From: Paul Eggert <paul.eggert@verizon.net>
To: Ulrich Mueller <ulm@gentoo.org>
Cc: 16343-done@debbugs.gnu.org
Subject: bug#16343: 24.3; Failure in unexec with hardened Linux kernel
Date: Sat, 04 Jan 2014 17:03:22 -0800 [thread overview]
Message-ID: <52C8AF5A.5070306@verizon.net> (raw)
In-Reply-To: <21192.33655.545211.967095@a1i15.kph.uni-mainz.de>
Thanks very much for reporting that. I installed a somewhat
different patch: a bit more conservative, it's used only on
GNU/Linux and doesn't attempt to find the full pathname of
setfattr, so 'configure' should run a bit faster. Please
let me know if it doesn't work for you. In the meantime I'm
marking the bug as done.
Here's what I installed into the trunk:
=== modified file 'ChangeLog'
--- ChangeLog 2014-01-03 01:59:58 +0000
+++ ChangeLog 2014-01-05 00:53:37 +0000
@@ -1,3 +1,10 @@
+2014-01-05 Paul Eggert <eggert@cs.ucla.edu>
+
+ Port to GNU/Linux with recent grsecurity/PaX patches (Bug#16343).
+ Problem and proposed patch reported by Ulrich Mueller;
+ this patch uses a somewhat-different approach.
+ * configure.ac (SETFATTR): New variable.
+
2014-01-03 Paul Eggert <eggert@cs.ucla.edu>
Merge from gnulib, incorporating:
=== modified file 'configure.ac'
--- configure.ac 2014-01-01 08:31:29 +0000
+++ configure.ac 2014-01-05 00:59:55 +0000
@@ -988,6 +988,24 @@
[if $PAXCTL -v conftest$EXEEXT >/dev/null 2>&1; then AC_MSG_RESULT(yes)
else AC_MSG_RESULT(no); PAXCTL=""; fi])
fi
+
+ if test "${SETFATTR+set}" != set; then
+ AC_CACHE_CHECK([for setfattr],
+ [emacs_cv_prog_setfattr],
+ [touch conftest.tmp
+ if (setfattr -n user.pax.flags conftest.tmp) >/dev/null 2>&1; then
+ emacs_cv_prog_setfattr=yes
+ else
+ emacs_cv_prog_setfattr=no
+ fi])
+ if test "$emacs_cv_prog_setfattr" = yes; then
+ SETFATTR=setfattr
+ else
+ SETFATTR=
+ fi
+ rm -f conftest.tmp
+ AC_SUBST([SETFATTR])
+ fi
fi
## Need makeinfo >= 4.7 (?) to build the manuals.
=== modified file 'src/ChangeLog'
--- src/ChangeLog 2014-01-04 09:31:30 +0000
+++ src/ChangeLog 2014-01-05 00:54:04 +0000
@@ -1,3 +1,9 @@
+2014-01-05 Paul Eggert <eggert@cs.ucla.edu>
+
+ Port to GNU/Linux with recent grsecurity/PaX patches (Bug#16343).
+ * Makefile.in (SETFATTR): New macro.
+ (temacs$(EXEEXT)): Use it.
+
2014-01-04 Martin Rudalics <rudalics@gmx.at>
Fix maximization behavior on Windows (Bug#16300).
=== modified file 'src/Makefile.in'
--- src/Makefile.in 2014-01-01 07:43:34 +0000
+++ src/Makefile.in 2014-01-05 00:52:09 +0000
@@ -108,11 +108,12 @@
## Flags to pass to ld only for temacs.
TEMACS_LDFLAGS = $(LD_SWITCH_SYSTEM) $(LD_SWITCH_SYSTEM_TEMACS)
-## If available, the full path to the paxctl program.
+## If available, the names of the paxctl and setfattr programs.
## On grsecurity/PaX systems, unexec will fail due to a gap between
-## the bss section and the heap. This can be prevented by disabling
-## memory randomization in temacs with "paxctl -r". See bug#11398.
+## the bss section and the heap. Older versions nee paxctl to work
+## around this, newer ones setfattr. See Bug#11398 and Bug#16343.
PAXCTL = @PAXCTL@
+SETFATTR = @SETFATTR@
## Some systems define this to request special libraries.
LIBS_SYSTEM=@LIBS_SYSTEM@
@@ -494,6 +495,8 @@
$(TEMACS_POST_LINK)
test "$(CANNOT_DUMP)" = "yes" || \
test "X$(PAXCTL)" = X || $(PAXCTL) -r temacs$(EXEEXT)
+ test "$(CANNOT_DUMP)" = "yes" || test -z "$(SETFATTR)" || \
+ $(SETFATTR) -n user.pax.flags -v r $@
## The following oldxmenu-related rules are only (possibly) used if
## HAVE_X11 && !USE_GTK, but there is no harm in always defining them.
next prev parent reply other threads:[~2014-01-05 1:03 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-04 21:56 bug#16343: 24.3; Failure in unexec with hardened Linux kernel Ulrich Mueller
2014-01-05 1:03 ` Paul Eggert [this message]
2014-01-05 3:20 ` Ulrich Mueller
2014-01-05 4:57 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52C8AF5A.5070306@verizon.net \
--to=paul.eggert@verizon.net \
--cc=16343-done@debbugs.gnu.org \
--cc=ulm@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.