Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 92921

Summary: Baselayout-1.11.12 incorrectly mounts /dev noexec
Product: Gentoo Linux Reporter: Lachlan Pease <predatory.kangaroo>
Component: [OLD] baselayoutAssignee: Gentoo's Team for Core System packages <base-system>
Status: RESOLVED FIXED    
Severity: critical CC: christoph.gysin, iyosifov, jemelton, krueger, matteo-ml, mk, mkashouty, pageexec, sebastian, tdi
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Lachlan Pease 2005-05-17 07:14:56 UTC 
As of baselayout-1.11.12, /sbin/rc mounts the /dev filesystem as noexec (see
line 263).
This breaks several programs (known to happen with X, suspected to also happen
with certain video players), in particular ones that need access to the BIOS of
Video BIOS - by mounting /dev as noexec, /dev/mem can not be mmap'ed with exec,
which causes any programs that try to, for example, access the video bios to fail.

This problem is resolved easily by removing noexec from the mount options on the
aforementioned line.

Reproducible: Always
Steps to Reproduce:
1. Emerge baselayout-1.11.12
2. Reboot
3. Attempt to start X

Actual Results:  
X refused to start, complaining about not being able to read the SYSTEM_BIOS

Expected Results:  
X should have started normally.
Comment 1 Lachlan Pease 2005-05-17 07:26:25 UTC 
Followup:
After more careful searching, the following bug seems to address the same
(though without a fix):
92856
Comment 2 SpanKY gentoo-dev 2005-05-17 15:11:59 UTC 
*** Bug 92856 has been marked as a duplicate of this bug. ***
Comment 3 SpanKY gentoo-dev 2005-05-17 15:12:06 UTC 
*** Bug 92928 has been marked as a duplicate of this bug. ***
Comment 4 SpanKY gentoo-dev 2005-05-17 15:19:33 UTC 
thanks Lachlan for the research & fix ... this bug left me scratching my head ;)

added baselayout-1.11.12-r1

--- sbin/rc
+++ sbin/rc
@@ -260,7 +260,8 @@
     else
         mntcmd="ramfs"
     fi
-    try mount -n -t ${mntcmd} udev /dev -o noexec,nosuid,mode=0755
+    # many video drivers require exec access in /dev #92921
+    try mount -n -t ${mntcmd} udev /dev -o exec,nosuid,mode=0755
 fi
 eend $?
Comment 5 SpanKY gentoo-dev 2005-05-17 15:26:57 UTC 
*** Bug 92905 has been marked as a duplicate of this bug. ***
Comment 6 SpanKY gentoo-dev 2005-05-17 15:27:10 UTC 
*** Bug 92975 has been marked as a duplicate of this bug. ***
Comment 7 SpanKY gentoo-dev 2005-05-18 05:27:59 UTC 
*** Bug 93050 has been marked as a duplicate of this bug. ***
Comment 8 Luca Barbato gentoo-dev 2005-05-18 16:53:23 UTC 
*** Bug 93064 has been marked as a duplicate of this bug. ***
Comment 9 PaX Team 2006-04-25 02:17:48 UTC 
sorry for chiming in this late, but i just ran across this noexec /dev issue, as in, it works here and i'd like to know if it's still a problem with current X.org X-7.x or not. in case there're particular drivers that still want (and actually need) to mmap /dev/mem with PROT_EXEC, i'd like to know about them.
Comment 10 Maxim Kammerer 2012-03-07 18:31:06 UTC 
(In reply to comment #9)
> sorry for chiming in this late, but i just ran across this noexec /dev
> issue, as in, it works here and i'd like to know if it's still a problem
> with current X.org X-7.x or not. in case there're particular drivers that
> still want (and actually need) to mmap /dev/mem with PROT_EXEC, i'd like to
> know about them.

Hi, what is the current status of this issue? Does GRKERNSEC_KMEM still allow mapping /dev/mem with PROT_EXEC? Thanks.