Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 437744 - dev-lang/erlang segfault under hardened sources
Summary: dev-lang/erlang segfault under hardened sources
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Development (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Dirkjan Ochtman (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-10-09 18:00 UTC by tomas charvat
Modified: 2012-12-31 09:28 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description tomas charvat 2012-10-09 18:00:57 UTC 
I have found 2 problems with erlang running on hardened profile.
1. http://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Sysfs.2Fdebugfs_restriction 
prevent you from running erlang code as non-root
Its hard to detect, but erlang application has problems to read files from FS as result.
Typicaly riak wont be able to read its config file on startup followed by segfault from Erlang saying "error in reading /etc/riak/app.config"
it seems to be rather feature hardened kernel that bug

2. beam.smp doesnt work properly until you disable mprotect
paxctl -m /usr/lib64/erlang/erts-5.9/bin/beam.smp should be part of the ebuild or ebuild info
For other application that install its own erlang, i.e. riak it must be done again.
paxctl -m /usr/lib64/riak/erts-5.9/bin/beam.smp


Reproducible: Always




 denied RWX mmap of <anonymous mapping> by /usr/lib64/riak/erts-5.9/bin/beam.smp[beam.smp:5119] uid/euid:106/106 gid/egid:118/118, parent /usr/lib64/riak/erts-5.9/bin/run_erl[run_erl:4914] uid/euid:106/106 gid/egid:118/118
Comment 1 Mira Ressel 2012-10-10 14:38:51 UTC 
(In reply to comment #0)

> 2. beam.smp doesnt work properly until you disable mprotect
What do you mean by "not properly"?

> paxctl -m /usr/lib64/erlang/erts-5.9/bin/beam.smp should be part of the
Are you using erlang-15.2 (R15B)? Please consider updating to erlang-15.2.2 (R15B02).


I'm using erlang here on my machine (which's running a hardened-sources kernel) for a while, without major problems.
Comment 2 Mira Ressel 2012-10-10 14:40:15 UTC 
Oh, and one thing: Are you using hipe (useflag +hipe)? In this case, try to disable that. It seems to be using some jit techniques which don't work well on hardened systems...
Comment 3 Mira Ressel 2012-10-10 15:01:11 UTC 
(In reply to comment #0)

> 1.
> http://en.wikibooks.org/wiki/Grsecurity/Appendix/
> Grsecurity_and_PaX_Configuration_Options#Sysfs.2Fdebugfs_restriction 
> prevent you from running erlang code as non-root
> Its hard to detect, but erlang application has problems to read files from
> FS as result.
> Typicaly riak wont be able to read its config file on startup followed by
> segfault from Erlang saying "error in reading /etc/riak/app.config"
> it seems to be rather feature hardened kernel that bug

I /am/ able to access files from erlang (as long as I have read permissions on them, for sure) using erlang-15.2.2 and hardened-sources-3.5.4-r1 with CONFIG_GRKERNSEC_SYSFS_RESTRICT enabled.
Comment 4 Dirkjan Ochtman (RETIRED) gentoo-dev 2012-12-31 09:28:38 UTC 
This appears to be fixed in 15.2.2.