Packages crashing on -current

To: current-users%netbsd.org@localhost
Subject: Packages crashing on -current
From: coypu%sdf.org@localhost
Date: Fri, 21 Apr 2017 16:34:33 +0000

Hi,

mprotect (and ASLR) are security measures that not all pkgsrc packages
can survive, so some packages had NOT_PAX_MPROTECT_SAFE set for some
binaries, to disable it.

However the condition for using NOT_PAX_MPROTECT_SAFE was incorrectly
only done for NetBSD/amd64.

The outcome should've been things like (only on -current, stable is
unaffected as it doesn't have pax mprotect enabled):
- Firefox crashes
- Libreoffice segfaults during build
etc.

You can test if mprotect is disabled e.g. for firefox using file:
> file /usr/pkg/lib/firefox/firefox
/usr/pkg/lib/firefox/firefox: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /usr/libexec/ld.elf_so, for NetBSD 7.99.65, PaX: -mprotect, BuildID[sha1]=577897fd2966e904de0c47df56c5af86b3d9312b, stripped

Noteworthy part: PaX: -mprotect

Newly built packages will disable it on a per-file basis (now not only
on amd64), but unfortunately there are many files to adjust.
If you just want it fixed now, a quick workaround is disabling mprotect
globally:
  # sysctl -w security.pax.mprotect.enabled=0

You can disable it on a per-file basis, which is what all new packages
will do now, using:
  # paxctl +m /path/to/binary

Follow-Ups:
- Re: Packages crashing on -current
  - From: Michael

Prev by Date: Automated report: NetBSD-current/i386 build success
Next by Date: wd* at umass? owners wanted for testing
Previous by Thread: UVM: pid 2158.1 (Xorg), uid 0 killed: out of swap
Next by Thread: Re: Packages crashing on -current
Indexes:

Home | Main Index | Thread Index | Old Index