https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210830 describes an issue where mono crashes on startup with later kernels that have exec-shield enabled. I don't see this on my Core Duo machine, so I don't know exactly what machines see this. Anyone else see this?
Mono does use mprotect to make the heap pages executable. Is there something in exec-shield prohibiting this for some machines? If so, is there a way to disable this for the mono binary?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Alexander Larsson Red Hat, Inc alexl@redhat.com alla@lysator.liu.se He's a benighted zombie gentleman spy on a search for his missing sister. She's an artistic streetsmart detective from out of town. They fight crime!
On Thu, 2006-10-19 at 11:12 +0200, Alexander Larsson wrote:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210830 describes an issue where mono crashes on startup with later kernels that have exec-shield enabled. I don't see this on my Core Duo machine, so I don't know exactly what machines see this. Anyone else see this?
Mono does use mprotect to make the heap pages executable. Is there something in exec-shield prohibiting this for some machines? If so, is there a way to disable this for the mono binary?
Are you running with SELinux enabled? Policy can disallow this outright... Although at first glance it looks like policy currently allows execheap and execmem (but not execstack) for mono.
On Thu, 2006-10-19 at 10:32 -0400, Peter Jones wrote:
On Thu, 2006-10-19 at 11:12 +0200, Alexander Larsson wrote:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210830 describes an issue where mono crashes on startup with later kernels that have exec-shield enabled. I don't see this on my Core Duo machine, so I don't know exactly what machines see this. Anyone else see this?
Mono does use mprotect to make the heap pages executable. Is there something in exec-shield prohibiting this for some machines? If so, is there a way to disable this for the mono binary?
Are you running with SELinux enabled? Policy can disallow this outright... Although at first glance it looks like policy currently allows execheap and execmem (but not execstack) for mono.
Yes, selinux is enabled.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Alexander Larsson Red Hat, Inc alexl@redhat.com alla@lysator.liu.se He's a lounge-singing arachnophobic cop who must take medication to keep him sane. She's a wealthy red-headed college professor from a different time and place. They fight crime!
tor, 19 10 2006 kl. 11:12 +0200, skrev Alexander Larsson:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210830 describes an issue where mono crashes on startup with later kernels that have exec-shield enabled. I don't see this on my Core Duo machine, so I don't know exactly what machines see this. Anyone else see this?
Mono does use mprotect to make the heap pages executable. Is there something in exec-shield prohibiting this for some machines? If so, is there a way to disable this for the mono binary?
All my Mono applications run just fine on my AMD64 X2 with SELinux enabled and what other security features come default with FC6, I can't say I've seen this bug. Most of my frequently used applications run using mono so I guess I would have complained loudly if they crashed on startup.
- David Nielsen
On Thu, 2006-10-19 at 17:16 +0200, David Nielsen wrote:
tor, 19 10 2006 kl. 11:12 +0200, skrev Alexander Larsson:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210830 describes an issue where mono crashes on startup with later kernels that have exec-shield enabled. I don't see this on my Core Duo machine, so I don't know exactly what machines see this. Anyone else see this?
Mono does use mprotect to make the heap pages executable. Is there something in exec-shield prohibiting this for some machines? If so, is there a way to disable this for the mono binary?
All my Mono applications run just fine on my AMD64 X2 with SELinux enabled and what other security features come default with FC6, I can't say I've seen this bug. Most of my frequently used applications run using mono so I guess I would have complained loudly if they crashed on startup.
Further information from the reporter seems to say that it only affects xen kernels (dom0), on all cpu:s but opterons. Very strange stuff.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Alexander Larsson Red Hat, Inc alexl@redhat.com alla@lysator.liu.se He's a suave guerilla ex-con who dotes on his loving old ma. She's a strong-willed communist schoolgirl from a family of eight older brothers. They fight crime!
On Thu, 2006-10-19 at 12:37 -0400, Bill Nottingham wrote:
Alexander Larsson (alexl@redhat.com) said:
Further information from the reporter seems to say that it only affects xen kernels (dom0), on all cpu:s but opterons. Very strange stuff.
... including x64? Or is it just on 32-bit?
From the bug:
Opteron box, x86_64 kernel 2.6.18-2798, x86_64 mono 1.1.17-3: works Opteron box, x86_64 kernel 2.6.18-2798xen, x86_64 mono 1.1.17-3: works Opteron box, i686 kernel 2.6.18-2798, i686 mono 1.1.17-3: works Opteron box, i686 kernel 2.6.18-2798xen, i686 mono 1.1.17-3: works EM64T box, x86_64 kernel 2.6.18-2798, x86_64 mono 1.1.17-3: works EM64T box, x86_64 kernel 2.6.18-2798xen, x86_64 mono 1.1.17-3: works EM64T box, i686 kernel 2.6.18-2798, i686 mono 1.1.17-3: works EM64T box, i686 kernel 2.6.18-2798xen, i686 mono 1.1.17-3: SEGFAULT Athlon box, i686 kernel 2.6.18-2798xen, i686 mono 1.1.17-3: SEGFAULT Pentium 4 box, i686 kernel 2.6.18-2798xen, i686 mono 1.1.17-3: SEGFAULT
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Alexander Larsson Red Hat, Inc alexl@redhat.com alla@lysator.liu.se He's a scarfaced gay cowboy She's a scantily clad belly-dancing femme fatale fleeing from a Satanic cult. They fight crime!
On Fri, Oct 20, 2006 at 09:49:09AM +0200, Alexander Larsson wrote:
On Thu, 2006-10-19 at 12:37 -0400, Bill Nottingham wrote:
Alexander Larsson (alexl@redhat.com) said:
Further information from the reporter seems to say that it only affects xen kernels (dom0), on all cpu:s but opterons. Very strange stuff.
... including x64? Or is it just on 32-bit?
From the bug:
Opteron box, x86_64 kernel 2.6.18-2798, x86_64 mono 1.1.17-3: works Opteron box, x86_64 kernel 2.6.18-2798xen, x86_64 mono 1.1.17-3: works Opteron box, i686 kernel 2.6.18-2798, i686 mono 1.1.17-3: works Opteron box, i686 kernel 2.6.18-2798xen, i686 mono 1.1.17-3: works EM64T box, x86_64 kernel 2.6.18-2798, x86_64 mono 1.1.17-3: works EM64T box, x86_64 kernel 2.6.18-2798xen, x86_64 mono 1.1.17-3: works EM64T box, i686 kernel 2.6.18-2798, i686 mono 1.1.17-3: works EM64T box, i686 kernel 2.6.18-2798xen, i686 mono 1.1.17-3: SEGFAULT Athlon box, i686 kernel 2.6.18-2798xen, i686 mono 1.1.17-3: SEGFAULT Pentium 4 box, i686 kernel 2.6.18-2798xen, i686 mono 1.1.17-3: SEGFAULT
Sounds more like a Xen bug than an execshield bug. File a bz against kernel-xen.
Dave
On Thu, 2006-10-19 at 11:12 +0200, Alexander Larsson wrote:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210830 describes an issue where mono crashes on startup with later kernels that have exec-shield enabled. I don't see this on my Core Duo machine, so I don't know exactly what machines see this. Anyone else see this?
Mono does use mprotect to make the heap pages executable. Is there something in exec-shield prohibiting this for some machines? If so, is there a way to disable this for the mono binary?
selinux doesn't allow memory to be both executable and writable... it's not execshield
(And to be honest, D and I cache coherency on some architectures doesn't allow that either)