522808 – =net-libs/webkit-gtk-2.4* - more binaries need to be pax-marked

Bug 522808 - =net-libs/webkit-gtk-2.4* - more binaries need to be pax-marked

Summary: =net-libs/webkit-gtk-2.4* - more binaries need to be pax-marked

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] GNOME (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Linux Gnome Desktop Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-09-14 21:23 UTC by Alexander Tsoy
Modified:	2014-10-04 08:20 UTC (History)
CC List:	0 users

See Also:	522810
Package list:
Runtime testing required:	---

Attachments
webkit-gtk-2.2.6.ebuild.patch (webkit-gtk-2.2.6.ebuild.patch,424 bytes, patch) 2014-09-14 21:23 UTC, Alexander Tsoy	Details \| Diff
webkit-gtk-2.4.4.ebuild.patch (webkit-gtk-2.4.4.ebuild.patch,444 bytes, patch) 2014-09-15 08:58 UTC, Alexander Tsoy	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Tsoy 2014-09-14 21:23:07 UTC

Created attachment 384742 [details, diff]
webkit-gtk-2.2.6.ebuild.patch

webkit-gtk-2.4 introduced multi-process support and some binaries need to be pax-marked. This does not apply to -r200 ebuilds.


For example I get these errors when I run Epiphany with flash plugin:

[16348.784387] grsec: denied RWX mprotect of <anonymous mapping> by /usr/libexec/WebKitPluginProcess[WebKitPluginPro:3984] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[16348.784403] PAX: execution attempt in: <anonymous mapping>, 31b4f000000-31b4f520000 31b4f000000
[16348.784407] PAX: terminating task: /usr/libexec/WebKitPluginProcess(WebKitPluginPro):3984, uid/euid: 1000/1000, PC: 0000031b4f508f45, SP: 000003b5b65ab638
[16348.784409] PAX: bytes at PC: 55 48 8b ec 48 83 ec 30 48 89 5d e0 4c 89 65 d8 48 8d 5d e8 
[16348.784423] PAX: bytes at SP-8: 0000031b4f4a1890 0000031b567fecaf 48000000a4d3f4f1 000003b5b65ab660 000003b5b65ab6f0 0000031b567ffafa 0000031b4f2c0118 000003b5b65ab6f0 0000031b4f382100 0000031b567ff962 0000031b4f018000


Similar errors occurs with WebKitWebProces if webkit-gtk was compiled with jit.

Comment 1 Alexander Tsoy 2014-09-15 08:46:44 UTC

(In reply to Alexander Tsoy from comment #0)
> Created attachment 384742 [details, diff] [details, diff]
> webkit-gtk-2.2.6.ebuild.patch

Oops.. I made a patch against the wrong version of webkit-gtk. :)

Comment 2 Alexander Tsoy 2014-09-15 08:58:20 UTC

Created attachment 384772 [details, diff]
webkit-gtk-2.4.4.ebuild.patch

Comment 3 Pacho Ramos gentoo-dev

2014-09-15 11:47:38 UTC

(In reply to Alexander Tsoy from comment #2)
> Created attachment 384772 [details, diff] [details, diff]
> webkit-gtk-2.4.4.ebuild.patch

Why is it running pam-mark for WebKitPluginProcess unconditionally of "jit" USE flag?

Comment 4 Alexander Tsoy 2014-09-15 12:04:17 UTC

(In reply to Pacho Ramos from comment #3)

This process is intended to load and run plugins such as adobe-flash, java, etc. Thus it should be pax-marked unconditionally. It is similar to plugin-container in firefox.

Comment 5 Pacho Ramos gentoo-dev

2014-09-15 12:31:20 UTC

OK, will probably commit it with 2.4.5 bump, but I am unsure if I will have time for it shortly :S

Anyway, if any other dev has enough time for that feel free to go ahead without waiting for me (or even waiting for the bump if you don't want to spend its hours of compilation for both slots :S )

Comment 6 Pacho Ramos gentoo-dev

2014-10-04 08:20:54 UTC

+*webkit-gtk-2.4.6 (04 Oct 2014)
+*webkit-gtk-2.4.6-r200 (04 Oct 2014)
+
+  04 Oct 2014; Pacho Ramos <pacho@gentoo.org> +webkit-gtk-2.4.6-r200.ebuild,
+  +webkit-gtk-2.4.6.ebuild:
+  Version bump, pax-mark some more files (#522808 by Alexander Tsoy)
+