| Summary: | www-clients/firefox-5.0-r2 mmap loog on PaX&hardened system | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Anton Kochkov <anton.kochkov> |
| Component: | Current packages | Assignee: | The Gentoo Linux Hardened Team <hardened> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | anthoine.bourgeois, anton.kochkov, bugs+gentoo, cruzki123, graham, pageexec |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
strace -v output
emerge --info log Configuration file to disable jit |
||
Created attachment 279287 [details]
emerge --info log
Created attachment 279715 [details]
Configuration file to disable jit
I think the problem is due to jit not fully disabled (despite USE=-methodjit being set on hardened). The attached file should be put in
/usr/lib/{firefox,icecat,seamonkey}/defaults/pref
It disables any jit support by default and the browser should come up. It least it did the trick for me with seamonkey and icecat on hardened amd64.
Here it started, but the moment I tried something like opening a new tab, it crashed. Putting the file as offered by Christian in the suggested location fixed this indeed. (In reply to comment #2) > Created attachment 279715 [details] > Configuration file to disable jit > > I think the problem is due to jit not fully disabled (despite USE=-methodjit > being set on hardened). The attached file should be put in > /usr/lib/{firefox,icecat,seamonkey}/defaults/pref > It disables any jit support by default and the browser should come up. It least > it did the trick for me with seamonkey and icecat on hardened amd64. Your patch doesnt help me I am seeing the same problem on a non-hardened (and therefore non PAX) kernel with just hardened toolchain. The presence of the nojit.js file makes no difference. However if I select the i686-pc-linux-gnu-4.5.3-hardenednopie gcc profile and rebuild firefox, it runs OK (without the nojit.js). same problem, started after rebuilding everything with gcc hardened 4.5.3 from stable gcc. seems that have to do with a linker's bug http://sourceware.org/bugzilla/show_bug.cgi?id=12654 after applying the binutils patch and re-emerging firefox starts fine again Bug is still here for Firefox-7.0 and even Firefox-8.0 (with old gcc - 4.5.2) (In reply to comment #7) > seems that have to do with a linker's bug > > http://sourceware.org/bugzilla/show_bug.cgi?id=12654 > > after applying the binutils patch and re-emerging firefox starts fine again And so firefox 7.0 and 8.0. The fix above is include in instable binutils-2.22-r1 only. Note there is two problem here: 1/ The mmap loop on PAX kernel is fixed with paxctl -r (see #396275) 2/ The pie lock on hardened toolchain is fixed with linker's patches above (and binutils-2.22-r1 by the way, see #390911) The problem is the patches aren't backported to a stable version then stable users can launch firefox 7.0, 8.0 Can this bug be closed now? I guess it not actual anymore? (In reply to Anton Kochkov from comment #10) > Can this bug be closed now? I guess it not actual anymore? I think so. Bugs #396275 and #390911 are resolved and binutils-2.22-r1 is stable. |
Created attachment 279285 [details] strace -v output Building firefox-5.0-r2 from main gentoo tree. Building is ok. but firefox doesnt start. Attaching strace