Summary: | dev-python/pycairo-1.10.0-r{2,4} configure segfaults with python 3.2 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sean Santos <quantheory> |
Component: | [OLD] Development | Assignee: | Python Gentoo Team <python> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | hardened |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
build.log
emerge --info |
Description
Sean Santos
2013-02-28 07:33:49 UTC
Accidentally hit enter before finishing comment 0. Basically, I can't emerge pycairo with python 3.2. Build and emerge logs are forthcoming. Created attachment 340452 [details]
build.log
Created attachment 340454 [details]
emerge --info
Some more testing shows that I only have this problem with FEATURES="userpriv" (i.e. non-root). I'm using a hardened kernel/profile with CONFIG_GRKERNSEC_TPE_ALL, and I get these grsec messages: grsec: denied untrusted exec (due to file in group-writable directory) of /var/tmp/portage/dev-python/pycairo-1.10.0-r4/temp/ffiEzcqKh by /usr/bin/python3.2[waf:28224] uid/euid:250/250 gid/egid:250/250, parent /usr/lib64/portage/bin/ebuild.sh[ebuild.sh:28174] uid/euid:250/250 gid/egid:250/250 grsec: denied untrusted exec (due to file in world-writable directory) of /var/tmp/ffiCl37Gr by /usr/bin/python3.2[waf:28224] uid/euid:250/250 gid/egid:250/250, parent /usr/lib64/portage/bin/ebuild.sh[ebuild.sh:28174] uid/euid:250/250 gid/egid:250/250 grsec: denied untrusted exec (due to file in group-writable directory) of /var/tmp/portage/dev-python/pycairo-1.10.0-r4/homedir/ffiqitRDB by /usr/bin/python3.2[waf:28224] uid/euid:250/250 gid/egid:250/250, parent /usr/lib64/portage/bin/ebuild.sh[ebuild.sh:28174] uid/euid:250/250 gid/egid:250/250 grsec: Segmentation fault occurred at 0000006100000069 in /usr/bin/python3.2[waf:28224] uid/euid:250/250 gid/egid:250/250, parent /usr/lib64/portage/bin/ebuild.sh[ebuild.sh:28174] uid/euid:250/250 gid/egid:250/250 libffi strike igain. You need to have EMUTRAMP enable in the kernel read more on https://wiki.gentoo.org/wiki/Hardened/PaX_Quickstart and bug 484472 *** This bug has been marked as a duplicate of bug 484472 *** *** This bug has been marked as a duplicate of bug 519566 *** I have always had EMUTRAMP enabled, but I filed this bug well before the current libffi. If there is renewed interest in fixing TPE, I will try to dig up all the old bug reports I have and see if there are any issues that are still relevant. (In reply to Sean Santos from comment #7) > I have always had EMUTRAMP enabled, but I filed this bug well before the > current libffi. If there is renewed interest in fixing TPE, I will try to > dig up all the old bug reports I have and see if there are any issues that > are still relevant. It was a problem with libffi and pax when it can't mmap rwx it try to make file in some temp dir and with tpe on. It fail and it is what you see in that log. Now with fixed libffi and with Emutramp on it don't need to use the temp file stuff. But TPE and some more apps still have problems. (In reply to Magnus Granberg from comment #5) > libffi strike igain. > You need to have EMUTRAMP enable in the kernel > read more on > https://wiki.gentoo.org/wiki/Hardened/PaX_Quickstart > and bug 484472 > > *** This bug has been marked as a duplicate of bug 484472 *** (In reply to Sean Santos from comment #7) > I have always had EMUTRAMP enabled, but I filed this bug well before the > current libffi. If there is renewed interest in fixing TPE, I will try to > dig up all the old bug reports I have and see if there are any issues that > are still relevant. Yeah this is subtle. See bug #519566 comment #c19. EMUTRAMP is enough for TPE but for TPE_ALL you also need to make sure the directory is not group or world writeable for any non-root user, even the trusted GID. The patch by zmedico there solves this. |