| 48 |
|
| 49 |
According to my recent experience, if EMUTRAMP is enabled by a PT_PAX flag |
| 50 |
and there's no XATTR_PAX flag present, the system will listen to the |
| 51 |
PT_PAX flag. Can I influence this behavior to rather use the mentioned |
| 52 |
XATTR_PAX default and don't pay attention to the PT_PAX flag? |
| 53 |
|
| 54 |
Thanks: |
| 55 |
Dw. |
| 56 |
|
| 57 |
-- |
| 58 |
dr Tóth Attila, Radiológus, 06-20-825-8057 |
| 59 |
Attila Toth MD, Radiologist, +36-20-825-8057 |
Archives