| Summary: | media-video/vlc binaries need to be PaX marked if win32codecs enabled | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Christopher Head <bugs> |
| Component: | Current packages | Assignee: | The Gentoo Linux Hardened Team <hardened> |
| Status: | VERIFIED OBSOLETE | ||
| Severity: | normal | CC: | media-video, piotrek.juzwiak |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Everything that makes use of the win32codes would require the same. Yeah, probably. VLC is the one I noticed though, and one might as well start there, no? (In reply to comment #1) > Everything that makes use of the win32codes would require the same. wouldn't there be a way to mark win32codecs stuff so that it gets propagated to programs using them? I'm not fond of adding workarounds to everything using it... The other option could be to mask win32codecs on hardened also, they're certainly not sane to use security-wise. I am having the same problem WITHOUT win32codecs media-video/vlc-1.1.7 USE="X a52 aac dbus dvd ffmpeg flac fontconfig gcrypt kde matroska mmx mp3 mpeg musepack ogg pulseaudio qt4 sse svg svga taglib theora truetype udev vaapi vorbis x264 xcb xv -aalib -alsa (-altivec) -atmo -avahi -bidi -cdda -cddb -dc1394 -debug -dirac -directfb -dts -dvb -fbcon -fluidsynth -ggi -gme -gnome -gnutls -httpd -id3tag -ieee1394 -jack -kate -libass -libcaca -libnotify -libproxy -libtiger -libv4l -libv4l2 -lirc -live -lua -modplug -mtp -ncurses -nsplugin -opengl -optimisememory -oss -png -projectm -pvr -remoteosd -rtsp -run-as-root -samba -schroedinger -sdl -sdl-image -shine -shout -skins -speex -sqlite -stream -twolame -upnp -v4l -v4l2 -vcdx -vlm -win32codecs -wma-fixed -xml -xosd -zvbi" If i won't mark it "paxctl -m /usr/bin/vlc" then it dies with Segmentation fault immediately. here is some strace output from hardened profile(just the end since it's guite long):
open("/usr/lib/libtheoraenc.so.1", O_RDONLY) = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\20\0\0004\0\0\0"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=185572, ...}) = 0
mmap2(NULL, 188432, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xa2e1e000
mmap2(0xa2e4b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x2c) = 0xa2e4b000
close(5) = 0
open("/usr/lib/libtheoradec.so.1", O_RDONLY) = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\22\0\0004\0\0\0"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=62636, ...}) = 0
mmap2(NULL, 65548, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xa2e0d000
mmap2(0xa2e1c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xe) = 0xa2e1c000
close(5) = 0
open("/usr/lib/libopenjpeg.so.2", O_RDONLY) = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 :\0\0004\0\0\0"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=121724, ...}) = 0
mmap2(NULL, 124744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xa2dee000
mmap2(0xa2e0b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x1c) = 0xa2e0b000
close(5) = 0
open("/usr/lib/libmp3lame.so.0", O_RDONLY) = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\205\0\0004\0\0\0"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=287288, ...}) = 0
mmap2(NULL, 499968, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xa2d73000
mprotect(0xa2db7000, 4096, PROT_NONE) = 0
mmap2(0xa2db8000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x44) = 0xa2db8000
mmap2(0xa2dba000, 209152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xa2dba000
mprotect(0xa451e000, 3784, PROT_READ|PROT_WRITE) = -1 EACCES (Permission denied)
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Segmentation fault
The win32codecs USE flag is gone because the media-libs/win32codecs package is going to be removed, see bug 468406. |
If the win32codecs use flag is enabled, VLC pulls in codecs in PE format. Inside VLC there is a custom loader that brings those codecs into memory and allows them to be executed. This loader obviously does not work if mprotect() restrictions are enabled. To resolve this, the ebuild should inherit pax-utils and execute pax-mark m "${D}"/usr/bin/vlc (or something similar), perhaps in src_install() (at least that's where John The Ripper, e.g., does it). Reproducible: Always Steps to Reproduce: