bug#16343: 24.3; Failure in unexec with hardened Linux kernel

[Paul Eggert <paul.eggert@verizon.net>]

Thanks very much for reporting that.  I installed a somewhat
different patch: a bit more conservative, it's used only on
GNU/Linux and doesn't attempt to find the full pathname of
setfattr, so 'configure' should run a bit faster.  Please
let me know if it doesn't work for you.  In the meantime I'm
marking the bug as done.

Here's what I installed into the trunk:

=== modified file 'ChangeLog'
--- ChangeLog	2014-01-03 01:59:58 +0000
+++ ChangeLog	2014-01-05 00:53:37 +0000
@@ -1,3 +1,10 @@
+2014-01-05  Paul Eggert  <eggert@cs.ucla.edu>
+
+	Port to GNU/Linux with recent grsecurity/PaX patches (Bug#16343).
+	Problem and proposed patch reported by Ulrich Mueller;
+	this patch uses a somewhat-different approach.
+	* configure.ac (SETFATTR): New variable.
+
  2014-01-03  Paul Eggert  <eggert@cs.ucla.edu>
  
  	Merge from gnulib, incorporating:

=== modified file 'configure.ac'
--- configure.ac	2014-01-01 08:31:29 +0000
+++ configure.ac	2014-01-05 00:59:55 +0000
@@ -988,6 +988,24 @@
        [if $PAXCTL -v conftest$EXEEXT >/dev/null 2>&1; then AC_MSG_RESULT(yes)
        else AC_MSG_RESULT(no); PAXCTL=""; fi])
    fi
+
+  if test "${SETFATTR+set}" != set; then
+    AC_CACHE_CHECK([for setfattr],
+      [emacs_cv_prog_setfattr],
+      [touch conftest.tmp
+       if (setfattr -n user.pax.flags conftest.tmp) >/dev/null 2>&1; then
+	 emacs_cv_prog_setfattr=yes
+       else
+	 emacs_cv_prog_setfattr=no
+       fi])
+    if test "$emacs_cv_prog_setfattr" = yes; then
+      SETFATTR=setfattr
+    else
+      SETFATTR=
+    fi
+    rm -f conftest.tmp
+    AC_SUBST([SETFATTR])
+  fi
  fi
  
  ## Need makeinfo >= 4.7 (?) to build the manuals.

=== modified file 'src/ChangeLog'
--- src/ChangeLog	2014-01-04 09:31:30 +0000
+++ src/ChangeLog	2014-01-05 00:54:04 +0000
@@ -1,3 +1,9 @@
+2014-01-05  Paul Eggert  <eggert@cs.ucla.edu>
+
+	Port to GNU/Linux with recent grsecurity/PaX patches (Bug#16343).
+	* Makefile.in (SETFATTR): New macro.
+	(temacs$(EXEEXT)): Use it.
+
  2014-01-04  Martin Rudalics  <rudalics@gmx.at>
  
  	Fix maximization behavior on Windows (Bug#16300).

=== modified file 'src/Makefile.in'
--- src/Makefile.in	2014-01-01 07:43:34 +0000
+++ src/Makefile.in	2014-01-05 00:52:09 +0000
@@ -108,11 +108,12 @@
  ## Flags to pass to ld only for temacs.
  TEMACS_LDFLAGS = $(LD_SWITCH_SYSTEM) $(LD_SWITCH_SYSTEM_TEMACS)
  
-## If available, the full path to the paxctl program.
+## If available, the names of the paxctl and setfattr programs.
  ## On grsecurity/PaX systems, unexec will fail due to a gap between
-## the bss section and the heap.  This can be prevented by disabling
-## memory randomization in temacs with "paxctl -r".  See bug#11398.
+## the bss section and the heap.  Older versions nee paxctl to work
+## around this, newer ones setfattr.  See Bug#11398 and Bug#16343.
  PAXCTL = @PAXCTL@
+SETFATTR = @SETFATTR@
  
  ## Some systems define this to request special libraries.
  LIBS_SYSTEM=@LIBS_SYSTEM@
@@ -494,6 +495,8 @@
  	$(TEMACS_POST_LINK)
  	test "$(CANNOT_DUMP)" = "yes" || \
  	  test "X$(PAXCTL)" = X || $(PAXCTL) -r temacs$(EXEEXT)
+	test "$(CANNOT_DUMP)" = "yes" || test -z "$(SETFATTR)" || \
+	  $(SETFATTR) -n user.pax.flags -v r $@
  
  ## The following oldxmenu-related rules are only (possibly) used if
  ## HAVE_X11 && !USE_GTK, but there is no harm in always defining them.