[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#16343: 24.3; Failure in unexec with hardened Linux kernel
From: |
Paul Eggert |
Subject: |
bug#16343: 24.3; Failure in unexec with hardened Linux kernel |
Date: |
Sat, 04 Jan 2014 17:03:22 -0800 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 |
Thanks very much for reporting that. I installed a somewhat
different patch: a bit more conservative, it's used only on
GNU/Linux and doesn't attempt to find the full pathname of
setfattr, so 'configure' should run a bit faster. Please
let me know if it doesn't work for you. In the meantime I'm
marking the bug as done.
Here's what I installed into the trunk:
=== modified file 'ChangeLog'
--- ChangeLog 2014-01-03 01:59:58 +0000
+++ ChangeLog 2014-01-05 00:53:37 +0000
@@ -1,3 +1,10 @@
+2014-01-05 Paul Eggert <eggert@cs.ucla.edu>
+
+ Port to GNU/Linux with recent grsecurity/PaX patches (Bug#16343).
+ Problem and proposed patch reported by Ulrich Mueller;
+ this patch uses a somewhat-different approach.
+ * configure.ac (SETFATTR): New variable.
+
2014-01-03 Paul Eggert <eggert@cs.ucla.edu>
Merge from gnulib, incorporating:
=== modified file 'configure.ac'
--- configure.ac 2014-01-01 08:31:29 +0000
+++ configure.ac 2014-01-05 00:59:55 +0000
@@ -988,6 +988,24 @@
[if $PAXCTL -v conftest$EXEEXT >/dev/null 2>&1; then AC_MSG_RESULT(yes)
else AC_MSG_RESULT(no); PAXCTL=""; fi])
fi
+
+ if test "${SETFATTR+set}" != set; then
+ AC_CACHE_CHECK([for setfattr],
+ [emacs_cv_prog_setfattr],
+ [touch conftest.tmp
+ if (setfattr -n user.pax.flags conftest.tmp) >/dev/null 2>&1; then
+ emacs_cv_prog_setfattr=yes
+ else
+ emacs_cv_prog_setfattr=no
+ fi])
+ if test "$emacs_cv_prog_setfattr" = yes; then
+ SETFATTR=setfattr
+ else
+ SETFATTR=
+ fi
+ rm -f conftest.tmp
+ AC_SUBST([SETFATTR])
+ fi
fi
## Need makeinfo >= 4.7 (?) to build the manuals.
=== modified file 'src/ChangeLog'
--- src/ChangeLog 2014-01-04 09:31:30 +0000
+++ src/ChangeLog 2014-01-05 00:54:04 +0000
@@ -1,3 +1,9 @@
+2014-01-05 Paul Eggert <eggert@cs.ucla.edu>
+
+ Port to GNU/Linux with recent grsecurity/PaX patches (Bug#16343).
+ * Makefile.in (SETFATTR): New macro.
+ (temacs$(EXEEXT)): Use it.
+
2014-01-04 Martin Rudalics <rudalics@gmx.at>
Fix maximization behavior on Windows (Bug#16300).
=== modified file 'src/Makefile.in'
--- src/Makefile.in 2014-01-01 07:43:34 +0000
+++ src/Makefile.in 2014-01-05 00:52:09 +0000
@@ -108,11 +108,12 @@
## Flags to pass to ld only for temacs.
TEMACS_LDFLAGS = $(LD_SWITCH_SYSTEM) $(LD_SWITCH_SYSTEM_TEMACS)
-## If available, the full path to the paxctl program.
+## If available, the names of the paxctl and setfattr programs.
## On grsecurity/PaX systems, unexec will fail due to a gap between
-## the bss section and the heap. This can be prevented by disabling
-## memory randomization in temacs with "paxctl -r". See bug#11398.
+## the bss section and the heap. Older versions nee paxctl to work
+## around this, newer ones setfattr. See Bug#11398 and Bug#16343.
PAXCTL = @PAXCTL@
+SETFATTR = @SETFATTR@
## Some systems define this to request special libraries.
LIBS_SYSTEM=@LIBS_SYSTEM@
@@ -494,6 +495,8 @@
$(TEMACS_POST_LINK)
test "$(CANNOT_DUMP)" = "yes" || \
test "X$(PAXCTL)" = X || $(PAXCTL) -r temacs$(EXEEXT)
+ test "$(CANNOT_DUMP)" = "yes" || test -z "$(SETFATTR)" || \
+ $(SETFATTR) -n user.pax.flags -v r $@
## The following oldxmenu-related rules are only (possibly) used if
## HAVE_X11 && !USE_GTK, but there is no harm in always defining them.