| Summary: | kde-plasma/kwin stack smashing | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Martin Bednar <martin> |
| Component: | Hardened | Assignee: | Gentoo KDE team <kde> |
| Status: | RESOLVED NEEDINFO | ||
| Severity: | normal | CC: | hardened, holgersson, martin, selinux |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Martin Bednar
2017-02-18 12:16:32 UTC
Worked around : kwin (like all graphic applications) needs access to /sys/dev/char/226:0/device/uevent, which is incompatible with GRKERNSEC_SYSFS_RESTRICT. Disabling that option, kwin doesn't smash the stack anymore (still worth reporting upstream?). However all KDE (maybe Qt?) applications fail with: denied RWX mprotect of <anonymous mapping> by /usr/bin ksplashqml[ksplashqml:2492] uid/euid:1002/1002 gid/egid:1002/1002, parent /usr/lib64/systemd/systemd[systemd:1] uid /euid:0/0 gid/egid:0/0 Hi, I was hit by this on a non-grsec kernel (something between vanilla and gentoo-sources) and SELinux (enabled in the kernel and startet, but only running in permissive mode, i.e. logging only, but not enforcing the policies). @Martin: Do you have still run into this bug with kwin-5.12.4? Not sure what we are supposed to do here. Nils, you said it happened with SELinux, is that reproducible and still the case for 5.12.5? To debug the stack smashing detected we need the gdb trace of it. Andreas, because this bug made my SELinux setup completely unusable for me I switchted back to a non-SELinux state of my system (and upgraded since then). I thought I'd find some time last weekend for a VM, but I didn't and neither will I the next weeks. All information I can provide so far is that this bug does _not_ occur on hardened with gentoo-sources and 5.12.5 here, and it was reproduceable with SELinux on my machine, and 5.12.4. Hi, I went back to non-hardened a while back. Can't say if it has been fixed. |
