1 |
On Saturday 14 January 2006 15:30, pageexec@××××××××.hu wrote: |
2 |
> On 14 Jan 2006 at 12:40, Nicolas MASSE wrote: |
3 |
> > open("/dev/zero", O_RDWR) = 3 |
4 |
> > mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|0x40, 3, 0) |
5 |
> > = -1 EPERM (Operation not permitted) |
6 |
> > mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE, 3, 0) = -1 |
7 |
> > EPERM (Operation not permitted) |
8 |
> |
9 |
> [snipped] |
10 |
> |
11 |
> > So, I watched my /etc/fstab and found : |
12 |
> > udev /dev tmpfs nosuid,noexec,size=16M 0 0 |
13 |
> > |
14 |
> > After I removed the noexec flag, all worked perfectly. |
15 |
> > |
16 |
> > I hope this will help somebody. |
17 |
> |
18 |
> thanks for the investigation but the cure is worse than the disease ;-). |
19 |
> there's a reason why /dev is mounted noexec, and the correct solution |
20 |
> is to tell the nvidia folks that mapping /dev/zero to obtain anonymous |
21 |
> memory is old-school and completely unnecessary, mmap() has supported |
22 |
> MAP_ANONYMOUS for a long time now. also, if they don't need PROT_EXEC |
23 |
> then they shouldn't ask for it (that would also fix it for /dev/zero). |
24 |
|
25 |
I reported the bug (https://bugs.gentoo.org/show_bug.cgi?id=118974) but I |
26 |
received the following response : |
27 |
|
28 |
> What |Removed |Added |
29 |
> --------------------------------------------------------------------------- |
30 |
>- Status|NEW |RESOLVED |
31 |
> Resolution| |INVALID |
32 |
> |
33 |
> |
34 |
> |
35 |
> |
36 |
> ------- Comment #1 from jakub@g.o 2006-01-14 05:07 PST ------- |
37 |
> (In reply to comment #0) |
38 |
> |
39 |
> > So, I watched my /etc/fstab and found : |
40 |
> > udev /dev tmpfs nosuid,noexec,size=16M 0 0 |
41 |
> > |
42 |
> > After I removed the noexec flag, all worked perfectly. |
43 |
> |
44 |
> You are not supposed to have noexec for udev, it doesn't work on multiple |
45 |
> occasions. |
46 |
|
47 |
I think it's my fault because noexec and nosuid are not standard flags for |
48 |
udev. But I don't understand why it doesn't work... |
49 |
|
50 |
The man page of mount does'nt mention the bug : |
51 |
> noexec Do not allow direct execution of any binaries on the mounted |
52 |
> file system. (Until recently it was possible to run binaries anyway using |
53 |
> a command like /lib/ld*.so /mnt/binary. This trick fails since |
54 |
> Linux 2.4.25 / 2.6.0.) |
55 |
|
56 |
|
57 |
-- |
58 |
gentoo-hardened@g.o mailing list |