Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 352640 - app-arch/upx-bin-3.07: exec of /opt/bin/upx fails with PaX (MPROTECT) enabled kernels like hardened-sources
Summary: app-arch/upx-bin-3.07: exec of /opt/bin/upx fails with PaX (MPROTECT) enabled...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: AMD64 Linux
: High normal (vote)
Assignee: MATSUU Takuto (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-01-24 22:55 UTC by Lubomir Krajcovic
Modified: 2011-10-10 15:29 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
ebuild patch implementing PaX marking of /opt/bin/upx (upx-bin-3.07.ebuild.patch,694 bytes, patch)
2011-01-24 22:58 UTC, Lubomir Krajcovic 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lubomir Krajcovic 2011-01-24 22:55:09 UTC 
upx-bin emerges fine, but forgets to disable MPROTECT on /opt/bin/upx upon installing, thus preventing upx from being functional on PaX enabled machines.

Consequentialy other ebuils (like media-video/tsmuxer-1.10.6-r1) fail to emerge, because they require working upx binary.

Reproducible: Always

Steps to Reproduce:
1. use hardened-sources with enabled PaX and MPROTECT
2. emerge upx-bin
3. execute (in terminal): /opt/bin/upx

Actual Results:  
upx fails with following error message:
PROT_EXEC|PROT_WRITE failed.


Expected Results:  
display of upx help page.
Comment 1 Lubomir Krajcovic 2011-01-24 22:58:31 UTC 
Created attachment 260618 [details, diff]
ebuild patch implementing PaX marking of /opt/bin/upx
Comment 2 Francisco Blas Izquierdo Riera (RETIRED) gentoo-dev 2011-02-11 16:35:13 UTC 
CCing maintainer (as I still can't assign to him)

@Reporter, you may want to use upx-ucl in the mean time ;)
Comment 3 Anthony Basile gentoo-dev 2011-08-11 23:43:29 UTC 
@matsuu, this is a completely safe patch.  Can you commit it and close this bug?
Comment 4 Anthony Basile gentoo-dev 2011-10-09 20:57:04 UTC 
Ping @matsuu
Comment 5 MATSUU Takuto (RETIRED) gentoo-dev 2011-10-10 15:29:28 UTC 
sorry for delay.
3.07-r1 in cvs.