Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 346255 - net-irc/quassel-0.7.1: crashes without 'paxctl -m /usr/bin/quasselcore'
Summary: net-irc/quassel-0.7.1: crashes without 'paxctl -m /usr/bin/quasselcore'
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Tomáš Chvátal (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-11-21 04:45 UTC by Nikoli
Modified: 2011-11-04 15:44 UTC (History)
7 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
workaround (quassel-0.7.1.ebuild_pax.diff,688 bytes, text/plain)
2010-11-21 18:34 UTC, Nikoli
Details
emerge --info (emerge.info,4.72 KB, text/plain)
2011-04-26 17:23 UTC, Toffanin
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Nikoli 2010-11-21 04:45:23 UTC
grsec: From 192.168.1.2: denied RWX mmap of <anonymous mapping> by /usr/bin/quasselcore[quasselcore:9984] uid/euid:1023/1023 gid/egid:1023/1023, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: From 192.168.1.2: Segmentation fault occurred at bbadbeef in /usr/bin/quasselcore[quasselcore:9984] uid/euid:1023/1023 gid/egid:1023/1023, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

kernel: sys-kernel/hardened-sources-2.6.32-r22
With 'PaX flags: -----m-x-e-- [/usr/bin/quasselcore]' works fine.
Comment 1 Agostino Sarubbo gentoo-dev 2010-11-21 13:11:32 UTC
Please add also your emerge --info
Comment 2 Nikoli 2010-11-21 17:13:43 UTC
Portage 2.1.8.3 (hardened/linux/x86, gcc-4.4.4, glibc-2.11.2-r3, 2.6.32-hardened-r22 i686)
=================================================================
                        System Settings
=================================================================
Timestamp of tree: Sun, 21 Nov 2010 14:45:02 +0000
app-shells/bash:     4.1_p7
dev-lang/python:     2.6.5-r3
sys-apps/baselayout: 2.0.1-r1
sys-apps/openrc:     0.6.4
sys-apps/sandbox:    2.3-r1
sys-devel/autoconf:  2.65-r1
sys-devel/automake:  1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.4.4-r2
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.10
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/openvpn/easy-rsa /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/eselect/postgresql /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe -fomit-frame-pointer"
FEATURES="assume-digests distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict test unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
GENTOO_MIRRORS="http://mirror.yandex.ru/gentoo-distfiles/"
LANG="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="ru en"
MAKEOPTS="-j2"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTDIR="/usr/portage"
=================================================================
                        Package Settings
=================================================================

net-irc/quassel-0.7.1 was built with the following:
USE="crypt server ssl test -X (-ayatana) -dbus -debug -kde -monolithic -phonon -postgres -webkit"
Comment 3 Nikoli 2010-11-21 18:34:36 UTC
Created attachment 255049 [details]
workaround

Did not test GUI (client or mono).
Comment 4 Anthony Basile gentoo-dev 2011-01-15 15:29:43 UTC
(In reply to comment #3)
> Created an attachment (id=255049) [details]
> workaround
> 
> Did not test GUI (client or mono).
> 

I tested this and cannot confirm the bug:

1) On a 64-bit system running PaX, I build quassel with all USE flags on and it worked.

2_ On a 32-bit system running PaX, I just build quasselcore (USE="crypt server ssl") and the core just worked.
Comment 5 Magnus Granberg gentoo-dev 2011-01-15 16:19:52 UTC
A trace log or a bt log from gdb would be good.
Comment 6 Francisco Blas Izquierdo Riera gentoo-dev 2011-01-15 19:01:40 UTC
[19:57] <chiiph> klondike_: (I may be out of place but...) iirc, jit is enabled by default if no jit useflag is there... we had the same problem with amarok...
[19:57] <klondike_> Cool
[19:57] <klondike_> so we may have JIT even if we don't want it
[19:58] <chiiph> and since quassel depends on qt-webkit, for sure it'll try to use jit for javascript...
[19:58] <chiiph> yep, that's why we added the useflag...

So can you try with a more recent version of the qt libraries which has JIT disabled?
Comment 7 Francisco Blas Izquierdo Riera gentoo-dev 2011-01-15 19:03:38 UTC
Forgot to link the bug chiiph refered me to: https://bugs.gentoo.org/345407
Comment 8 Dane Smith (RETIRED) gentoo-dev 2011-04-26 16:33:42 UTC
For what it's worth, I ran into just this issue with 0.7.2. paxctl -m `which quasselcore` fixed the issue.

I can try it with the newer qt-* packages with -jit if needed.
Comment 9 Toffanin 2011-04-26 17:21:11 UTC
same problem here with

net-irc/quassel-0.7.2  USE="crypt postgres server ssl"

on a 32bit hardened profile:

Apr 23 19:10:13 mail kernel: grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/quasselcore[quasselcore:4992] uid/euid:108/108 gid/egid:122/122, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Apr 23 19:10:13 mail kernel: grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/quasselcore[quasselcore:4991] uid/euid:108/108 gid/egid:122/122, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Apr 23 19:10:13 mail kernel: grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/quasselcore[quasselcore:4993] uid/euid:108/108 gid/egid:122/122, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Apr 23 19:10:13 mail kernel: grsec: Segmentation fault occurred at bbadbeef in /usr/bin/quasselcore[quasselcore:4993] uid/euid:108/108 gid/egid:122/122, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Apr 23 19:10:13 mail kernel: grsec: Segmentation fault occurred at bbadbeef in /usr/bin/quasselcore[quasselcore:4991] uid/euid:108/108 gid/egid:122/122, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Apr 23 19:10:13 mail kernel: grsec: more alerts, logging disabled for 10 secondsApr 23 19:24:05 mail kernel: grsec: denied RWX mmap of <anonymous mapping> by /usr/sbin/clamd[clamd:4412] uid/euid:210/210 gid/egid:210/210, p
arent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0Apr 23 20:00:21 mail kernel: grsec: From 2.36.79.189: denied RWX mmap of <anonymous mapping> by /usr/bin/quasselcore[quasselcore:19643] uid/eu
id:108/108 gid/egid:122/122, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0Apr 23 20:00:21 mail kernel: grsec: From 2.36.79.189: Segmentation fault occurred at bbadbeef in /usr/bin/quasselcore[quasselcore:19643] uid/e
uid:108/108 gid/egid:122/122, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0Apr 23 20:00:21 mail kernel: grsec: From 2.36.79.189: Segmentation fault occurred at 00000001 in /usr/bin/quasselcore[quasselcore:19642] uid/e
uid:108/108 gid/egid:122/122, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0Apr 23 20:00:23 mail kernel: grsec: From 2.36.79.189: denied RWX mmap of <anonymous mapping> by /usr/bin/quasselcore[quasselcore:19718] uid/eu
id:108/108 gid/egid:122/122, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0Apr 23 20:00:23 mail kernel: grsec: From 2.36.79.189: Segmentation fault occurred at bbadbeef in /usr/bin/quasselcore[quasselcore:19718] uid/e
uid:108/108 gid/egid:122/122, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0Apr 23 20:00:23 mail kernel: grsec: more alerts, logging disabled for 10 seconds

"paxctl -m" didn't fix the issue this time, quassel freeze after the init daemon is started, so I reverted back to the previous release (which however requires a "paxctl -m" exception to work, as reported by the original poster).
Comment 10 Toffanin 2011-04-26 17:23:50 UTC
Created attachment 271249 [details]
emerge --info

my system info
Comment 11 Robert Piasek (RETIRED) gentoo-dev 2011-07-22 14:00:52 UTC
I was just hit with this bug as well. In my case quassel generated nice backtrace:

Quassel IRC: 0.7.2 f93ace091283b6137ed5351ac2e8e8d8edb53b63
#  0 quasselcore          0x00000d21673d8cb9 Quassel::logBacktrace(QString const&)
#  1 quasselcore          0x00000d21673bc48f Quassel::handleSignal(int)
#  2 libc.so.6            0x00006bc60b094680 0x0000000000000000
#  3 libQtScript.so.4     0x00006bc60c15dbc4 0x0000000000000000
#  4 libQtScript.so.4     0x00006bc60c1eb808 0x0000000000000000
#  5 libQtScript.so.4     0x00006bc60c1ebfac 0x0000000000000000
#  6 libQtScript.so.4     0x00006bc60c284717 0x0000000000000000
#  7 libQtScript.so.4     0x00006bc60c2855de QScriptEngine::QScriptEngine(QObject*)
#  8 quasselcore          0x00000d21673227eb CoreSession::CoreSession(UserId, bool, QObject*)
#  9 quasselcore          0x00000d21672e7f3d SessionThread::run()
# 10 libQtCore.so.4       0x00006bc60c948255 0x0000000000000000
# 11 libpthread.so.0      0x00006bc60a712c1a 0x0000000000000000
# 12 libc.so.6            0x00006bc60b13959d clone


paxctl -m /usr/bin/quasselcore fixed it for me. It's on hardened profile.
Comment 12 Tomáš Chvátal (RETIRED) gentoo-dev 2011-07-22 22:17:07 UTC
@Robert:
could you commit it if it fixes the issue for ya (and close this buggie)?
Comment 13 Robert Piasek (RETIRED) gentoo-dev 2011-11-04 15:44:10 UTC
Ok I've now added
paxctl -m /usr/bin/quasselcore
to an ebuild. That should fix this issue.