Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 504638

Summary: media-video/dvdauthor-0.7.1 needs EMUTRAMP on hardened
Product: Gentoo Linux Reporter: Andrew John Hughes <gnu_andrew>
Component: Current packagesAssignee: Gentoo Media-video project <media-video>
Status: UNCONFIRMED ---    
Severity: normal Keywords: PATCH
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: Patch to ebuild

Description Andrew John Hughes 2014-03-14 22:30:27 UTC 
* QA Notice: The following files contain writable and executable sections
 *  Files with such sections will not work properly (or at all!) on some
 *  architectures/operating systems.  A bug should be filed at
 *  http://bugs.gentoo.org/ to make sure the issue is fixed.
 *  For more information, see http://hardened.gentoo.org/gnu-stack.xml
 *  Please include the following list of files in your report:
 *  Note: Bugs should be filed for the respective maintainers
 *  of the package in question and not hardened@g.o.
 * RWX --- --- usr/bin/mpeg2desc

mpeg2desc, at minimum, needs to be set +E so it will run on hardened kernels.

Reproducible: Always

Actual Results:  
Mar  9 05:31:34 carrie kernel: [2007787.135097] grsec: denied marking stack executable as requested by PT_GNU_STACK marking in /usr/bin/mpeg2desc by /lib64/ld-2.18.so[ld-linux-x86-64:15069] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/ldd[ldd:15066] uid/euid:0/0 gid/egid:0/0


Expected Results:  
mpeg2desc runs

Portage 2.2.7 (hardened/linux/amd64, gcc-4.8.2, glibc-2.18-r1, 3.13.2-hardened-r3.rivendell x86_64)
=================================================================
System uname: Linux-3.13.2-hardened-r3.rivendell-x86_64-Intel-R-_Xeon-R-_CPU_X5482_@_3.20GHz-with-gentoo-2.2
KiB Mem:     8216204 total,    500164 free
KiB Swap:    6147416 total,   3608632 free
Timestamp of tree: Fri, 14 Mar 2014 02:15:01 +0000
ld GNU ld (GNU Binutils) 2.23.2
ccache version 3.1.9 [disabled]
app-shells/bash:          4.2_p45
dev-java/java-config:     2.2.0::java
dev-lang/python:          2.7.5-r2, 3.3.4
dev-util/ccache:          3.1.9-r3
dev-util/cmake:           2.8.12.2
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.11.8
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.9.6-r3, 1.10.3, 1.11.6, 1.12.6, 1.14
sys-devel/binutils:       2.23.2
sys-devel/gcc:            4.8.2
sys-devel/gcc-config:     1.8
sys-devel/libtool:        2.4.2
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.9 (virtual/os-headers)
sys-libs/glibc:           2.18-r1
Comment 1 Andrew John Hughes 2014-03-14 22:30:43 UTC 
Created attachment 372682 [details, diff]
Patch to ebuild
Comment 2 Magnus Granberg gentoo-dev 2015-07-04 14:36:33 UTC 
Do it realy need pax mark E or can it be fixed like in the gnu-stack doc?