tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: PaX mprotect vs. g-ir-scanner (gjs)

Thomas Klausner <> writes:

> I've tried updating lang/gjs to the latest version, which uses
> mozjs68, the JavaScript engine from firefox68. I haved added the
> update to wip/gjs.
> This engine is not PaX mprotect safe.
> I can work around this for a test in the configure step, but in the
> build step, g-ir-scanner is run to generate the *.typelib files for
> introspection, and that tries to load the library (AFAIU), and then
> fails.
> g-ir-scanner is a Python program.
> The only workaround I can think of is marking python itself with
> 'paxctl +m'. Or, of course, fixing the JavaScript engine.

I wonder if it is possible to have some way to make a single instance of
a binary marked not for mprotect.   One kludge would be to copy the
python interpreter into the buildlink tree, paxctl it, and then run it,
instead of the one in ${PREFIX}/bin.

Home | Main Index | Thread Index | Old Index