selinux alert from gccgo

Jakub Jelinek jakub at redhat.com
Thu Jun 9 16:05:33 UTC 2011


On Thu, Jun 09, 2011 at 11:26:26AM -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 06/09/2011 09:19 AM, Neal Becker wrote:
> > I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about 
> > mmap_zero when executable was run.
> > 
> THen I would open a big bug with gccgo and tell them to fix their code.
> 
> mmap_zero is a known attack vector for exploiting kernel flaws, and
> almost no applications should need this access.
> 
> Here is a discussion on it, and the problems that it caused SELinux.
> 
> http://eparis.livejournal.com/

See https://bugzilla.redhat.com/show_bug.cgi?id=693143
mmap_zero audit message sounds like a kernel bug rather than gccgo,
all it needs is executable stack (well, I think it really wants
executable heap but is marked as needing executable stack).
It has been reported to Ian, but nothing has been rewritten upstream
yet.

	Jakub


More information about the devel mailing list