Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 68829

Summary: sun-jdk + hardened pax : segfault due to bad pax flags
Product: Gentoo Linux Reporter: Mathias Gug <mathias.gug>
Component: Current packagesAssignee: Java team <java>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Mathias Gug 2004-10-25 07:24:11 UTC 
When emerging sun-jdk under a hardened profile with pax activated in the kernel, pax flags are set to conservative values. However java doesn't start.

Reproducible: Always
Steps to Reproduce:
1. Emerge sun-jdk
2. Try to start java : java -version

Actual Results:  
It fails.

Expected Results:  
Should print java version.

Portage 2.0.50-r11 (x86, gcc-3.3.4, glibc-2.3.3.20040420-r1, 2.6.7-hardened-r7)
=================================================================
System uname: 2.6.7-hardened-r7 i686 Intel(R) Pentium(R) 4 CPU 2.40GHz
Gentoo Base System version 1.4.16
Autoconf: sys-devel/autoconf-2.59-r4
Automake: sys-devel/automake-1.8.5-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -mcpu=i686 -pipe"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -mcpu=i686 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="ftp://gentoo.risq.qc.ca http://gentoo.mirrored.ca
http://www.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
PORTDIR_OVERLAY="/usr/local/portage"
USE="apache2 berkdb crypt dlloader gdbm gpm hardened imap java javamail jce
jikes jpeg libwww maildir mysql ncurses nls pam perl pic pie png python readline
ssl tcpd vhosts webdav x86 xml xml2 zlib"
Comment 1 Mathias Gug 2004-10-25 07:27:36 UTC 
To fix the problem, I've also disabled "mmap() base" option :

----[ chpax 0.6.1 : Current flags for /opt/sun-jdk-1.4.2.06/bin/java (pemrxs) ]----
 
 * Paging based PAGE_EXEC       : disabled
 * Trampolines                  : not emulated
 * mprotect()                   : not restricted
 * mmap() base                  : not randomized
 * ET_EXEC base                 : not randomized
 * Segmentation based PAGE_EXEC : disabled


These are the flags that makes java working.

The fix is to add the "r" options to CHPAX_CONSERVATIVE_FLAGS in sun-jdk ebuilds :


CHPAX_CONSERVATIVE_FLAGS="pemrsv"
Comment 2 solar (RETIRED) gentoo-dev 2004-10-25 14:43:30 UTC 
hardened does not maintain java. java@ maintains java.
The flags seem reasonable
Comment 3 Thomas Matthijs (RETIRED) gentoo-dev 2004-10-26 05:57:11 UTC 
added