Bug 515208

Summary:	games-strategy/ufo-ai-2.4: needs paxmarking -m
Product:	Gentoo Linux	Reporter:	Alex Efros <powerman-asdf>
Component:	Hardened	Assignee:	Gentoo Games <games>
Status:	RESOLVED WONTFIX
Severity:	normal	CC:	alexander, hardened
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Alex Efros 2014-06-26 14:51:07 UTC

Please add "paxmark m /usr/bin/ufo" into ebuild for hardened.

$ ufo
---- endianness initialization -----
...
R_LoadProgram: 'simple_glow' loaded.
]LLVM ERROR: Allocation failed when allocating new memory in the JIT
Can't allocate RWX Memory: ???????? ?? ?????????

kern.alert: grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/ufo[ufo:31999] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:2195] uid/euid:1000/1000 gid/egid:1000/1000

Comment 1 Anthony Basile gentoo-dev

2014-10-17 19:04:42 UTC

@games: you can add `pax=mark m usr/bin/ufo` after `dobin ufo || die`

Comment 2 Alexander Tsoy 2014-10-21 12:32:12 UTC

(In reply to Alex Efros from comment #0)

> R_LoadProgram: 'simple_glow' loaded.
> ]LLVM ERROR: Allocation failed when allocating new memory in the JIT
> Can't allocate RWX Memory: ???????? ?? ?????????

Is this caused by a gallium-based video driver? Do we pax-mark binaries in such case?

Comment 3 Mr. Bones. (RETIRED) gentoo-dev

2015-05-28 16:47:58 UTC

Anyone from hardened able to answer the question about gallium-based video drivers?

Comment 4 Mr. Bones. (RETIRED) gentoo-dev

2015-06-04 03:32:23 UTC

After taking to the hardened team I'm marking this bug as WONTFIX since apparently only some video cards needs the pax marking and it's expected that if you're using a hardened system that you'll know what you're doing enough to do any necessary marking yourself.