Bug 81582

Summary: Colord fails to start on hardened kernel
Product: colord Reporter: Luke <gaming4jc2>
Component: daemonAssignee: Richard Hughes <richard>
Status: NEEDINFO --- QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: dmesg log

Description Luke 2014-07-21 02:46:25 UTC
Created attachment 103164 [details]
dmesg log

Running Arch Linux with Hardened Kernel it is not possible to use colord. Even after setting all protection off the binary (- PaX flags: -p-s-m-xE--r [/usr/lib/colord/colord]).

This is a possible security risk and should be investigated.

Thanks.
Comment 1 Richard Hughes 2014-07-28 12:41:39 UTC
(In reply to comment #0)
> Running Arch Linux with Hardened Kernel it is not possible to use colord.
> Even after setting all protection off the binary (- PaX flags: -p-s-m-xE--r
> [/usr/lib/colord/colord]).

Define "use" -- does the binary run? If so, does the binary get any log output when run with --verbose as root?

> This is a possible security risk and should be investigated.

Sure, I'd love to if grsec and PaX was available upstream or in Fedora...
Comment 2 Daniel Micay 2014-08-02 03:21:22 UTC
(In reply to comment #1)
> (In reply to comment #0)
> > Running Arch Linux with Hardened Kernel it is not possible to use colord.
> > Even after setting all protection off the binary (- PaX flags: -p-s-m-xE--r
> > [/usr/lib/colord/colord]).
> 
> Define "use" -- does the binary run? If so, does the binary get any log
> output when run with --verbose as root?
> 
> > This is a possible security risk and should be investigated.
> 
> Sure, I'd love to if grsec and PaX was available upstream or in Fedora...

See https://github.com/thestinger/paxd/issues/11 for a more detailed report by the same person. An MPROTECT exception would have worked, but it wasn't being set correctly. Ideally an MPROTECT exception wouldn't be required (prevents injecting at code at runtime, so you can't go from ROP -> shellcode) but I don't actually run into this issue when I start colord with the grsecurity kernel.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.