Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Alex Efros <powerman@××××××××.name>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] denied RWX mmap by layman
Date: Sat, 07 Jun 2014 23:13:13
Message-Id: 20140607231308.GC2138@home.power
In Reply to: Re: [gentoo-hardened] denied RWX mmap by layman by "Tóth Attila"
1 Hi!
2
3 On Sat, Jun 07, 2014 at 11:48:53PM +0200, "Tóth Attila" wrote:
4 > > Some time ago I noticed this in kernel logs:
5 > > kern.alert: grsec: denied RWX mmap of <anonymous mapping> by
6 > > /usr/lib64/python-exec/python2.7/layman[layman:9717] uid/euid:0/0
7 > > gid/egid:0/0, parent /bin/bash[sh:9695] uid/euid:0/0 gid/egid:0/0
8 > > Looks like it doesn't break layman, but I still wonder why it happens and
9 > > is it possible to fix this (without paxmarking python, of course)?
10 > I don't see this in my logs. The python executable has the "E" flag on my
11 > systems.
12
13 I've just re-emerged both pythons, here is flags:
14
15 # paxctl-ng -v /usr/bin/python?.?
16 /usr/bin/python2.7:
17 PT_PAX : -e---
18 XATTR_PAX : -E---
19
20 /usr/bin/python3.3:
21 PT_PAX : -e---
22 XATTR_PAX : -E---
23
24 Next, I've run eix-sync and get this in kernel log:
25
26 2014-06-07_23:07:50.51597 kern.alert: grsec: denied RWX mmap of <anonymous mapping> by /usr/lib64/python-exec/python2.7/layman[layman:3854] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:3830] uid/euid:0/0 gid/egid:0/0
27 2014-06-07_23:07:50.82796 kern.alert: grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/python3.3[emerge:3977] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:3830] uid/euid:0/0 gid/egid:0/0
28 2014-06-07_23:07:56.00097 kern.alert: grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/python3.3[egencache:4009] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:3830] uid/euid:0/0 gid/egid:0/0
29 2014-06-07_23:07:56.39894 kern.alert: grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/python3.3[egencache:4028] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:3830] uid/euid:0/0 gid/egid:0/0
30
31 # cat /etc/eix-sync.conf
32 *
33 @egencache --repo=powerman --update
34 @egencache --repo=local --update
35
36 --
37 WBR, Alex.

Replies

Subject Author
Re: [gentoo-hardened] denied RWX mmap by layman "Tóth Attila" <atoth@××××××××××.hu>
Report Message
Find on MARC Find on Google Groups