GNU bug report logs - #29940
guile-2.2.3 does not work pax mprotect

Previous Next

Package: guile;

Reported by: Thomas Klausner <tk <at> giga.or.at>

Date: Tue, 2 Jan 2018 09:11:02 UTC

Severity: normal

To reply to this bug, email your comments to 29940 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guile <at> gnu.org:
bug#29940; Package guile. (Tue, 02 Jan 2018 09:11:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Thomas Klausner <tk <at> giga.or.at>:
New bug report received and forwarded. Copy sent to bug-guile <at> gnu.org. (Tue, 02 Jan 2018 09:11:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Thomas Klausner <tk <at> giga.or.at>
To: bug-guile <at> gnu.org
Cc: Greg Troxel <gdt <at> lexort.com>
Subject: guile-2.2.3 does not work pax mprotect
Date: Tue, 2 Jan 2018 10:10:28 +0100

Hi!

guile-2.2.3 does not compile on NetBSD 8 and NetBSD-current.
During build, it writes stuff like this for basically every file:

gmake[2]: Entering directory '/scratch/lang/guile22/work/guile-2.2.3/bootstrap'
  BOOTSTRAP GUILEC ice-9/eval.go
;;; WARNING: loading compiled file /scratch/lang/guile22/work/guile-2.2.3/prebuilt/64-bit-little-endian/ice-9/eval.go failed:
;;; Throw to key system-error with args ("load-thunk-from-memory" "~A" ("Permission denied") (13))
wrote `ice-9/eval.go'

When I turn off PaX mprotect, the build succeeds.

PaX mprotect is a security feature that forbids memory pages that are
writable and executable, and some memory protection changes that would
allow this. Other programs/libraries (e.g. libffi) needed to be fixed
for this.

Can you please fix this in guile-2.2.x?
(guile-2.0.14 builds fine on such a system.)

Thanks,
 Thomas
Information forwarded to bug-guile <at> gnu.org:
bug#29940; Package guile. (Mon, 08 Jan 2018 10:43:02 GMT) Full text and rfc822 format available.

Message #8 received at 29940 <at> debbugs.gnu.org (full text, mbox):

From: Thomas Klausner <tk <at> giga.or.at>
To: 29940 <at> debbugs.gnu.org
Subject: Re: bug#29940: Acknowledgement (guile-2.2.3 does not work pax
 mprotect)
Date: Mon, 8 Jan 2018 11:42:22 +0100

[Message part 1 (text/plain, inline)]
The attached patch is a workaround: we can mark the guile binary to
not use the PAX mprotect feature using paxctl +m. On Linux, paxctl has
different flags, so I wrapped it in an "if", and it uses knowledge of
libtool internals, so it is not a good idea to integrate this patch
as-is.

Better would be of course to make guile work with PAX mprotect.
 Thomas

[patch-libguile_Makefile.in (text/plain, attachment)]
Information forwarded to bug-guile <at> gnu.org:
bug#29940; Package guile. (Mon, 08 Jan 2018 22:53:01 GMT) Full text and rfc822 format available.

Message #11 received at 29940 <at> debbugs.gnu.org (full text, mbox):

From: Thomas Klausner <tk <at> giga.or.at>
To: 29940 <at> debbugs.gnu.org
Subject: Re: bug#29940: Acknowledgement (guile-2.2.3 does not work pax
 mprotect)
Date: Mon, 8 Jan 2018 23:52:27 +0100

[Message part 1 (text/plain, inline)]
Jörg Sonnenberger just committed the attached patch to pkgsrc, which
fixes the problem for me as well, with the commit message:

"Use correct mmap permissions for later PROT_WRITE mprotect."
 Thomas

[patch-libguile_loader.c (text/plain, attachment)]
This bug report was last modified 7 years and 157 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.