Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dart gets terminated by mprotect/grsec #17548

Closed
DartBot opened this issue Mar 18, 2014 · 5 comments
Closed

dart gets terminated by mprotect/grsec #17548

DartBot opened this issue Mar 18, 2014 · 5 comments
Labels
area-vm Use area-vm for VM related issues, including code coverage, FFI, and the AOT and JIT backends. closed-as-intended Closed as the reported issue is expected behavior needs-info We need additional information from the issue author (auto-closed after 14 days if no response) type-bug Incorrect behavior (everything from a crash to more subtle misbehavior)

Comments

@DartBot
Copy link

DartBot commented Mar 18, 2014

This issue was originally filed by pe...@siddhadev.com

What steps will reproduce the problem?

  1. unpack the dart sdk on a hardened gentoo or a linux kernel with grsec/mprotect enabled
  2. run any dart commond, i.e. dart get

What is the expected output? What do you see instead?
the dart process gets terminated, and dmesg shows
    grsec: denied RWX mprotect of <anonymous mapping> by /opt/dart/dart-sdk/bin/dart[dart:3650] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[
bash:3498] uid/euid:1000/1000 gid/egid:1000/1000

What version of the product are you using? On what operating system?
Dart VM version: 1.2.0
Gentoo Linux 3.11.7-hardened-r1

Please provide any additional information below.
mprotect could be disabled by something like
    sudo paxctl -c -m which dart
@sgjesse
Copy link
Contributor

sgjesse commented Mar 18, 2014

The Dart VM compiles and run Dart programs by dynamically generating assembly code. Therefore RWX permissions on memory is required.

Added Area-VM, Triaged labels.

@iposva-google
Copy link
Contributor

Slight correction to Søren's statement: We do generate code into RW- memory area and once dynamic code-generation has finished we switch the region to R-X. When patching the code as we get more feedback about the running program we switch the region back to RW-. This feature has only been implemented in 1.3 and thus the 1.2.0 release is expected to use RWX regions for code as described by Søren.

Can you please update to a 1.3 build of Dart which is available on the dev channel? You can get it from https://www.dartlang.org/tools/download.html and look for "Early Adopter". Thanks!

Set owner to @iposva-google.
Added NeedsInfo label.

@DartBot
Copy link
Author

DartBot commented Mar 18, 2014

This comment was originally written by pe...@siddhadev.com

If I compare the distribution of dart to golang directly after unpacking:

    $ paxctl-ng -v dart-sdk/bin/dart
    dart-sdk/bin/dart:
    PT_PAX : not found
    XATTR_PAX : not found

where golang after unpacking would give

    $ paxctl-ng -v go/bin/go
    go/bin/go:
    PT_PAX : -em--
    XATTR_PAX : not found

so might be, it's just about what is set per default.

@DartBot
Copy link
Author

DartBot commented Mar 18, 2014

This comment was originally written by pe...@siddhadev.com

I've just tried 1.3.0, but I get the same message (by doing pub get):

    [ 7234.407871] grsec: denied RWX mprotect of <anonymous mapping> by /tmp/dart/e/dart-sdk/bin/dart[dart:8957] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:8306] uid/euid:1000/1000 gid/egid:1000/1000
    [ 7234.407885] grsec: more alerts, logging disabled for 10 seconds
    [ 7234.418558] PAX: execution attempt in: <anonymous mapping>, 2c0533bb000-2c0534bb000 2c0533bb000
    [ 7234.418565] PAX: terminating task: /tmp/dart/e/dart-sdk/bin/dart(dart):8957, uid/euid: 1000/1000, PC: 000002c0533bb040, SP: 000003804edacbb8

@DartBot DartBot added Type-Defect area-vm Use area-vm for VM related issues, including code coverage, FFI, and the AOT and JIT backends. needs-info We need additional information from the issue author (auto-closed after 14 days if no response) labels Mar 18, 2014
@kevmoo kevmoo added type-bug Incorrect behavior (everything from a crash to more subtle misbehavior) and removed priority-unassigned labels Feb 29, 2016
@iposva-google iposva-google removed their assignment May 31, 2016
@zanderso zanderso added the closed-as-intended Closed as the reported issue is expected behavior label Jun 15, 2016
@zanderso
Copy link
Member

The standalone Dart VM does not write-protect code pages by default. See:

https://github.com/dart-lang/sdk/blob/master/runtime/bin/main.cc#L1589

You'd need to pass --write_protect_code to override this behavior.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-vm Use area-vm for VM related issues, including code coverage, FFI, and the AOT and JIT backends. closed-as-intended Closed as the reported issue is expected behavior needs-info We need additional information from the issue author (auto-closed after 14 days if no response) type-bug Incorrect behavior (everything from a crash to more subtle misbehavior)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@kevmoo @sgjesse @iposva-google @zanderso @DartBot