New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dart gets terminated by mprotect/grsec #17548
Comments
Slight correction to Søren's statement: We do generate code into RW- memory area and once dynamic code-generation has finished we switch the region to R-X. When patching the code as we get more feedback about the running program we switch the region back to RW-. This feature has only been implemented in 1.3 and thus the 1.2.0 release is expected to use RWX regions for code as described by Søren. Can you please update to a 1.3 build of Dart which is available on the dev channel? You can get it from https://www.dartlang.org/tools/download.html and look for "Early Adopter". Thanks! Set owner to @iposva-google. |
This comment was originally written by pe...@siddhadev.com If I compare the distribution of dart to golang directly after unpacking: $ paxctl-ng -v dart-sdk/bin/dart where golang after unpacking would give $ paxctl-ng -v go/bin/go so might be, it's just about what is set per default. |
This comment was originally written by pe...@siddhadev.com I've just tried 1.3.0, but I get the same message (by doing pub get): [ 7234.407871] grsec: denied RWX mprotect of <anonymous mapping> by /tmp/dart/e/dart-sdk/bin/dart[dart:8957] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:8306] uid/euid:1000/1000 gid/egid:1000/1000 |
The standalone Dart VM does not write-protect code pages by default. See: https://github.com/dart-lang/sdk/blob/master/runtime/bin/main.cc#L1589 You'd need to pass --write_protect_code to override this behavior. |
This issue was originally filed by pe...@siddhadev.com
What steps will reproduce the problem?
What is the expected output? What do you see instead?
the dart process gets terminated, and dmesg shows
grsec: denied RWX mprotect of <anonymous mapping> by /opt/dart/dart-sdk/bin/dart[dart:3650] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[
bash:3498] uid/euid:1000/1000 gid/egid:1000/1000
What version of the product are you using? On what operating system?
Dart VM version: 1.2.0
Gentoo Linux 3.11.7-hardened-r1
Please provide any additional information below.
mprotect could be disabled by something like
sudo paxctl -c -m
which dart
The text was updated successfully, but these errors were encountered: