504638 – media-video/dvdauthor-0.7.1 needs EMUTRAMP on hardened

Bug 504638 - media-video/dvdauthor-0.7.1 needs EMUTRAMP on hardened

Summary: media-video/dvdauthor-0.7.1 needs EMUTRAMP on hardened

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Media-video project

URL:
Whiteboard:
Keywords:	PATCH

Depends on:
Blocks:

Reported:	2014-03-14 22:30 UTC by Andrew John Hughes
Modified:	2015-07-04 14:36 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Patch to ebuild (dvdauthor-paxmark.patch,739 bytes, patch) 2014-03-14 22:30 UTC, Andrew John Hughes	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew John Hughes 2014-03-14 22:30:27 UTC

* QA Notice: The following files contain writable and executable sections
 *  Files with such sections will not work properly (or at all!) on some
 *  architectures/operating systems.  A bug should be filed at
 *  http://bugs.gentoo.org/ to make sure the issue is fixed.
 *  For more information, see http://hardened.gentoo.org/gnu-stack.xml
 *  Please include the following list of files in your report:
 *  Note: Bugs should be filed for the respective maintainers
 *  of the package in question and not hardened@g.o.
 * RWX --- --- usr/bin/mpeg2desc

mpeg2desc, at minimum, needs to be set +E so it will run on hardened kernels.

Reproducible: Always

Actual Results:  
Mar  9 05:31:34 carrie kernel: [2007787.135097] grsec: denied marking stack executable as requested by PT_GNU_STACK marking in /usr/bin/mpeg2desc by /lib64/ld-2.18.so[ld-linux-x86-64:15069] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/ldd[ldd:15066] uid/euid:0/0 gid/egid:0/0


Expected Results:  
mpeg2desc runs

Portage 2.2.7 (hardened/linux/amd64, gcc-4.8.2, glibc-2.18-r1, 3.13.2-hardened-r3.rivendell x86_64)
=================================================================
System uname: Linux-3.13.2-hardened-r3.rivendell-x86_64-Intel-R-_Xeon-R-_CPU_X5482_@_3.20GHz-with-gentoo-2.2
KiB Mem:     8216204 total,    500164 free
KiB Swap:    6147416 total,   3608632 free
Timestamp of tree: Fri, 14 Mar 2014 02:15:01 +0000
ld GNU ld (GNU Binutils) 2.23.2
ccache version 3.1.9 [disabled]
app-shells/bash:          4.2_p45
dev-java/java-config:     2.2.0::java
dev-lang/python:          2.7.5-r2, 3.3.4
dev-util/ccache:          3.1.9-r3
dev-util/cmake:           2.8.12.2
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.11.8
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.9.6-r3, 1.10.3, 1.11.6, 1.12.6, 1.14
sys-devel/binutils:       2.23.2
sys-devel/gcc:            4.8.2
sys-devel/gcc-config:     1.8
sys-devel/libtool:        2.4.2
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.9 (virtual/os-headers)
sys-libs/glibc:           2.18-r1

Comment 1 Andrew John Hughes 2014-03-14 22:30:43 UTC

Created attachment 372682 [details, diff]
Patch to ebuild

Comment 2 Magnus Granberg gentoo-dev

2015-07-04 14:36:33 UTC

Do it realy need pax mark E or can it be fixed like in the gnu-stack doc?