[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Packages crashing on -current
mprotect (and ASLR) are security measures that not all pkgsrc packages
can survive, so some packages had NOT_PAX_MPROTECT_SAFE set for some
binaries, to disable it.
However the condition for using NOT_PAX_MPROTECT_SAFE was incorrectly
only done for NetBSD/amd64.
The outcome should've been things like (only on -current, stable is
unaffected as it doesn't have pax mprotect enabled):
- Firefox crashes
- Libreoffice segfaults during build
You can test if mprotect is disabled e.g. for firefox using file:
> file /usr/pkg/lib/firefox/firefox
/usr/pkg/lib/firefox/firefox: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /usr/libexec/ld.elf_so, for NetBSD 7.99.65, PaX: -mprotect, BuildID[sha1]=577897fd2966e904de0c47df56c5af86b3d9312b, stripped
Noteworthy part: PaX: -mprotect
Newly built packages will disable it on a per-file basis (now not only
on amd64), but unfortunately there are many files to adjust.
If you just want it fixed now, a quick workaround is disabling mprotect
# sysctl -w security.pax.mprotect.enabled=0
You can disable it on a per-file basis, which is what all new packages
will do now, using:
# paxctl +m /path/to/binary
Main Index |
Thread Index |