Summary: | dev-lang/ruby and dev-ruby/ffi support for Hardened Gentoo | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Hans de Graaff <graaff> |
Component: | Current packages | Assignee: | Gentoo Ruby Team <ruby> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | hardened, kingjon3377 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | dev-ruby/ffi patch |
Description
Hans de Graaff
2016-09-11 08:55:46 UTC
The current, unpatched, situation is that using FFI code causes a segmentation fault (actually a RuntimeError in ruby), due to the ruby ffi code calling mprotect with PROT_EXEC. I have created a patch for this based on what is done with cffi. cffi only calls mmap, and here PROT_EXEC is set with mprotect, so the situation is not indentical, so my lack of grsecurity and memory allocation may be showing :-) This patch leads to dmesg logs from grsecurity: execution attempt in: <anonymous mapping>, 35f244e2000-35f244e3000 35f244e2000 Created attachment 445462 [details]
dev-ruby/ffi patch
(In reply to Magnus Granberg from comment #3) > https://github.com/ffi/ffi/pull/540 This pull request has been applied in dev-ruby/ffi-1.9.22 |