96335 – pax kills bittornado if used with psyco installed on hardened

Bug 96335 - pax kills bittornado if used with psyco installed on hardened

Summary: pax kills bittornado if used with psyco installed on hardened

Status:	RESOLVED CANTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	x86 Linux

Importance:	High blocker (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-06-16 20:42 UTC by Slowking Man
Modified:	2005-06-17 05:00 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Slowking Man 2005-06-16 20:42:14 UTC

If BitTornado is used on a Hardened Gentoo system with psyco installed, PaX
terminates the process (specifically, btdownloadgui.py). I assume this has
something to do with Python, as psyco speeds up python code execution. Unmerging
psyco resolves the problem.

Reproducible: Always
Steps to Reproduce:
1. on hardened, emerge bittornado psyco
2. execute a .torrent file, with bittornado as the default client
Actual Results:  
PaX terminates BitTornado download GUI

Expected Results:  
Begun downloading torrent

log output:

Jun 16 19:12:38 [kernel] PAX: execution attempt in: <anonymous mapping>,
2943c000-2b43c000 2943c000
Jun 16 19:12:38 [kernel] PAX: terminating task:
/usr/bin/python2.3(btdownloadgui.p):14351, uid/euid: 1000/1000, PC: 2943c000,
SP: 4fd7b04c
Jun 16 19:12:38 [kernel] grsec: denied resource overstep by requesting 4096 for
RLIMIT_CORE against limit 0 for /usr/bin/btdownloadgui.py[btdownloadgui.p:14351]
uid/euid:1000/1000 gid/egid:100/100, parent /sbin/init[init:1] uid/euid:0/0
gid/egid:0/0

emerge -v --info output:

Portage 2.0.51.19 (hardened/x86/2.6, gcc-3.3.5-20050130,
glibc-2.3.4.20041102-r1, 2.6.11-hardened-r14 i686)
=================================================================
System uname: 2.6.11-hardened-r14 i686 Intel(R) Pentium(R) 4 CPU 2.53GHz
Gentoo Base System version 1.6.12
Python:              dev-lang/python-2.3.5 [2.3.5 (#1, May 11 2005, 18:37:00)]
dev-lang/python:     2.3.5
sys-apps/sandbox:    [Not Present]
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.8.5-r3, 1.5, 1.7.9-r1, 1.6.3, 1.4_p6, 1.9.5
sys-devel/binutils:  2.15.92.0.2-r10
sys-devel/libtool:   1.5.16
virtual/os-headers:  2.6.8.1-r2
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE=""
ARCH="x86"
AUTOCLEAN="yes"
BASH_ENV="/etc/spork/is/not/valid/profile.env"
CFLAGS="-O2 -march=i686 -pipe"
CHOST="i686-pc-linux-gnu"
CLASSPATH="."
CLEAN_DELAY="5"
COLORTERM="gnome-terminal"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/
/usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/
/usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CVS_RSH="ssh"
CXXFLAGS="-O2 -march=i686 -pipe"
DESKTOP_SESSION="gnome"
DESKTOP_STARTUP_ID=""
DISPLAY=":0.0"
DISTDIR="/usr/portage/distfiles"
EDITOR="/usr/bin/emacs"
ELIBC="glibc"
FEATURES="autoaddcvs autoconfig ccache collision-protect distlocks sandbox
sfperms strict test userpriv"
FETCHCOMMAND="/usr/bin/wget -t 5 --passive-ftp -P ${DISTDIR} ${URI}"
GCC_SPECS=""
GDK_USE_XFT="1"
GDMSESSION="gnome"
GDM_XSERVER_LOCATION="local"
GENTOO_MIRRORS="http://gentoo.osuosl.org/
ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo
http://csociety-ftp.ecn.purdue.edu/pub/gentoo/
ftp://csociety-ftp.ecn.purdue.edu/pub/gentoo/
ftp://mirror.iawnet.sandia.gov/pub/gentoo/
ftp://ftp.ussg.iu.edu/pub/linux/gentoo http://gentoo.seren.com/gentoo
http://gentoo.chem.wisc.edu/gentoo/ ftp://gentoo.chem.wisc.edu/gentoo/
http://cudlug.cudenver.edu/gentoo/
ftp://cudlug.cudenver.edu/pub/mirrors/distributions/gentoo/
http://gentoo.ccccom.com ftp://gentoo.ccccom.com
http://gentoo.mirrors.tds.net/gentoo ftp://gentoo.mirrors.tds.net/gentoo
http://gentoo.netnitco.net ftp://gentoo.netnitco.net/pub/mirrors/gentoo/source/
http://mirror.espri.arizona.edu/gentoo/
http://mirror.clarkson.edu/pub/distributions/gentoo/
http://mirrors.acm.cs.rpi.edu/gentoo/ ftp://ftp.ndlug.nd.edu/pub/gentoo/
http://open-systems.ufl.edu/mirrors/gentoo http://gentoo.llarian.net/
ftp://gentoo.llarian.net/pub/gentoo http://gentoo.binarycompass.org
http://mirror.datapipe.net/gentoo http://mirror.datapipe.net/gentoo
http://gentoo.eliteitminds.com http://gentoo.cs.lewisu.edu/gentoo/
ftp://linux.cs.lewisu.edu/gentoo/ http://prometheus.cs.wmich.edu/gentoo
http://modzer0.cs.uaf.edu/public/gentoo/ http://mirror.usu.edu/mirrors/gentoo/
ftp://mirror.usu.edu/mirrors/gentoo/ http://lug.mtu.edu/gentoo
http://mirror.phy.olemiss.edu/mirror/gentoo"
GNOME_DESKTOP_SESSION_ID="Default"
GNOME_KEYRING_SOCKET="/tmp/keyring-zvFFL8/socket"
GRP_STAGE23_USE="x86 berkdb crypt readline nls ssl tcpd zlib pam pic  hardened
dlloader"GTK_RC_FILES="/etc/gtk/gtkrc:/home/chris/.gtkrc-1.2-gnome2"
GUILE_LOAD_PATH="/usr/share/guile/1.6"
G_BROKEN_FILENAMES="1"
HOME="/home/chris"
HOSTNAME="hal"
INFOPATH="/usr/share/info:/usr/share/binutils-data/i686-pc-linux-gnu/2.15.92.0.2/info:/usr/share/gcc-data/i686-pc-linux-gnu/3.3.5-20050130/info:/usr/share/info/emacs-21"
JAVAC="/opt/sun-jdk-1.4.2.08/bin/javac"
JAVA_HOME="/opt/sun-jdk-1.4.2.08"
JDK_HOME="/opt/sun-jdk-1.4.2.08"
KERNEL="linux"
LANG="en_US.utf8"
LC_ALL="en_US.utf8"
LESS="-R"
LESSOPEN="|lesspipe.sh %s"
LOGNAME="chris"
LS_COLORS="no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=01;32:*.cmd=01;32:*.exe=01;32:*.com=01;32:*.btm=01;32:*.bat=01;32:*.sh=01;32:*.csh=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.mng=01;35:*.xcf=01;35:*.pcx=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.avi=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.mov=01;35:*.qt=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.fli=01;35:*.gl=01;35:*.dl=01;35:*.pdf=00;32:*.ps=00;32:*.txt=00;32:*.patch=00;32:*.diff=00;32:*.log=00;32:*.tex=00;32:*.doc=00;32:*.mp3=00;36:*.wav=00;36:*.mid=00;36:*.midi=00;36:*.au=00;36:*.ogg=00;36:*.flac=00;36:*.aac=00;36:"
MAKEOPTS="-j2"
MANPATH="/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/i686-pc-linux-gnu/2.15.92.0.2/man:/usr/share/gcc-data/i686-pc-linux-gnu/3.3.5-20050130/man::/opt/sun-jdk-1.4.2.08/man"
NOCOLOR="false"
OPENGL_PROFILE="xorg-x11"
PAGER="/usr/bin/less"
PATH="/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/3.3.5-20050130:/usr/i386-pc-linux-gnu/gcc-bin/3.3.5:/opt/sun-jdk-1.4.2.08/bin:/opt/sun-jdk-1.4.2.08/jre/bin:/opt/sun-jdk-1.4.2.08/jre/javaws:/usr/games/bin"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_ARCHLIST="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 ppc-macos ppc-od
s390 sh sparc x86 x86-fbsd x86-obsd x86-od"
PORTAGE_BINHOST_CHUNKSIZE="3000"
PORTAGE_CALLER="emerge"
PORTAGE_GID="250"
PORTAGE_MASTER_PID="18135"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
PRELINK_PATH=""
PRELINK_PATH_MASK="/usr/lib/gstreamer-0.8:/usr/lib/wine:/usr/lib/valgrind:/opt"
PWD="/home/chris"
PYTHONDOCS="/usr/share/doc/python-docs-2.3.5/html"
RESUMECOMMAND="/usr/bin/wget -c -t 5 --passive-ftp -P ${DISTDIR} ${URI}"
RPMDIR="/usr/portage/rpm"
RSYNC_RETRIES="3"
RSYNC_TIMEOUT="180"
SANE_CONFIG_DIR="/etc/sane.d"
SESSION_MANAGER="local/hal:/tmp/.ICE-unix/713"
SHELL="/bin/bash"
SHLVL="1"
SSH_AGENT_PID="2195"
SSH_AUTH_SOCK="/tmp/ssh-mptzAHo713/agent.713"
STAGE1_USE="hardened pic "
SYNC="rsync://rsync.us.gentoo.org/gentoo-portage"
TERM="xterm"
USE="3dnow 3dnowext X a52 aalib acl acpi adns aim alsa apache2 artworkextra
authdaemond avi avifile bash-completion berkdb bitmap-fonts bzip2 bzlib c++
calendar caps cdparanoia cdr chroot cjk crypt cups curl curlwrappers dga
divx4linux dlloader doc dv dvb dvd dvdr dvdread eds emacs encode esd evo
examples exif extensions fam fbcon firebird flac flash foomaticdb ftlk ftp
gabber gb gcj gd gdbm gif gimp gimpprint glut gmp gnome gnustep gnutls gphoto2
gpm gstreamer gtk gtk2 gtkhtml guile hal hardened hardenedphp howl icq ieee1394
imagemagick imap imlib inline innodb ipv6 ithreads jack java javascript jikes
jpeg junit kerberos krb4 lcms ldap leim libcaca libgda libwww lm_sensors mad
matroska matrox memlimit mikmod mime ming mmap mmx mmxext mng motif mozsvg
mozxmlterm mp3 mpeg mpi msn mysql mysqli ncurses nls nptl odbc ogg oggvorbis
openal opengl oscal oss other_var1 other_var2 pam pcre pda pdflib perl php pic
plotutils png portaudio posix ppds python quicktime readline real recode sasl
scanner sdl sftplogging sharedext sharedmem shorten skey slang slp smartcard
sndfile sockets socks5 spell spl sse sse2 ssl svg svga symlink szip tcltk tcpd
tetex theora threads tidy tiff tokenizer toolbar truetype truetype-fonts unicode
usb userlocales v41 v4l v4l2 vcd videos vorbis wifi win32codecs wmf wnf
wxwindows x86 xml xml2 xmms xosd xprint xv xvid yahoo zlib userland_GNU
kernel_linux elibc_glibc"
USER="chris"
USERLAND="GNU"
USERNAME="chris"
USE_EXPAND="FRITZCAPI_CARDS FCDSL_CARDS VIDEO_CARDS INPUT_DEVICES LINGUAS
USERLAND KERNEL ELIBC"
WINDOWID="37748938"
XARGS="xargs -r"
XAUTHORITY="/home/chris/.Xauthority"
XINITRC="/etc/X11/xinit/xinitrc"
XPSERVERLIST=""
_="/usr/bin/emerge"

Comment 1 solar (RETIRED) gentoo-dev

2005-06-17 05:00:31 UTC

pysco is a JIT compiler that emits machine code on the fly instead of 
interpreting it. By nature this is exactly what PaX was designed to
prevent. 
The only real solution is to not use pysco. 
Try pyrex or other tools out there which can fully compile python objects