Bug 285961 - flac-1.2.0-1.fc8: execmod for libFLAC.so.8.1.0 ?
flac-1.2.0-1.fc8: execmod for libFLAC.so.8.1.0 ?
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: flac (Show other bugs)
rawhide
All Linux
medium Severity low
: ---
: ---
Assigned To: Bastien Nocera
Fedora Extras Quality Assurance
:
: 289721 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-11 09:54 EDT by Tom London
Modified: 2007-11-30 17:12 EST (History)
4 users (show)

See Also:
Fixed In Version: 1.2.0-3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-12 17:07:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tom London 2007-09-11 09:54:19 EDT
Description of problem:
After installing flac-1.2.0-1.fc8, I get the following execmod AVC when trying
to start audacity:

type=AVC msg=audit(1189518127.378:24): avc:  denied  { execmod } for  pid=5321
comm="audacity" path="/usr/lib/libFLAC.so.8.1.0" dev=dm-0 ino=12255847
scontext=system_u:system_r:unconfined_execmem_t:s0
tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1189518127.378:24): arch=40000003 syscall=125 success=no
exit=-13 a0=279000 a1=54000 a2=5 a3=bfd77d70 items=0 ppid=1 pid=5321 auid=500
uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) comm="audacity" exe="/usr/bin/audacity"
subj=system_u:system_r:unconfined_execmem_t:s0 key=(null)

[I run audacity as 'unconfined_execmem_t' to allow use of 'ugly codec'.]

Don't recall seeing this with prior version.

Version-Release number of selected component (if applicable):
flac-1.2.0-1.fc8

How reproducible:
Every time.

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Bastien Nocera 2007-09-11 10:19:53 EDT
flac-1.1.3-gnu-stack.patch probably needs updating to cover the new nasm files.
Let me give it a try.
Comment 2 Bastien Nocera 2007-09-11 10:28:25 EDT
Please test with the build at:
http://koji.fedoraproject.org/koji/taskinfo?taskID=155392
Comment 3 Bastien Nocera 2007-09-11 10:34:41 EDT
Make that:
http://koji.fedoraproject.org/koji/taskinfo?taskID=155415

My fingers hate me.
Comment 4 Tom London 2007-09-11 12:01:48 EDT
No joy.

Downloaded/installed flac-1.2.0-2.fc8.

Reran audacity.  Still get:

type=AVC msg=audit(1189526382.610:28): avc:  denied  { execmod } for  pid=6042
comm="audacity" path="/usr/lib/libFLAC.so.8.1.0" dev=dm-0 ino=5483267
scontext=system_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0
tclass=file
type=SYSCALL msg=audit(1189526382.610:28): arch=40000003 syscall=125 success=no
exit=-13 a0=279000 a1=54000 a2=5 a3=bf9dea60 items=0 ppid=5324 pid=6042 auid=500
uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1
comm="audacity" exe="/usr/bin/audacity" subj=system_u:system_r:unconfined_t:s0
key=(null)
Comment 5 Bastien Nocera 2007-09-11 12:08:53 EDT
Can you reproduce using another app, say, /usr/bin/metaflac instead?

Dan, got a guide for debugging those?
Comment 6 Daniel Walsh 2007-09-11 12:13:16 EDT
Jakub or Uli would be much more help.
Comment 7 Tom London 2007-09-11 18:02:46 EDT
A bit more detail....

Running audacity from console window produces:

[tbl@localhost Downloads]$ audacity
audacity: error while loading shared libraries: /usr/lib/libFLAC.so.8: cannot
restore segment prot after reloc: Permission denied
[tbl@localhost Downloads]$ 

Here are the last few lines of 'strace audacity':

open("/usr/lib/libXdmcp.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\r\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=18612, ...}) = 0
mmap2(NULL, 21420, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x1976000
mmap2(0x197b000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4) = 0x197b000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7ef5000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7ef4000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7ef3000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7ef2000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7ef26d0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}) = 0
mprotect(0xac8000, 4096, PROT_READ)     = 0
mprotect(0xd97000, 8192, PROT_READ)     = 0
mprotect(0xaa4000, 4096, PROT_READ)     = 0
mprotect(0xa72000, 12288, PROT_READ)    = 0
mprotect(0x992000, 4096, PROT_READ)     = 0
mprotect(0x987000, 4096, PROT_READ)     = 0
mprotect(0x279000, 344064, PROT_READ|PROT_WRITE) = 0
mprotect(0x279000, 344064, PROT_READ|PROT_EXEC) = -1 EACCES (Permission denied)
writev(2, [{"audacity", 8}, {": ", 2}, {"error while loading shared libra"...,
36}, {": ", 2}, {"/usr/lib/libFLAC.so.8", 21}, {": ", 2}, {"cannot restore
segment prot afte"..., 39}, {": ", 2}, {"Permission denied", 17}, {"\n", 1}],
10audacity: error while loading shared libraries: /usr/lib/libFLAC.so.8: cannot
restore segment prot after reloc: Permission denied
) = 130
exit_group(127)                         = ?
[tbl@localhost Downloads]$ 
Comment 8 Tom London 2007-09-11 18:06:47 EDT
And yes, fails with 'metaflac':

[tbl@localhost Downloads]$ metaflac
metaflac: error while loading shared libraries: /usr/lib/libFLAC.so.8: cannot
restore segment prot after reloc: Permission denied
[tbl@localhost Downloads]$ 
Comment 9 Jakub Jelinek 2007-09-11 18:36:39 EDT
libFLAC.so.8.1.0 on i386 is DT_TEXTREL, please avoid that.
The bad relocations are:
0004c653  0001c901 R_386_32               00054940   FLAC__crc16_table
0004c6f0  0001c901 R_386_32               00054940   FLAC__crc16_table
0004c84d  0001c901 R_386_32               00054940   FLAC__crc16_table
0004c78c  00017202 R_386_PC32             00009f20   bitreader_read_from_client_
0004c7e1  00017202 R_386_PC32             00009f20   bitreader_read_from_client_

%ifdef FLAC__PUBLIC_NEEDS_UNDERSCORE
        mov     edi, _FLAC__crc16_table
%else
        mov     edi, FLAC__crc16_table
%endif
or
%ifdef FLAC__PUBLIC_NEEDS_UNDERSCORE
        call    _bitreader_read_from_client_
%else
        call    bitreader_read_from_client_
%endif
is not correct PIC code.
The latter is more easily fixable, assuming bitreader_read_from_client_
is not part of the exported ABI, making it hidden within the library is all
that is needed.  simple_ogg_page__set_at and simple_ogg_page__init,
simple_ogg_page__get_at probably should be made hidden as well.
Just add __attribute__((__visibility__("hidden"))) to those 4 prototypes
or function definitions.
The 3 movl $FLAC__crc16_table_, %edi instructions really need to be rewritten
as PIC sequences, but I haven't studied if they are used in loops or not.
If not and you have one spare register, you can have:
.Lget_pc_thunk:
        movl    (%esp), %ecx
        ret
somewhere and
call .Lget_pc_thunk
addl $_GLOBAL_OFFSET_TABLE_, %ecx
movl FLAC__crc16_table_(%ecx), %edi
to load the address.  Unfortunately flac uses nasm, not sure how this can
be written in that.
Comment 10 Bastien Nocera 2007-09-12 17:07:46 EDT
I forwarded the bug upstream, as my visibility changes weren't enough to fix the
problem:
http://sourceforge.net/tracker/index.php?func=detail&aid=1793536&group_id=13478&atid=113478

I've committed the visibility changes, as well as disabling optimisations on x86
until fixes this.
Comment 11 Jakub Jelinek 2007-09-12 17:16:04 EDT
Did at least the bitreader_read_from_client_ relocs go away?
For the loading of FLAC__crc16_table_ address, following might help:
http://developer.apple.com/documentation/DeveloperTools/nasm/nasmdoc8.html#section-8.2
Comment 12 Bastien Nocera 2007-09-18 13:33:53 EDT
*** Bug 289721 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.