FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 06-09-2011, 01:19 PM
Neal Becker
 
Default selinux alert from gccgo

I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about
mmap_zero when executable was run.

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 06-09-2011, 03:26 PM
Daniel J Walsh
 
Default selinux alert from gccgo

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/09/2011 09:19 AM, Neal Becker wrote:
> I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about
> mmap_zero when executable was run.
>
THen I would open a big bug with gccgo and tell them to fix their code.

mmap_zero is a known attack vector for exploiting kernel flaws, and
almost no applications should need this access.

Here is a discussion on it, and the problems that it caused SELinux.

http://eparis.livejournal.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk3w5iIACgkQrlYvE4MpobOnKQCg3FCu3jArgp z/yLv2G8QmHQz9
IKAAoJU22S+PFm0Z+HrnlVQENxv5N/4e
=QDp5
-----END PGP SIGNATURE-----
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 06-09-2011, 03:55 PM
Andrew Haley
 
Default selinux alert from gccgo

On 06/09/2011 04:26 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 06/09/2011 09:19 AM, Neal Becker wrote:
>> I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about
>> mmap_zero when executable was run.
>>
> THen I would open a big bug with gccgo and tell them to fix their code.

I'd ping Ian Lance Taylor <iant@google.com> too.

Andrew.

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 06-09-2011, 03:55 PM
Andrew Haley
 
Default selinux alert from gccgo

On 06/09/2011 04:26 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 06/09/2011 09:19 AM, Neal Becker wrote:
>> I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about
>> mmap_zero when executable was run.
>>
> THen I would open a big bug with gccgo and tell them to fix their code.

I'd ping Ian Lance Taylor <iant@google.com> too.

Andrew.

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 06-09-2011, 04:05 PM
Jakub Jelinek
 
Default selinux alert from gccgo

On Thu, Jun 09, 2011 at 11:26:26AM -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 06/09/2011 09:19 AM, Neal Becker wrote:
> > I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about
> > mmap_zero when executable was run.
> >
> THen I would open a big bug with gccgo and tell them to fix their code.
>
> mmap_zero is a known attack vector for exploiting kernel flaws, and
> almost no applications should need this access.
>
> Here is a discussion on it, and the problems that it caused SELinux.
>
> http://eparis.livejournal.com/

See https://bugzilla.redhat.com/show_bug.cgi?id=693143
mmap_zero audit message sounds like a kernel bug rather than gccgo,
all it needs is executable stack (well, I think it really wants
executable heap but is marked as needing executable stack).
It has been reported to Ian, but nothing has been rewritten upstream
yet.

Jakub
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 06-09-2011, 04:05 PM
Jakub Jelinek
 
Default selinux alert from gccgo

On Thu, Jun 09, 2011 at 11:26:26AM -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 06/09/2011 09:19 AM, Neal Becker wrote:
> > I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about
> > mmap_zero when executable was run.
> >
> THen I would open a big bug with gccgo and tell them to fix their code.
>
> mmap_zero is a known attack vector for exploiting kernel flaws, and
> almost no applications should need this access.
>
> Here is a discussion on it, and the problems that it caused SELinux.
>
> http://eparis.livejournal.com/

See https://bugzilla.redhat.com/show_bug.cgi?id=693143
mmap_zero audit message sounds like a kernel bug rather than gccgo,
all it needs is executable stack (well, I think it really wants
executable heap but is marked as needing executable stack).
It has been reported to Ian, but nothing has been rewritten upstream
yet.

Jakub
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 01:37 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org