-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/07/2011 10:48 PM, Kevin Kofler wrote:
Adam Williamson wrote:
> It seems like a similar bug has come up before in clamav:
>
>
https://bugzilla.redhat.com/show_bug.cgi?id=573191
This issue affects many JITs. The WebKit JIT is affected too.
Actually, the execmem boolean has been enabled by default for a
while, did it get disabled again in F17? We had been disabling the
QtWebKit JIT, but we reenabled it when we found out execmem got
enabled by default. More and more things in Fedora use JITs (see
also Orc etc.), and those JITs all tend to require execmem, with
upstreams showing little to no interest in changing them not to.
(There is a way, but 1. it's complicated and 2. it hurts
performance.)
Kevin Kofler
Any time I go into a rawhide I enable the tightest controls. Then
relax them as we get closer to Beta. I am thinking of dropping
execmem protection from user apps altogether as I see almost all
applications that a user relies on needing execmem. The attached
regular expressions match all of the executables that we are currently
marking as needing execmem protection.
/usr/(.*/)?bin/java.*
/opt/(.*/)?bin/java[^/]*
/usr/lib(.*/)?bin/java[^/]*
/opt/ibm(/.*)?/eclipse/plugins(/.*)?
/opt/real/(.*/)?realplay\.bin
/opt/Adobe.*AIR/.*/Resources/Adobe.AIR.Updater
/opt/Adobe.*AIR/.*/Resources/Adobe.AIR.Application
/opt/matlab.*/bin.*/MATLAB.*
/opt/MATLAB.*/bin.*/MATLAB.*
/usr/matlab.*/bin.*/MATLAB.*
/usr/Aptana[^/]*/AptanaStudio
/usr/bin/mono.*
/usr/lib/ghc-[^/]+/ghc.*
/opt/ibm/java.*/(bin|javaws)(/.*)?
/usr/sbin/VBox.*
/usr/lib/opera(/.*)?/opera
/usr/lib/opera(/.*)?/works
/usr/lib/gimp/[^/]+/plug-ins/help-browser
/usr/bin/haddock.*
/usr/bin/octave-[^/]*
/usr/libexec/gcc(/.*)?/gnat1
/usr/libexec/ghc-[^/]+/.*bin
/usr/libexec/ghc-[^/]+/ghc.*
/usr/java/eclipse[^/]*/eclipse
/usr/lib/jvm/java(.*/)bin(/.*)?
/opt/local/matlab.*/bin.*/MATLAB.*
/opt/local/MATLAB.*/bin.*/MATLAB.*
/usr/local/matlab.*/bin.*/MATLAB.*
/usr/lib/wingide-[^/]+/bin/PyCore/python
/usr/lib/erlang/erts-[^/]+/bin/beam.smp
/usr/lib/thunderbird-[^/]+/thunderbird-bin
/usr/local/Wolfram/Mathematica(/.*)?MathKernel
/opt/ibm/lotus/Symphony/framework/rcp/eclipse/plugins(/.*)?
/usr/bin/gij
/usr/bin/sbcl
/usr/bin/darcs
/usr/bin/skype
/usr/bin/frysk
/usr/bin/grmic
/usr/bin/dosbox
/usr/bin/runghc
/usr/bin/gnatls
/usr/bin/fastjar
/usr/bin/hasktags
/usr/bin/valgrind
/usr/bin/gkeytool
/usr/bin/gnatbind
/usr/bin/gnatmake
/usr/bin/aticonfig
/usr/bin/runhaskell
/usr/bin/gcj-dbtool
/usr/bin/gjarsigner
/usr/bin/jv-convert
/usr/lib/R/bin/exec/R
/usr/bin/grmiregistry
/usr/bin/gappletviewer
/usr/bin/plasma-desktop
/usr/lib/eclipse/eclipse
/usr/sbin/vboxadd-service
/opt/google/chrome/chrome
/usr/lib/ia32el/ia32x_loader
/usr/lib/virtualbox/VirtualBox
/opt/likewise/bin/domainjoin-cli
/opt/google/chrome/google-chrome
/opt/real/RealPlayer/realplay\.bin
/usr/local/RealPlayer/realplay\.bin
/opt/secondlife-install/bin/SLPlugin
/opt/Komodo-Edit-5/lib/mozilla/komodo-bin
/usr/lib/chromium-browser/chromium-browser
/opt/Adobe/Reader9/Reader/intellinux/bin/acroread
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
iEYEARECAAYFAk65Ls0ACgkQrlYvE4MpobPdBACgqyx6uG2FDQHAtzLJfXnd5oml
d24An1kj4sVSieS9HWoZ9lTl+M3hL07y
=yXOA
-----END PGP SIGNATURE-----