selinux alert from gccgo
I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about
mmap_zero when executable was run. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel |
selinux alert from gccgo
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 On 06/09/2011 09:19 AM, Neal Becker wrote: > I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about > mmap_zero when executable was run. > THen I would open a big bug with gccgo and tell them to fix their code. mmap_zero is a known attack vector for exploiting kernel flaws, and almost no applications should need this access. Here is a discussion on it, and the problems that it caused SELinux. http://eparis.livejournal.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk3w5iIACgkQrlYvE4MpobOnKQCg3FCu3jArgp z/yLv2G8QmHQz9 IKAAoJU22S+PFm0Z+HrnlVQENxv5N/4e =QDp5 -----END PGP SIGNATURE----- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel |
selinux alert from gccgo
On 06/09/2011 04:26 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 06/09/2011 09:19 AM, Neal Becker wrote: >> I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about >> mmap_zero when executable was run. >> > THen I would open a big bug with gccgo and tell them to fix their code. I'd ping Ian Lance Taylor <iant@google.com> too. Andrew. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel |
selinux alert from gccgo
On 06/09/2011 04:26 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 06/09/2011 09:19 AM, Neal Becker wrote: >> I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about >> mmap_zero when executable was run. >> > THen I would open a big bug with gccgo and tell them to fix their code. I'd ping Ian Lance Taylor <iant@google.com> too. Andrew. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel |
selinux alert from gccgo
On Thu, Jun 09, 2011 at 11:26:26AM -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 06/09/2011 09:19 AM, Neal Becker wrote: > > I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about > > mmap_zero when executable was run. > > > THen I would open a big bug with gccgo and tell them to fix their code. > > mmap_zero is a known attack vector for exploiting kernel flaws, and > almost no applications should need this access. > > Here is a discussion on it, and the problems that it caused SELinux. > > http://eparis.livejournal.com/ See https://bugzilla.redhat.com/show_bug.cgi?id=693143 mmap_zero audit message sounds like a kernel bug rather than gccgo, all it needs is executable stack (well, I think it really wants executable heap but is marked as needing executable stack). It has been reported to Ian, but nothing has been rewritten upstream yet. Jakub -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel |
selinux alert from gccgo
On Thu, Jun 09, 2011 at 11:26:26AM -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 06/09/2011 09:19 AM, Neal Becker wrote: > > I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about > > mmap_zero when executable was run. > > > THen I would open a big bug with gccgo and tell them to fix their code. > > mmap_zero is a known attack vector for exploiting kernel flaws, and > almost no applications should need this access. > > Here is a discussion on it, and the problems that it caused SELinux. > > http://eparis.livejournal.com/ See https://bugzilla.redhat.com/show_bug.cgi?id=693143 mmap_zero audit message sounds like a kernel bug rather than gccgo, all it needs is executable stack (well, I think it really wants executable heap but is marked as needing executable stack). It has been reported to Ian, but nothing has been rewritten upstream yet. Jakub -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel |
| All times are GMT. The time now is 09:11 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.