92921 – Baselayout-1.11.12 incorrectly mounts /dev noexec

Bug 92921 - Baselayout-1.11.12 incorrectly mounts /dev noexec

Summary: Baselayout-1.11.12 incorrectly mounts /dev noexec

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] baselayout (show other bugs)
Hardware:	x86 Linux

Importance:	High critical
Assignee:	Gentoo's Team for Core System packages

URL:
Whiteboard:
Keywords:

Duplicates (6):	92856 92905 92928 92975 93050 93064 (view as bug list)
Depends on:
Blocks:

Reported:	2005-05-17 07:14 UTC by Lachlan Pease
Modified:	2012-03-07 18:31 UTC (History)
CC List:	10 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lachlan Pease 2005-05-17 07:14:56 UTC

As of baselayout-1.11.12, /sbin/rc mounts the /dev filesystem as noexec (see
line 263).
This breaks several programs (known to happen with X, suspected to also happen
with certain video players), in particular ones that need access to the BIOS of
Video BIOS - by mounting /dev as noexec, /dev/mem can not be mmap'ed with exec,
which causes any programs that try to, for example, access the video bios to fail.

This problem is resolved easily by removing noexec from the mount options on the
aforementioned line.

Reproducible: Always
Steps to Reproduce:
1. Emerge baselayout-1.11.12
2. Reboot
3. Attempt to start X

Actual Results:  
X refused to start, complaining about not being able to read the SYSTEM_BIOS

Expected Results:  
X should have started normally.

Comment 1 Lachlan Pease 2005-05-17 07:26:25 UTC

Followup:
After more careful searching, the following bug seems to address the same
(though without a fix):
92856

Comment 2 SpanKY gentoo-dev

2005-05-17 15:11:59 UTC

*** Bug 92856 has been marked as a duplicate of this bug. ***

Comment 3 SpanKY gentoo-dev

2005-05-17 15:12:06 UTC

*** Bug 92928 has been marked as a duplicate of this bug. ***

Comment 4 SpanKY gentoo-dev

2005-05-17 15:19:33 UTC

thanks Lachlan for the research & fix ... this bug left me scratching my head ;)

added baselayout-1.11.12-r1

--- sbin/rc
+++ sbin/rc
@@ -260,7 +260,8 @@
     else
         mntcmd="ramfs"
     fi
-    try mount -n -t ${mntcmd} udev /dev -o noexec,nosuid,mode=0755
+    # many video drivers require exec access in /dev #92921
+    try mount -n -t ${mntcmd} udev /dev -o exec,nosuid,mode=0755
 fi
 eend $?

Comment 5 SpanKY gentoo-dev

2005-05-17 15:26:57 UTC

*** Bug 92905 has been marked as a duplicate of this bug. ***

Comment 6 SpanKY gentoo-dev

2005-05-17 15:27:10 UTC

*** Bug 92975 has been marked as a duplicate of this bug. ***

Comment 7 SpanKY gentoo-dev

2005-05-18 05:27:59 UTC

*** Bug 93050 has been marked as a duplicate of this bug. ***

Comment 8 Luca Barbato gentoo-dev

2005-05-18 16:53:23 UTC

*** Bug 93064 has been marked as a duplicate of this bug. ***

Comment 9 PaX Team 2006-04-25 02:17:48 UTC

sorry for chiming in this late, but i just ran across this noexec /dev issue, as in, it works here and i'd like to know if it's still a problem with current X.org X-7.x or not. in case there're particular drivers that still want (and actually need) to mmap /dev/mem with PROT_EXEC, i'd like to know about them.

Comment 10 Maxim Kammerer 2012-03-07 18:31:06 UTC

(In reply to comment #9)
> sorry for chiming in this late, but i just ran across this noexec /dev
> issue, as in, it works here and i'd like to know if it's still a problem
> with current X.org X-7.x or not. in case there're particular drivers that
> still want (and actually need) to mmap /dev/mem with PROT_EXEC, i'd like to
> know about them.

Hi, what is the current status of this issue? Does GRKERNSEC_KMEM still allow mapping /dev/mem with PROT_EXEC? Thanks.