| 1 |
On Saturday 14 January 2006 15:30, pageexec@××××××××.hu wrote: |
| 2 |
> On 14 Jan 2006 at 12:40, Nicolas MASSE wrote: |
| 3 |
> > open("/dev/zero", O_RDWR) = 3 |
| 4 |
> > mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|0x40, 3, 0) |
| 5 |
> > = -1 EPERM (Operation not permitted) |
| 6 |
> > mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE, 3, 0) = -1 |
| 7 |
> > EPERM (Operation not permitted) |
| 8 |
> |
| 9 |
> [snipped] |
| 10 |
> |
| 11 |
> > So, I watched my /etc/fstab and found : |
| 12 |
> > udev /dev tmpfs nosuid,noexec,size=16M 0 0 |
| 13 |
> > |
| 14 |
> > After I removed the noexec flag, all worked perfectly. |
| 15 |
> > |
| 16 |
> > I hope this will help somebody. |
| 17 |
> |
| 18 |
> thanks for the investigation but the cure is worse than the disease ;-). |
| 19 |
> there's a reason why /dev is mounted noexec, and the correct solution |
| 20 |
> is to tell the nvidia folks that mapping /dev/zero to obtain anonymous |
| 21 |
> memory is old-school and completely unnecessary, mmap() has supported |
| 22 |
> MAP_ANONYMOUS for a long time now. also, if they don't need PROT_EXEC |
| 23 |
> then they shouldn't ask for it (that would also fix it for /dev/zero). |
| 24 |
|
| 25 |
I reported the bug (https://bugs.gentoo.org/show_bug.cgi?id=118974) but I |
| 26 |
received the following response : |
| 27 |
|
| 28 |
> What |Removed |Added |
| 29 |
> --------------------------------------------------------------------------- |
| 30 |
>- Status|NEW |RESOLVED |
| 31 |
> Resolution| |INVALID |
| 32 |
> |
| 33 |
> |
| 34 |
> |
| 35 |
> |
| 36 |
> ------- Comment #1 from jakub@g.o 2006-01-14 05:07 PST ------- |
| 37 |
> (In reply to comment #0) |
| 38 |
> |
| 39 |
> > So, I watched my /etc/fstab and found : |
| 40 |
> > udev /dev tmpfs nosuid,noexec,size=16M 0 0 |
| 41 |
> > |
| 42 |
> > After I removed the noexec flag, all worked perfectly. |
| 43 |
> |
| 44 |
> You are not supposed to have noexec for udev, it doesn't work on multiple |
| 45 |
> occasions. |
| 46 |
|
| 47 |
I think it's my fault because noexec and nosuid are not standard flags for |
| 48 |
udev. But I don't understand why it doesn't work... |
| 49 |
|
| 50 |
The man page of mount does'nt mention the bug : |
| 51 |
> noexec Do not allow direct execution of any binaries on the mounted |
| 52 |
> file system. (Until recently it was possible to run binaries anyway using |
| 53 |
> a command like /lib/ld*.so /mnt/binary. This trick fails since |
| 54 |
> Linux 2.4.25 / 2.6.0.) |
| 55 |
|
| 56 |
|
| 57 |
-- |
| 58 |
gentoo-hardened@g.o mailing list |
Archives