What | Removed | Added |
---|---|---|
CC | mrueckert@suse.com | |
Flags | needinfo?(mrueckert@suse.com) |
I don't see how this is _not_ an issue with GRSEC. If we are allowed to mmap a PROT_WRITE|PROT_EXEC mapping (no error when doing that) but then get killed when actually executing from it then something is broken. Yes, libffi seems to have "dances" around similar issues in SElinux but "misses" the GRsec case. Hmm, in fact it _does_ have it! See the emutramp_enabled_check () in closures.c: /* On PaX enable kernels that have MPROTECT enable we can't use PROT_EXEC. */ #ifdef FFI_MMAP_EXEC_EMUTRAMP_PAX #include <stdlib.h> static int emutramp_enabled = -1; static int emutramp_enabled_check (void) { char *buf = NULL; size_t len = 0; FILE *f; int ret; f = fopen ("/proc/self/status", "r"); if (f == NULL) return 0; ret = 0; while (getline (&buf, &len, f) != -1) if (!strncmp (buf, "PaX:", 4)) { char emutramp; if (sscanf (buf, "%*s %*c%c", &emutramp) == 1) ret = (emutramp == 'E'); break; } free (buf); fclose (f); return ret; } #define is_emutramp_enabled() (emutramp_enabled >= 0 ? emutramp_enabled \ : (emutramp_enabled = emutramp_enabled_check ())) but that needs to be enabled at configure time it seems (--enable-pax_emutramp) Can you check if using a libffi built with that flag works?