Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 623374 - media-video/vlc-2.2.6: video playback fails due to PaX mprotect
Summary: media-video/vlc-2.2.6: video playback fails due to PaX mprotect
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-01 19:46 UTC by Hermila Hoover
Modified: 2017-07-01 19:46 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hermila Hoover 2017-07-01 19:46:28 UTC 
vlc gets killed when opening a video file and dmesg states

grsec: denied RWX mprotect of <anonymous mapping> by /usr/bin/vlc[vlc:11922] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/zsh[zsh:4633] uid/euid:1000/1000 gid/egid:1000/1000                            
grsec: denied RWX mprotect of <anonymous mapping> by /usr/bin/vlc[vlc:11922] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/zsh[zsh:4633] uid/euid:1000/1000 gid/egid:1000/1000                                             
grsec: denied RWX mprotect of <anonymous mapping> by /usr/bin/vlc[vlc:11922] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/zsh[zsh:4633] uid/euid:1000/1000 gid/egid:1000/1000                                           
grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/vlc[vlc:11922] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/zsh[zsh:4633] uid/euid:1000/1000 gid/egid:1000/1000                                                 
grsec: denied RWX mprotect of <anonymous mapping> by /usr/bin/vlc[vlc:11922] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/zsh[zsh:4633] uid/euid:1000/1000 gid/egid:1000/1000 
PAX: execution attempt in: <anonymous mapping>, 3054df44000-3054e047000    3054df44000                                                                                                                                    
PAX: terminating task: /usr/bin/vlc(vlc):11922, uid/euid: 1000/1000, PC: 0000031e8133a000, SP:  0000031e54b5a388                                                                                                         
PAX: bytes at PC: 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 81 ec                                                                                                                                                   
PAX: bytes at SP-8: 0000000000000004 0000031e5f08bd34 0000031e3c054fd8 0000000000000000 0000000000000000 0000000000000000 0000006454b5a600 0000031e54b5a4f0 0000000000000c8e 0000000038e77727 0000031e3cda95d0

To me it seems to be an issue with PaX, more precisely mprotect. Indeed, after disabling mprotect for /usr/bin/vlc playback works fine:

# paxctl-ng -m /usr/bin/vlc
# paxctl-ng -v /usr/bin/vlc
vlc:
        PT_PAX    : -em--
        XATTR_PAX : -em--
# vlc video.mp4 # no kill

(Tested with vlc-2.2.6)

A related bug report I've found is [0] which disables mprotect in its config[1] at line 97.
Also linux-pax-flags (a package from ArchLinux) disables mprotect for vlc[2, line 43].

[0] https://github.com/subgraph/subgraph-os-issues/issues/78
[1] https://github.com/subgraph/paxrat/blob/master/paxrat.conf#L97
[2] https://github.com/nning/linux-pax-flags/blob/master/simple.conf#L43