Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 413875

Summary: dev-lang/erlang-15.2 segfaults with sys-kernel/hardened-sources-3.2.11
Product: Gentoo Linux Reporter: Mira Ressel <aranea>
Component: HardenedAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: backtrace of /usr/lib64/erlang/erts-5.9/bin/erlexec (not fully readable)

Description Mira Ressel 2012-04-28 14:15:43 UTC 
Created attachment 310343 [details]
backtrace of /usr/lib64/erlang/erts-5.9/bin/erlexec (not fully readable)

Since sys-kernel/hardened-sources-3.2.11, /usr/lib64/erlang/erts-5.9/bin/erlexec (called by /usr/bin/erl) crashes with a segfault when runned as non-root, somewhere inside a function which seems to grab informations about the CPU. The backtrace is attached.

With hardened-sources-3.2.2-r1, everything works fine. Diffing the both kernel configs yields no intersting changes.

The problem seems to be caused by some of grsecurity's hardening features constraining some permissions.
Comment 1 Mira Ressel 2012-04-29 18:14:05 UTC 
I now further examined the situation with strace: The last system call before segfaulting is open("/sys/devices/system/node", ...), resulting in an EACCES.
Comment 2 Mira Ressel 2012-04-29 18:31:53 UTC 
With >=hardened-sources-3.2.2-r1, the permissions on /sys were:
- 0700 on /sys
- 0755 on everything below /sys/
Now, with hardened-sources-3.2.11, they are:
- 0755 on /sys
- 0755 on *some* dirs below /sys/
- 0700 on the other dirs below /sys/, including /sys/devices/system/node/.

I tried the obvious, and it really worked: After chmodding /sys back to 0700, Erlang worked again. But that looks like a quite dirty workaround...
Comment 3 Mira Ressel 2012-04-29 20:40:27 UTC 
This bug is already fixed by upstream in the latest maint release R15B01 (https://github.com/erlang/otp/commit/00a2aff). Could you please add that version to the portage tree?

Besides renaming the ebuild, one small change is needed for the new version:
-MY_PV="R$(get_major_version)B${ERL_VER[2]}"
+MY_PV="R$(get_major_version)B0${ERL_VER[2]}"
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2012-05-01 22:36:49 UTC 

*** This bug has been marked as a duplicate of bug 413669 ***
Comment 5 tomas charvat 2012-10-09 17:46:16 UTC 
same error also occure when http://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Sysfs.2Fdebugfs_restriction is enabled.

Thus erlang is not compactible with default configuration of Gentoo-hardened profile if you are running as non-root user.