[LLVMbugs] [Bug 6701] New: Doesn't work with SELinux
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Thu Mar 25 07:39:01 PDT 2010
http://llvm.org/bugs/show_bug.cgi?id=6701
Summary: Doesn't work with SELinux
Product: new-bugs
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P
Component: new bugs
AssignedTo: unassignedbugs at nondot.org
ReportedBy: edwintorok at gmail.com
CC: llvmbugs at cs.uiuc.edu
SELinux disallows both writable and executable memory.
In enforcing mode LLVM crashes when trying to write:
#
#0 0x0000003772c7b444 in memset () from /lib64/libc.so.6
#
No symbol table info available.
#
#1 0x00002af2af41e1d2 in allocateNewSlab (this=0xf339000, size=<value
optimized out>) at llvm/lib/ExecutionEngine/JIT/JITMemoryManager.cpp:624
#
ErrMsg = {static npos = 18446744073709551615,
#
_M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> =
{<No data fields>}, <No data fields>}, _M_p = 0xf358af8 '�' <repeats 200
times>...}}
#
LastSlabPtr = <value optimized out>
#
B = {Address = 0xf3390e0, Size = 255037664}
#
And in non-enforcing mode SELinux logs an audit message:
type=AVC msg=audit(1269527244.925:38384): avc: denied { execmem } for
pid=11936 comm="clamscan" scontext=user_u:system_r:clamscan_t:s0
tcontext=user_u:system_r:clamscan_t:s0 tclass=processss pid=11936
comm="clamscan" scontext=user_u:sys
Turning execmem off is not an option, but here is some information on how to
write self-modifying code with execmem:
http://people.redhat.com/drepper/selinux-mem.html
Basically you map same file twice, once as writable, once as executable.
You write JITed code to one, and execute the other.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list