selinux alert from gccgo

Jakub Jelinek jakub at
Thu Jun 9 16:05:33 UTC 2011

On Thu, Jun 09, 2011 at 11:26:26AM -0400, Daniel J Walsh wrote:
> Hash: SHA1
> On 06/09/2011 09:19 AM, Neal Becker wrote:
> > I just compiled 'hello world.go' with gccgo on F15 and got selinux alert about 
> > mmap_zero when executable was run.
> > 
> THen I would open a big bug with gccgo and tell them to fix their code.
> mmap_zero is a known attack vector for exploiting kernel flaws, and
> almost no applications should need this access.
> Here is a discussion on it, and the problems that it caused SELinux.

mmap_zero audit message sounds like a kernel bug rather than gccgo,
all it needs is executable stack (well, I think it really wants
executable heap but is marked as needing executable stack).
It has been reported to Ian, but nothing has been rewritten upstream


More information about the devel mailing list