From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ulrich Mueller <ulm@gentoo.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#16343: 24.3; Failure in unexec with hardened Linux kernel
Date: Sat, 4 Jan 2014 22:56:07 +0100
Message-ID: <21192.33655.545211.967095@a1i15.kph.uni-mainz.de>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Trace: ger.gmane.org 1388872630 7419 80.91.229.3 (4 Jan 2014 21:57:10 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sat, 4 Jan 2014 21:57:10 +0000 (UTC)
Cc: emacs@gentoo.org
To: 16343@debbugs.gnu.org
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Jan 04 22:57:18 2014
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1VzZDZ-0003Vg-No
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 04 Jan 2014 22:57:17 +0100
Original-Received: from localhost ([::1]:55864 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1VzZDZ-0003VO-Eo
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 04 Jan 2014 16:57:17 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:40355)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1VzZDS-0003VE-IB
	for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2014 16:57:15 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1VzZDL-0005HO-43
	for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2014 16:57:10 -0500
Original-Received: from debbugs.gnu.org ([140.186.70.43]:48741)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1VzZDL-0005HK-0Z
	for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2014 16:57:03 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1VzZDK-0005wD-Gn
	for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2014 16:57:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Ulrich Mueller <ulm@gentoo.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sat, 04 Jan 2014 21:57:02 +0000
Resent-Message-ID: <handler.16343.B.138887260522797@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 16343
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
X-Debbugs-Original-To: bug-gnu-emacs@gnu.org
Original-Received: via spool by submit@debbugs.gnu.org id=B.138887260522797
	(code B ref -1); Sat, 04 Jan 2014 21:57:02 +0000
Original-Received: (at submit) by debbugs.gnu.org; 4 Jan 2014 21:56:45 +0000
Original-Received: from localhost ([127.0.0.1]:34527 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1VzZD2-0005vc-2t
	for submit@debbugs.gnu.org; Sat, 04 Jan 2014 16:56:44 -0500
Original-Received: from eggs.gnu.org ([208.118.235.92]:38470)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <ulm@kph.uni-mainz.de>) id 1VzZCz-0005vT-Q4
	for submit@debbugs.gnu.org; Sat, 04 Jan 2014 16:56:42 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ulm@kph.uni-mainz.de>) id 1VzZCu-0004tp-EA
	for submit@debbugs.gnu.org; Sat, 04 Jan 2014 16:56:41 -0500
Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:37499)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ulm@kph.uni-mainz.de>) id 1VzZCu-0004tl-BS
	for submit@debbugs.gnu.org; Sat, 04 Jan 2014 16:56:36 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:40156)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ulm@kph.uni-mainz.de>) id 1VzZCp-0003Pw-RM
	for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2014 16:56:36 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ulm@kph.uni-mainz.de>) id 1VzZCl-0004rt-C1
	for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2014 16:56:31 -0500
Original-Received: from a1www.kph.uni-mainz.de ([134.93.134.1]:35106)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ulm@kph.uni-mainz.de>) id 1VzZCl-0004qI-2n
	for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2014 16:56:27 -0500
Original-Received: from a1i15.kph.uni-mainz.de (a1i15.kph.uni-mainz.de [134.93.134.92])
	by a1www.kph.uni-mainz.de (8.14.7/8.13.4) with ESMTP id
	s04LuBSI019186; Sat, 4 Jan 2014 22:56:11 +0100
Original-Received: from a1i15.kph.uni-mainz.de (localhost [127.0.0.1])
	by a1i15.kph.uni-mainz.de (8.14.7/8.14.2) with ESMTP id s04LuBLi030283; 
	Sat, 4 Jan 2014 22:56:11 +0100
Original-Received: (from ulm@localhost)
	by a1i15.kph.uni-mainz.de (8.14.7/8.14.7/Submit) id s04LuAFc030278;
	Sat, 4 Jan 2014 22:56:10 +0100
X-Mailer: VM 8.2.0b under 24.3.1 (x86_64-pc-linux-gnu)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:82951
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/82951>

Forwarding downstream bug <https://bugs.gentoo.org/456970>.

Emacs 24.3 fails to build on Linux 3.11.7 with grsecurity/PaX patches,
e.g., grsecurity-2.9.1-3.11.7-201311102306.patch from
<http://grsecurity.net/>. This configuration is used in Gentoo with
sys-kernel/hardened-sources-3.11.7-r1.

The build process fails in unexec, the same way it previously did in
bug #11398:

   Dumping under the name emacs
   **************************************************
   Warning: Your system has a gap between BSS and the
   heap (15854248 bytes).  This usually means that exec-shield
   or something similar is in effect.  The dump may
   fail because of this.  See the section about
   exec-shield in etc/PROBLEMS for more information.
   **************************************************
   /bin/sh: Zeile 6: 29064 Speicherzugriffsfehler  `/bin/pwd`/temacs --batch --load loadup bootstrap
   make[1]: *** [bootstrap-emacs] Fehler 1

The reason that it fails again is that the PaX kernel switched from
setting PaX flags in the program header to extended file attributes
(that is, XATTR_PAX_FLAGS=y instead of PT_PAX_FLAGS=y in the kernel's
configuration). Therefore running paxctl on temacs is no longer
sufficient, but setfattr needs to be called.

The patch included below was tested with Emacs 24.3 and fixes the
problem. I've rebased it on the bzr trunk as of today, though.

Please note that extended attributes for temacs are set when they are
supported and when the setfattr program is available, regardless if
the kernel is hardened or not. They will not harm, but simply be
ignored in the latter case. Also the temacs binary is not being
installed, so the installed files will not change. (Contrary to the
paxctl method, the emacs binary doesn't "inherit" extended attributes
from temacs, so there is no need to unset them.)


--- old/configure.ac	2014-01-01 08:31:29 +0000
+++ new/configure.ac	2014-01-04 20:49:13 +0000
@@ -990,6 +990,18 @@
   fi
 fi
 
+AC_PATH_PROG(SETFATTR, setfattr)
+if test "X$SETFATTR" != X; then
+  AC_MSG_CHECKING([whether extended attributes are supported])
+  touch conftest.tmp
+  if $SETFATTR -n user.pax.flags conftest.tmp >/dev/null 2>&1; then
+    AC_MSG_RESULT(yes)
+  else
+    AC_MSG_RESULT(no); SETFATTR=""
+  fi
+  rm -f conftest.tmp
+fi
+
 ## Need makeinfo >= 4.7 (?) to build the manuals.
 AC_PATH_PROG(MAKEINFO, makeinfo, no)
 dnl By this stage, configure has already checked for egrep and set EGREP,
--- old/src/Makefile.in	2014-01-01 07:43:34 +0000
+++ new/src/Makefile.in	2014-01-04 20:49:13 +0000
@@ -114,6 +114,9 @@
 ## memory randomization in temacs with "paxctl -r".  See bug#11398.
 PAXCTL = @PAXCTL@
 
+## If available, the full path to the setfattr program.
+SETFATTR = @SETFATTR@
+
 ## Some systems define this to request special libraries.
 LIBS_SYSTEM=@LIBS_SYSTEM@
 
@@ -494,6 +497,8 @@
 	$(TEMACS_POST_LINK)
 	test "$(CANNOT_DUMP)" = "yes" || \
 	  test "X$(PAXCTL)" = X || $(PAXCTL) -r temacs$(EXEEXT)
+	test "$(CANNOT_DUMP)" = "yes" || test "X$(SETFATTR)" = X || \
+	  $(SETFATTR) -n user.pax.flags -v r temacs$(EXEEXT)
 
 ## The following oldxmenu-related rules are only (possibly) used if
 ## HAVE_X11 && !USE_GTK, but there is no harm in always defining them.