From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.bugs Subject: bug#16343: 24.3; Failure in unexec with hardened Linux kernel Date: Sat, 04 Jan 2014 17:03:22 -0800 Message-ID: <52C8AF5A.5070306@verizon.net> References: <21192.33655.545211.967095@a1i15.kph.uni-mainz.de> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1388883861 14225 80.91.229.3 (5 Jan 2014 01:04:21 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 5 Jan 2014 01:04:21 +0000 (UTC) Cc: 16343-done@debbugs.gnu.org To: Ulrich Mueller Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Jan 05 02:04:27 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Vzc8b-0003sV-UW for geb-bug-gnu-emacs@m.gmane.org; Sun, 05 Jan 2014 02:04:22 +0100 Original-Received: from localhost ([::1]:56275 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vzc8b-000397-HQ for geb-bug-gnu-emacs@m.gmane.org; Sat, 04 Jan 2014 20:04:21 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34078) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vzc8U-00032r-UW for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2014 20:04:19 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Vzc8N-0000Qv-Ra for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2014 20:04:14 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:48941) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vzc8N-0000Qr-No for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2014 20:04:07 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1Vzc8I-0002mB-EX for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2014 20:04:02 -0500 In-Reply-To: <21192.33655.545211.967095@a1i15.kph.uni-mainz.de> Resent-From: Paul Eggert Original-Sender: "Debbugs-submit" Resent-To: bug-gnu-emacs@gnu.org Resent-Date: Sun, 05 Jan 2014 01:04:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 16343 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Mail-Followup-To: 16343@debbugs.gnu.org, paul.eggert@verizon.net, ulm@gentoo.org Original-Received: via spool by 16343-done@debbugs.gnu.org id=D16343.138888382310637 (code D ref 16343); Sun, 05 Jan 2014 01:04:02 +0000 Original-Received: (at 16343-done) by debbugs.gnu.org; 5 Jan 2014 01:03:43 +0000 Original-Received: from localhost ([127.0.0.1]:34724 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vzc7z-0002lU-0T for submit@debbugs.gnu.org; Sat, 04 Jan 2014 20:03:43 -0500 Original-Received: from vms173001pub.verizon.net ([206.46.173.1]:34313) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vzc7w-0002lM-Hn for 16343-done@debbugs.gnu.org; Sat, 04 Jan 2014 20:03:41 -0500 Original-Received: from [192.168.1.9] ([unknown] [108.0.233.62]) by vms173001.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0MYW001X3LLMFV20@vms173001.mailsrvcs.net> for 16343-done@debbugs.gnu.org; Sat, 04 Jan 2014 19:03:22 -0600 (CST) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:82960 Archived-At: Thanks very much for reporting that. I installed a somewhat different patch: a bit more conservative, it's used only on GNU/Linux and doesn't attempt to find the full pathname of setfattr, so 'configure' should run a bit faster. Please let me know if it doesn't work for you. In the meantime I'm marking the bug as done. Here's what I installed into the trunk: === modified file 'ChangeLog' --- ChangeLog 2014-01-03 01:59:58 +0000 +++ ChangeLog 2014-01-05 00:53:37 +0000 @@ -1,3 +1,10 @@ +2014-01-05 Paul Eggert + + Port to GNU/Linux with recent grsecurity/PaX patches (Bug#16343). + Problem and proposed patch reported by Ulrich Mueller; + this patch uses a somewhat-different approach. + * configure.ac (SETFATTR): New variable. + 2014-01-03 Paul Eggert Merge from gnulib, incorporating: === modified file 'configure.ac' --- configure.ac 2014-01-01 08:31:29 +0000 +++ configure.ac 2014-01-05 00:59:55 +0000 @@ -988,6 +988,24 @@ [if $PAXCTL -v conftest$EXEEXT >/dev/null 2>&1; then AC_MSG_RESULT(yes) else AC_MSG_RESULT(no); PAXCTL=""; fi]) fi + + if test "${SETFATTR+set}" != set; then + AC_CACHE_CHECK([for setfattr], + [emacs_cv_prog_setfattr], + [touch conftest.tmp + if (setfattr -n user.pax.flags conftest.tmp) >/dev/null 2>&1; then + emacs_cv_prog_setfattr=yes + else + emacs_cv_prog_setfattr=no + fi]) + if test "$emacs_cv_prog_setfattr" = yes; then + SETFATTR=setfattr + else + SETFATTR= + fi + rm -f conftest.tmp + AC_SUBST([SETFATTR]) + fi fi ## Need makeinfo >= 4.7 (?) to build the manuals. === modified file 'src/ChangeLog' --- src/ChangeLog 2014-01-04 09:31:30 +0000 +++ src/ChangeLog 2014-01-05 00:54:04 +0000 @@ -1,3 +1,9 @@ +2014-01-05 Paul Eggert + + Port to GNU/Linux with recent grsecurity/PaX patches (Bug#16343). + * Makefile.in (SETFATTR): New macro. + (temacs$(EXEEXT)): Use it. + 2014-01-04 Martin Rudalics Fix maximization behavior on Windows (Bug#16300). === modified file 'src/Makefile.in' --- src/Makefile.in 2014-01-01 07:43:34 +0000 +++ src/Makefile.in 2014-01-05 00:52:09 +0000 @@ -108,11 +108,12 @@ ## Flags to pass to ld only for temacs. TEMACS_LDFLAGS = $(LD_SWITCH_SYSTEM) $(LD_SWITCH_SYSTEM_TEMACS) -## If available, the full path to the paxctl program. +## If available, the names of the paxctl and setfattr programs. ## On grsecurity/PaX systems, unexec will fail due to a gap between -## the bss section and the heap. This can be prevented by disabling -## memory randomization in temacs with "paxctl -r". See bug#11398. +## the bss section and the heap. Older versions nee paxctl to work +## around this, newer ones setfattr. See Bug#11398 and Bug#16343. PAXCTL = @PAXCTL@ +SETFATTR = @SETFATTR@ ## Some systems define this to request special libraries. LIBS_SYSTEM=@LIBS_SYSTEM@ @@ -494,6 +495,8 @@ $(TEMACS_POST_LINK) test "$(CANNOT_DUMP)" = "yes" || \ test "X$(PAXCTL)" = X || $(PAXCTL) -r temacs$(EXEEXT) + test "$(CANNOT_DUMP)" = "yes" || test -z "$(SETFATTR)" || \ + $(SETFATTR) -n user.pax.flags -v r $@ ## The following oldxmenu-related rules are only (possibly) used if ## HAVE_X11 && !USE_GTK, but there is no harm in always defining them.