Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#41266 - [paxd] denied marking stack executable by PT_GNU_STACK marking in /usr/lib/libffi.so.6.0.2

Attached to Project: Community Packages
Opened by miskoala (miskoala) - Saturday, 19 July 2014, 12:42 GMT
Last edited by Daniel Micay (thestinger) - Saturday, 19 July 2014, 17:13 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Daniel Micay (thestinger)
Architecture i686
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

kernel.pax.softmode = 0
the problem is only present on 32bit machine

$ make

[ 1147.702472] grsec: denied marking stack executable as requested by PT_GNU_STACK marking in /usr/lib/libffi.so.6.0.2 by /usr/bin/make[make:7852] uid/euid:1000/1000 gid/egid:100/100, parent /usr/bin/makepkg[makepkg:3999] uid/euid:1000/1000 gid/egid:100/100
[ 1147.702575] grsec: denied RWX mprotect of <stack> by /usr/bin/make[make:7852] uid/euid:1000/1000 gid/egid:100/100, parent /usr/bin/makepkg[makepkg:3999] uid/euid:1000/1000 gid/egid:100/100

$ systemctl poweroff

[ 1431.508346] grsec: denied marking stack executable as requested by PT_GNU_STACK marking in /usr/lib/libffi.so.6.0.2 by /usr/lib/polkit-1/polkitd[polkitd:7997] uid/euid:0/0 gid/egid:0/0, parent /usr/lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 1431.508453] grsec: denied RWX mprotect of <stack> by /usr/lib/polkit-1/polkitd[polkitd:7997] uid/euid:0/0 gid/egid:0/0, parent /usr/lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0


pacman -Q linux-grsec libffi
linux-grsec 3.15.5.201407170639-2
libffi 3.1-2

the problem is not present if I downgrade libffi to 3.0.13-4
This task depends upon

Closed by  Daniel Micay (thestinger)
Saturday, 19 July 2014, 17:13 GMT
Reason for closing:  Fixed
Additional comments about closing:  paxd-13-1
Comment by Daniel Micay (thestinger) - Saturday, 19 July 2014, 16:55 GMT
If you want to enable the PaX userspace features, you need to set exceptions. The wiki documents this and /etc/sysctl.d/05-grsecurity.conf recommends installing paxd and not touching softmode yourself. There is already an exception for polkitd.

https://wiki.archlinux.org/index.php/PaX

Loading...