Bug 188452 - Latest update breaks GPG
Latest update breaks GPG
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Russell Coker
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-10 02:53 EDT by Evan Clarke
Modified: 2007-11-30 17:11 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-15 00:41:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Evan Clarke 2006-04-10 02:53:42 EDT
Description of problem:
Before updating fedora core, gpg worked fine.  Now executing gpg gives this
error message:
gpg: error while loading shared libraries: cannot restore segment prot after
reloc: Permission denied

and this in /var/log/messages
Apr 10 16:52:27 localhost kernel: audit(1144651947.748:8): avc:  denied  {
execmod } for  pid=2921 comm="gpg" name="gpg" dev=dm-0 ino=27248852
scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:bin_t:s0
tclass=file

Version-Release number of selected component (if applicable):
gnupg-1.4.3-0_32.rhfc5.at
selinux-policy-targeted-2.2.25-3.fc5

How reproducible:
1

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Daniel Walsh 2006-04-11 16:45:54 EDT
Is that all that is in the messages?  Anyh idea what shared library it is
failing to load?

Comment 2 Evan Clarke 2006-04-12 00:03:56 EDT
That is all there is in /var/log/messages, unfortunately, and gpg doesn't give
any other output than what I provided.

Additional information that may come in handy:
[evan@localhost ~]$ ldd `which gpg`
        linux-gate.so.1 =>  (0x0096f000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x00c27000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00200000)
        libbz2.so.1 => /usr/lib/libbz2.so.1 (0x00b3d000)
        libreadline.so.5 => /usr/lib/libreadline.so.5 (0x0068d000)
        libtermcap.so.2 => /lib/libtermcap.so.2 (0x00795000)
        libdl.so.2 => /lib/libdl.so.2 (0x00213000)
        libusb-0.1.so.4 => /usr/lib/libusb-0.1.so.4 (0x008cd000)
        libc.so.6 => /lib/libc.so.6 (0x003c3000)
        /lib/ld-linux.so.2 (0x00970000)

[evan@localhost ~]$ gpg -v
gpg: error while loading shared libraries: cannot restore segment prot after
reloc: Permission denied

[evan@localhost ~]$ strace gpg
execve("/usr/bin/gpg", ["gpg"], [/* 35 vars */]) = 0
brk(0)                                  = 0x8ec2000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=49460, ...}) = 0
mmap2(NULL, 49460, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f32000
close(3)                                = 0
open("/lib/libresolv.so.2", O_RDONLY)   = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20$b\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=76320, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f31000
mmap2(NULL, 75976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x111000
mmap2(0x120000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE,
3, 0xe) = 0x120000
mmap2(0x122000, 6344, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,
-1, 0) = 0x122000
close(3)                                = 0
open("/usr/lib/libz.so.1", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\7\257"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=75632, ...}) = 0
mmap2(NULL, 77008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x124000
mmap2(0x136000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE,
3, 0x11) = 0x136000
close(3)                                = 0
open("/usr/lib/libbz2.so.1", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\321\332"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=67784, ...}) = 0
mmap2(NULL, 65060, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x58a000
mmap2(0x599000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE,
3, 0xf) = 0x599000
close(3)                                = 0
open("/usr/lib/libreadline.so.5", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@T\261\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=197832, ...}) = 0
mmap2(NULL, 199036, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x294000
mmap2(0x2c0000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2c) = 0x2c0000
mmap2(0x2c4000, 2428, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,
-1, 0) = 0x2c4000
close(3)                                = 0
open("/lib/libtermcap.so.2", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220L\260"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=13496, ...}) = 0
mmap2(NULL, 14984, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x417000
mmap2(0x41a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE,
3, 0x2) = 0x41a000
close(3)                                = 0
open("/lib/libdl.so.2", O_RDONLY)       = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\234\256"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=16352, ...}) = 0
mmap2(NULL, 12412, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xc74000
mmap2(0xc76000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE,
3, 0x1) = 0xc76000
close(3)                                = 0
open("/usr/lib/libusb-0.1.so.4", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\303a"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=32816, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f30000
mmap2(NULL, 30200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x328000
mmap2(0x32e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE,
3, 0x6) = 0x32e000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\n)\232"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1528292, ...}) = 0
mmap2(NULL, 1254780, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x683000
mmap2(0x7af000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12b) = 0x7af000
mmap2(0x7b3000, 9596, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,
-1, 0) = 0x7b3000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f2f000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f2f6b0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}) = 0
mprotect(0x7af000, 12288, PROT_READ)    = 0
mprotect(0xc76000, 4096, PROT_READ)     = 0
mprotect(0x120000, 4096, PROT_READ)     = 0
mprotect(0x9fd000, 958464, PROT_READ|PROT_WRITE) = 0
mprotect(0x9fd000, 958464, PROT_READ|PROT_EXEC) = -1 EACCES (Permission denied)
writev(2, [{"gpg", 3}, {": ", 2}, {"error while loading shared libra"..., 36},
{": ", 2}, {"", 0}, {"", 0}, {"cannot restore segment prot afte"..., 39}, {": ",
2}, {"Permission denied", 17}, {"\n", 1}], 10gpg: error while loading shared
libraries: cannot restore segment prot after reloc: Permission denied
) = 102
exit_group(127)                         = ?
Process 2663 detached
[evan@localhost ~]$

If there is anything else I can help with, let me know.
Comment 3 Evan Clarke 2006-04-12 21:44:30 EDT
Updating to say it is still broken with 
selinux-policy-2.2.29-3.fc5
selinux-policy-targeted-2.2.29-3.fc5
Comment 4 Daniel Walsh 2006-04-14 12:59:52 EDT
Uli,

Why is this execmod on the binary and not a library?

At least that is what the AVC indicates
Comment 5 Ulrich Drepper 2006-04-14 21:54:27 EDT
This is no Red Hat binary.  Whoever built it likely is clueless and doesn't
understand anything about text relocations which here is a factor since gpg
should be a PIE.
Comment 6 Evan Clarke 2006-04-15 00:41:31 EDT
My appologies, I didn't realise that gpg was pulled from an external repo. 
Rolling back to the official gpg and libgpg-error fixed the issue.

Closing as NOTABUG?

Note You need to log in before you can comment on or make changes to this bug.