Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 410617

Summary: www-client/epiphany-3.2.1-r1 ebuild shouldn't unconditionally pax-mark m /usr/bin/epiphany
Product: Gentoo Linux Reporter: Maxim Kammerer <mk>
Component: [OLD] GNOMEAssignee: Gentoo Linux Gnome Desktop Team <gnome>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Maxim Kammerer 2012-04-03 01:08:17 UTC
paxctl -m disables important PaX security features. The jit USE flag is already disabled by default for webkit-gtk on hardened, so I think that PaX-marking epiphany executable should be left for the end-user (as is done with midori, for instance).
Comment 1 Maxim Kammerer 2012-04-03 01:11:33 UTC
Relevant: bug #407085, bug #404215.
Comment 2 Alexandre Rostovtsev (RETIRED) gentoo-dev 2012-04-14 03:26:38 UTC
Good point. Fixed in epiphany-3.4.0.1; if you want the full PaX protection, you can emerge it with USE=-jit.

>*epiphany-3.4.0.1 (14 Apr 2012)
>
>  14 Apr 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
>  +epiphany-3.4.0.1.ebuild:
>  Version bump with a much improved history storage and a new gtk3.4-style
>  application menu. Add a new jit USE flag to control whether to relax memory
>  protection on PaX systems and allow using jit-enabled webkit-gtk (bug
>  #410617, thanks to Maxim Kammerer for reporting).