selinux alert from gccgo
On Thu, Jun 09, 2011 at 11:26:26AM -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 06/09/2011 09:19 AM, Neal Becker wrote:
> > I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about
> > mmap_zero when executable was run.
> THen I would open a big bug with gccgo and tell them to fix their code.
> mmap_zero is a known attack vector for exploiting kernel flaws, and
> almost no applications should need this access.
> Here is a discussion on it, and the problems that it caused SELinux.
mmap_zero audit message sounds like a kernel bug rather than gccgo,
all it needs is executable stack (well, I think it really wants
executable heap but is marked as needing executable stack).
It has been reported to Ian, but nothing has been rewritten upstream
devel mailing list