-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/07/2011 10:48 PM, Kevin Kofler wrote:
Adam Williamson wrote:
It seems like a similar bug has come up before in clamav:
This issue affects many JITs. The WebKit JIT is affected too. Actually, the execmem boolean has been enabled by default for a while, did it get disabled again in F17? We had been disabling the QtWebKit JIT, but we reenabled it when we found out execmem got enabled by default. More and more things in Fedora use JITs (see also Orc etc.), and those JITs all tend to require execmem, with upstreams showing little to no interest in changing them not to. (There is a way, but 1. it's complicated and 2. it hurts performance.)
Kevin Kofler
Any time I go into a rawhide I enable the tightest controls. Then relax them as we get closer to Beta. I am thinking of dropping execmem protection from user apps altogether as I see almost all applications that a user relies on needing execmem. The attached regular expressions match all of the executables that we are currently marking as needing execmem protection.
/usr/(.*/)?bin/java.* /opt/(.*/)?bin/java[^/]* /usr/lib(.*/)?bin/java[^/]* /opt/ibm(/.*)?/eclipse/plugins(/.*)? /opt/real/(.*/)?realplay.bin /opt/Adobe.*AIR/.*/Resources/Adobe.AIR.Updater /opt/Adobe.*AIR/.*/Resources/Adobe.AIR.Application /opt/matlab.*/bin.*/MATLAB.* /opt/MATLAB.*/bin.*/MATLAB.* /usr/matlab.*/bin.*/MATLAB.* /usr/Aptana[^/]*/AptanaStudio /usr/bin/mono.* /usr/lib/ghc-[^/]+/ghc.* /opt/ibm/java.*/(bin|javaws)(/.*)? /usr/sbin/VBox.* /usr/lib/opera(/.*)?/opera /usr/lib/opera(/.*)?/works /usr/lib/gimp/[^/]+/plug-ins/help-browser /usr/bin/haddock.* /usr/bin/octave-[^/]* /usr/libexec/gcc(/.*)?/gnat1 /usr/libexec/ghc-[^/]+/.*bin /usr/libexec/ghc-[^/]+/ghc.* /usr/java/eclipse[^/]*/eclipse /usr/lib/jvm/java(.*/)bin(/.*)? /opt/local/matlab.*/bin.*/MATLAB.* /opt/local/MATLAB.*/bin.*/MATLAB.* /usr/local/matlab.*/bin.*/MATLAB.* /usr/lib/wingide-[^/]+/bin/PyCore/python /usr/lib/erlang/erts-[^/]+/bin/beam.smp /usr/lib/thunderbird-[^/]+/thunderbird-bin /usr/local/Wolfram/Mathematica(/.*)?MathKernel /opt/ibm/lotus/Symphony/framework/rcp/eclipse/plugins(/.*)? /usr/bin/gij /usr/bin/sbcl /usr/bin/darcs /usr/bin/skype /usr/bin/frysk /usr/bin/grmic /usr/bin/dosbox /usr/bin/runghc /usr/bin/gnatls /usr/bin/fastjar /usr/bin/hasktags /usr/bin/valgrind /usr/bin/gkeytool /usr/bin/gnatbind /usr/bin/gnatmake /usr/bin/aticonfig /usr/bin/runhaskell /usr/bin/gcj-dbtool /usr/bin/gjarsigner /usr/bin/jv-convert /usr/lib/R/bin/exec/R /usr/bin/grmiregistry /usr/bin/gappletviewer /usr/bin/plasma-desktop /usr/lib/eclipse/eclipse /usr/sbin/vboxadd-service /opt/google/chrome/chrome /usr/lib/ia32el/ia32x_loader /usr/lib/virtualbox/VirtualBox /opt/likewise/bin/domainjoin-cli /opt/google/chrome/google-chrome /opt/real/RealPlayer/realplay.bin /usr/local/RealPlayer/realplay.bin /opt/secondlife-install/bin/SLPlugin /opt/Komodo-Edit-5/lib/mozilla/komodo-bin /usr/lib/chromium-browser/chromium-browser /opt/Adobe/Reader9/Reader/intellinux/bin/acroread