Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Development (http://www.linux-archive.org/fedora-development/)
-   -   selinux alert from gccgo (http://www.linux-archive.org/fedora-development/537365-selinux-alert-gccgo.html)

Neal Becker 06-09-2011 01:19 PM

selinux alert from gccgo
 
I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about
mmap_zero when executable was run.

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Daniel J Walsh 06-09-2011 03:26 PM

selinux alert from gccgo
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/09/2011 09:19 AM, Neal Becker wrote:
> I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about
> mmap_zero when executable was run.
>
THen I would open a big bug with gccgo and tell them to fix their code.

mmap_zero is a known attack vector for exploiting kernel flaws, and
almost no applications should need this access.

Here is a discussion on it, and the problems that it caused SELinux.

http://eparis.livejournal.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk3w5iIACgkQrlYvE4MpobOnKQCg3FCu3jArgp z/yLv2G8QmHQz9
IKAAoJU22S+PFm0Z+HrnlVQENxv5N/4e
=QDp5
-----END PGP SIGNATURE-----
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Andrew Haley 06-09-2011 03:55 PM

selinux alert from gccgo
 
On 06/09/2011 04:26 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 06/09/2011 09:19 AM, Neal Becker wrote:
>> I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about
>> mmap_zero when executable was run.
>>
> THen I would open a big bug with gccgo and tell them to fix their code.

I'd ping Ian Lance Taylor <iant@google.com> too.

Andrew.

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Andrew Haley 06-09-2011 03:55 PM

selinux alert from gccgo
 
On 06/09/2011 04:26 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 06/09/2011 09:19 AM, Neal Becker wrote:
>> I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about
>> mmap_zero when executable was run.
>>
> THen I would open a big bug with gccgo and tell them to fix their code.

I'd ping Ian Lance Taylor <iant@google.com> too.

Andrew.

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Jakub Jelinek 06-09-2011 04:05 PM

selinux alert from gccgo
 
On Thu, Jun 09, 2011 at 11:26:26AM -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 06/09/2011 09:19 AM, Neal Becker wrote:
> > I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about
> > mmap_zero when executable was run.
> >
> THen I would open a big bug with gccgo and tell them to fix their code.
>
> mmap_zero is a known attack vector for exploiting kernel flaws, and
> almost no applications should need this access.
>
> Here is a discussion on it, and the problems that it caused SELinux.
>
> http://eparis.livejournal.com/

See https://bugzilla.redhat.com/show_bug.cgi?id=693143
mmap_zero audit message sounds like a kernel bug rather than gccgo,
all it needs is executable stack (well, I think it really wants
executable heap but is marked as needing executable stack).
It has been reported to Ian, but nothing has been rewritten upstream
yet.

Jakub
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Jakub Jelinek 06-09-2011 04:05 PM

selinux alert from gccgo
 
On Thu, Jun 09, 2011 at 11:26:26AM -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 06/09/2011 09:19 AM, Neal Becker wrote:
> > I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about
> > mmap_zero when executable was run.
> >
> THen I would open a big bug with gccgo and tell them to fix their code.
>
> mmap_zero is a known attack vector for exploiting kernel flaws, and
> almost no applications should need this access.
>
> Here is a discussion on it, and the problems that it caused SELinux.
>
> http://eparis.livejournal.com/

See https://bugzilla.redhat.com/show_bug.cgi?id=693143
mmap_zero audit message sounds like a kernel bug rather than gccgo,
all it needs is executable stack (well, I think it really wants
executable heap but is marked as needing executable stack).
It has been reported to Ian, but nothing has been rewritten upstream
yet.

Jakub
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel


All times are GMT. The time now is 08:25 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.