| Summary: | =gnome-extra/yelp-3.8.1 needs MPROTECT disabled | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Sean Santos <quantheory> |
| Component: | Hardened | Assignee: | The Gentoo Linux Hardened Team <hardened> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | CC: | gnome |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
output of emerge --info webkit-gtk yelp
Backtrace printed after running yelp by hand with MPROTECT on |
||
|
Description
Sean Santos
2013-12-08 09:47:04 UTC
Please attach your "emerge --info webkit-gtk yelp" output. Created attachment 367106 [details]
output of emerge --info webkit-gtk yelp
(In reply to Sean Santos from comment #2) > net-libs/webkit-gtk-2.0.4 was built with the following: > USE="geoloc gstreamer introspection libsecret spell test webgl (-aqua) -coverage -debug -jit" Interesting! You have webkit-gtk jit disabled, and I can't think of what else in yelp could hit mprotect. Unfortunately, I don't have a hardened system any more. Do you have any additional debugging information about where/why yelp is failing pax mprotect? For example, in the main code, in a specific library, etc.? Does www-client/epiphany work when you emerge it with -jit? Or do you also need to manually paxctl mark it? Ah, I forgot - this is the regex jit problem in webkit-gtk that we haven't fixed yet :/ *** This bug has been marked as a duplicate of bug 484300 *** Created attachment 367110 [details]
Backtrace printed after running yelp by hand with MPROTECT on
Well, I just ran yelp by hand and got a core file with the attached backtrace. At first glance it looks like webkit-gtk still is using JIT even with -jit.
Ah, yes. Looks like this is the same from my backtrace. |
