Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 174951 - binaries from dev-java/sun-jdk should be pax-marked -pmrs
Summary: binaries from dev-java/sun-jdk should be pax-marked -pmrs
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Java team
URL: http://www.gentoo.org/proj/en/hardene...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-04-17 18:37 UTC by Nicolas Litchinko
Modified: 2007-04-19 18:53 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nicolas Litchinko 2007-04-17 18:37:35 UTC
Hi,

When the dev-java/sun-jdk ebuild was migrated to the pax-utils eclass, it suddenly started to paxctl -m the binaries instead of -pemrs. It's still the case with sun-jdk-1.4.2.13 if you have chpax installed but chpax is deprecated.

I noticed that something was wrong with java when I tried to build eclipse on a fresh hardened system. The jvm was immediately killed by PaX. I used paxctl -pmrs /opt/sun-jdk-1.4.2.13/{,jre}/bin/* and then I was able to build eclipse successfully.

Considering java needs these permissions by design, it would help if the "pmrs" permissions were granted directly by the ebuild.

Should the -m flag alone be enough?

Thank you in advance
Comment 1 Petteri Räty (RETIRED) gentoo-dev 2007-04-18 14:53:25 UTC
Yeah it was changed in a patch by our hardened folks when switching to an eclass to mark the files:
https://bugs.gentoo.org/attachment.cgi?id=103184
Comment 2 Petteri Räty (RETIRED) gentoo-dev 2007-04-19 18:53:18 UTC
Hardened folks are saying that -m is only good for >=1.5 to to changing 1.4 back to -srpm leaving newer versions alone. Thanks for reporting and please reopen if you still have issues with -r2.