On hardened system, after upgrade from 2.6.26-hardened-r9 to 2.6.27-hardened-r8, every perl script which 'use Math::Pari' will crash with segfault. Affected both latests stable (2.010709) and testing (2.010801) versions. To work around either (if you need Math::Pari): # work around 'text file busy' error: cp /usr/bin/perl5.8.8 /usr/bin/perl5.8.8.tmp paxctl -m /usr/bin/perl5.8.8.tmp mv /usr/bin/perl5.8.8.tmp /usr/bin/perl5.8.8 or (if it usage optional): # if installed from portage: emerge -C dev-perl/math-pari # if installed using cpan command: rm /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Math/Pari/Pari.so Both ways are bad - either relax PaX protection for all perl scripts or stop using Math::Pari. :( I think severity should be changed to 'critical'. P.S. The interesting question - why what happens only after kernel upgrade? Maybe that's because of some PaX improvements in 2.6.27 kernel? Reproducible: Always Steps to Reproduce: 1. emerge dev-perl/math-pari 2. perl -e 'use Math::Pari;' 3. Actual Results: Segmentation fault Portage 2.1.6.7 (hardened/x86/2.6, gcc-3.4.6, glibc-2.6.1-r0, 2.6.27-hardened-r8 i686) ================================================================= System uname: Linux-2.6.27-hardened-r8-i686-Intel-R-_Core-TM-2_CPU_6600_@_2.40GHz-with-glibc2.3.2 Timestamp of tree: Thu, 05 Mar 2009 15:30:01 +0000 app-shells/bash: 3.2_p39 dev-java/java-config: 1.3.7-r1, 2.1.6-r1 dev-lang/python: 2.5.2-r7 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=prescott -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /service /usr/inferno/keydb /usr/inferno/lib /usr/inferno/services /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/log /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=prescott -O2 -pipe" DISTDIR="/usr/portage-distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps=y" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="http://ftp.lug.ro/gentoo/ http://mirror.qubenet.net/mirror/gentoo/" LANG="ru_RU.UTF-8" LDFLAGS="" LINGUAS="en ru" MAKEOPTS="-j3" PKGDIR="/usr/portage-packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/powerman /usr/portage/local/layman/sunrise /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X Xaw3d a52 aac acpi aim alsa apache2 arts asf avi bash-completion berkdb bitmap-fonts bzip2 cdr cracklib crypt cscope curl dbus dga divx4linux dlloader dri dts dvd dvdr dvdread encode fastcgi ffmpeg flac flash gd gdbm gif gnutls gpgme gtk gtk2 hardened hddtemp icq idn imagemagick imap imlib irc jabber javascript jpeg kdeenablefinal lm_sensors lzo mad mailbox mbox midi mmx mng motif mp3 mpeg msn mysql ncurses nls nptl nptlonly ogg opengl oss pam pcre perl pic png pwdb qt quicktime rcc readline rss rtc samba sdl spell sse sse2 ssl svg sysfs tcltk tcpd tiff truetype truetype-fonts type1-fonts unicode urandom vim-pager vim-syntax vim-with-x vorbis win32codecs x86 xinetd xorg xv xvid yahoo zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES=" log_config vhost_alias autoindex alias rewrite dir deflate filter mime negotiation auth_basic authn_file authz_host authz_user authz_groupfile cgi actions headers env setenvif " ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en ru" LIRC_DEVICES="serial" USERLAND="GNU" VIDEO_CARDS="vesa fbdev nv" Unset: CPPFLAGS, CTARGET, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
This bug seems expected somewhat. pari 2.3.x does not have textrels. the math-pari depends on an older version of pari where the textrel problem has not been corrected. I don't get a crash however despite both programs containing some form of textrels. hardened / # perl -e 'use Math::Pari;' ; echo $? 0
(In reply to comment #1) > I don't get a crash however despite both programs containing some form of > textrels. That's strange. Maybe there some differences between our kernels or PaX configuration? Here is my config (PaX part): # # PaX # CONFIG_PAX=y # # PaX Control # # CONFIG_PAX_SOFTMODE is not set CONFIG_PAX_EI_PAX=y CONFIG_PAX_PT_PAX_FLAGS=y CONFIG_PAX_NO_ACL_FLAGS=y # CONFIG_PAX_HAVE_ACL_FLAGS is not set # CONFIG_PAX_HOOK_ACL_FLAGS is not set # # Non-executable pages # CONFIG_PAX_NOEXEC=y # CONFIG_PAX_PAGEEXEC is not set CONFIG_PAX_SEGMEXEC=y # CONFIG_PAX_EMUTRAMP is not set CONFIG_PAX_MPROTECT=y # CONFIG_PAX_NOELFRELOCS is not set # CONFIG_PAX_KERNEXEC is not set # # Address Space Layout Randomization # CONFIG_PAX_ASLR=y CONFIG_PAX_RANDKSTACK=y CONFIG_PAX_RANDUSTACK=y CONFIG_PAX_RANDMMAP=y # # Miscellaneous hardening features # # CONFIG_PAX_MEMORY_SANITIZE is not set CONFIG_PAX_MEMORY_UDEREF=y CONFIG_PAX_REFCOUNT=y # CONFIG_KEYS is not set CONFIG_SECURITY=y # CONFIG_SECURITY_NETWORK is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set # CONFIG_SECURITY_ROOTPLUG is not set CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0
workaround found: http://archives.gentoo.org/gentoo-hardened/msg_61d5a80966be6b6e26147443cb01e2ee.xml
Is this still a problem with =dev-perl/math-pari-2.01080601 ?
Didn't meant to close this bug.
Hmm. Looks like =dev-perl/math-pari-2.01080601 works ok. But, strange, same version or Math::Pari installed using cpan command instead of emerge still has that problem, at least 'make test' failed with these messages in log: 2009-11-11_13:37:53.65369 kern.info: perl5.8.8[3445]: segfault at 5543ced0 ip 55427623 sp 5f846c30 error 7 in ld-2.9.so[55420000+1c000] 2009-11-11_13:37:53.65380 kern.alert: grsec: signal 11 sent to /usr/bin/perl5.8.8[perl5.8.8:3445] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/prove[prove:3444] uid/euid:0/0 gid/egid:0/0
The current in tree versions of dev-perl/math-pari are 2.01080604 (stable, based on pari-2.3.4) and 2.01080604-r1 (unstable based on pari-2.3.5). None of these show any TEXTRELs or other hardened problems when compiled with gcc-4.3.4 or gcc-4.4.4-r1 under in either amd64 or x86. The kernel version should not be an issue, but I tested with hardened-sources-2.6.32-r9. Unless there is some need for older versions which solar mentions in Comment #1, there is nothing to fix.
Okay, cleaning out old bugs. This bug no longer seems relevant and there's nothing to fix. I'm closing it.
(In reply to comment #8) > Okay, cleaning out old bugs. This bug no longer seems relevant and there's > nothing to fix. I'm closing it. Sorry, but that's not true. I'm not sure what you mean as 'relevant', but bug is still here: # cpan install Math::Pari # perl -MMath::Pari -e 1 Segmentation fault # /usr/src/prelink/src/execstack -q /usr/lib/perl5/site_perl/5.12.2/i686-linux/auto/Math/Pari/Pari.so X /usr/lib/perl5/site_perl/5.12.2/i686-linux/auto/Math/Pari/Pari.so # /usr/src/prelink/src/execstack -c /usr/lib/perl5/site_perl/5.12.2/i686-linux/auto/Math/Pari/Pari.so # /usr/src/prelink/src/execstack -q /usr/lib/perl5/site_perl/5.12.2/i686-linux/auto/Math/Pari/Pari.so - /usr/lib/perl5/site_perl/5.12.2/i686-linux/auto/Math/Pari/Pari.so # perl -MMath::Pari -e 1 # As for 'nothing to fix', in maillist gentoo-hardened under subject '2.6.27-hardened-r8: assassination' people mention patch to glibc (available somewhere in glibc's bugzilla) which fixes this bug. Of course, you probably know glibc maintainer's attitude "Just use a supported kernel" - so he will not apply this patch. But Gentoo developers can add this patch to glibc ebuild. I've no idea why this doesn't happens yet (this bug kills not only Math::Pari, but also Zend, Ioncube, and maybe some other apps), maybe supporting such a patch doesn't sounds like something interesting, but it's surely doesn't same as 'nothing to fix'. So, I reopen this bug. If you wanna close it - close as WONTFIX, not CANTFIX. :)
(In reply to comment #9) > So, I reopen this bug. If you wanna close it - close as WONTFIX, not CANTFIX. > :) No no. If there's a bug there which I'm missing, I want it fix. Thanks for reopening.
(In reply to comment #6) > Hmm. Looks like =dev-perl/math-pari-2.01080601 works ok. But, strange, same > version or Math::Pari installed using cpan command instead of emerge still has > that problem (In reply to comment #9) > I'm not sure what you mean as 'relevant', but bug is still here: > > # cpan install Math::Pari Please try to reproduce with the ebuild. We have no control over the cpan install. I guess `cpan install` still fetches the older pari-2.1.7 while the ebuild uses pari-2.3.5.
(In reply to comment #11) > I guess `cpan install` still fetches the older pari-2.1.7 while the ebuild uses > pari-2.3.5. Yes, pari-2.3.5 works just fine, without needs for execstack workaround. I wonder why Mari::Pari author continue releasing two versions of Math::Pari each time - Math-Pari-2.01080604 for pari-2.1.7 and (unstable/development/alpha release) Math-Pari-2.0305_01080604a for pari-2.3.5. Probably there are some open issues with 2.3.5? Anyway, looks like this bug really can be closed. Not sure is I should open new one related to that glibc bug and Zend/Ioncube issue…
(In reply to comment #12) > (In reply to comment #11) > Anyway, looks like this bug really can be closed. Done.
