Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 68829 - sun-jdk + hardened pax : segfault due to bad pax flags
Summary: sun-jdk + hardened pax : segfault due to bad pax flags
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Java team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-10-25 07:24 UTC by Mathias Gug
Modified: 2004-10-26 05:57 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mathias Gug 2004-10-25 07:24:11 UTC
When emerging sun-jdk under a hardened profile with pax activated in the kernel, pax flags are set to conservative values. However java doesn't start.

Reproducible: Always
Steps to Reproduce:
1. Emerge sun-jdk
2. Try to start java : java -version

Actual Results:  
It fails.

Expected Results:  
Should print java version.

Portage 2.0.50-r11 (x86, gcc-3.3.4, glibc-2.3.3.20040420-r1, 2.6.7-hardened-r7)
=================================================================
System uname: 2.6.7-hardened-r7 i686 Intel(R) Pentium(R) 4 CPU 2.40GHz
Gentoo Base System version 1.4.16
Autoconf: sys-devel/autoconf-2.59-r4
Automake: sys-devel/automake-1.8.5-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -mcpu=i686 -pipe"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -mcpu=i686 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="ftp://gentoo.risq.qc.ca http://gentoo.mirrored.ca
http://www.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
PORTDIR_OVERLAY="/usr/local/portage"
USE="apache2 berkdb crypt dlloader gdbm gpm hardened imap java javamail jce
jikes jpeg libwww maildir mysql ncurses nls pam perl pic pie png python readline
ssl tcpd vhosts webdav x86 xml xml2 zlib"
Comment 1 Mathias Gug 2004-10-25 07:27:36 UTC
To fix the problem, I've also disabled "mmap() base" option :

----[ chpax 0.6.1 : Current flags for /opt/sun-jdk-1.4.2.06/bin/java (pemrxs) ]----
 
 * Paging based PAGE_EXEC       : disabled
 * Trampolines                  : not emulated
 * mprotect()                   : not restricted
 * mmap() base                  : not randomized
 * ET_EXEC base                 : not randomized
 * Segmentation based PAGE_EXEC : disabled


These are the flags that makes java working.

The fix is to add the "r" options to CHPAX_CONSERVATIVE_FLAGS in sun-jdk ebuilds :


CHPAX_CONSERVATIVE_FLAGS="pemrsv"

Comment 2 solar (RETIRED) gentoo-dev 2004-10-25 14:43:30 UTC
hardened does not maintain java. java@ maintains java.
The flags seem reasonable
Comment 3 Thomas Matthijs (RETIRED) gentoo-dev 2004-10-26 05:57:11 UTC
added