Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 461668 - net-im/skype- masked on hardened
Summary: net-im/skype- masked on hardened
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Eclasses (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: The Gentoo Linux Hardened Team
Depends on: 427888
  Show dependency tree
Reported: 2013-03-13 21:16 UTC by Märt Bakhoff
Modified: 2014-08-30 13:00 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Märt Bakhoff 2013-03-13 21:16:39 UTC
Once upon a time skype made it impossible to paxmark skype's executable by doing integrity checks on startup. Without pax marking skype got killed by mprotect and skype was masked on hardened. 

At about June 2012 CONFIG_PAX_XATTR_PAX_FLAGS was introduced in pax kernels. That option would allow skype to be paxmarked using filesystem xattrs without modifying the executable. Since then paxmarking skype is possible and version (and earlier) works fine with gentoo hardened. 

Unmask skype on hardened?

Reproducible: Always

Steps to Reproduce:
1. build hardened kernel with CONFIG_PAX_XATTR_PAX_FLAGS
2. successfully paxmark skype executable
3. successfully run skype
Comment 1 Francisco Blas Izquierdo Riera gentoo-dev 2013-03-14 15:42:37 UTC
Work is ongoing to finally get Xattr base markings and blueness is working on a eclass that can be used afterwards. Until then the mask should stay.
Comment 2 Alexander Tsoy 2013-03-14 15:47:48 UTC
Skype works fine with PT_PAX markings so I don't understand why this depends on bug 427888
Comment 3 Francisco Blas Izquierdo Riera gentoo-dev 2013-03-14 16:31:22 UTC
Because that's not the case for the older versions which are also on the tree.
Comment 4 J. Roeleveld 2014-08-27 05:32:43 UTC
I believe this bug can be closed as it's for an older version.
Additionally, Skype versions before 4.3 can no longer connect.
(I received the email about this in Dutch, please let me know if you want a copy)
Comment 5 Alex 2014-08-29 16:26:30 UTC
But skype- ebuild is still masked on hardened.
It works fine though, if you put PAX_MARKINGS="XT".

As older skype version can not connect, this is the only way I found to make skype work with hardened kernel.