Created attachment 103164 [details] dmesg log Running Arch Linux with Hardened Kernel it is not possible to use colord. Even after setting all protection off the binary (- PaX flags: -p-s-m-xE--r [/usr/lib/colord/colord]). This is a possible security risk and should be investigated. Thanks.
(In reply to comment #0) > Running Arch Linux with Hardened Kernel it is not possible to use colord. > Even after setting all protection off the binary (- PaX flags: -p-s-m-xE--r > [/usr/lib/colord/colord]). Define "use" -- does the binary run? If so, does the binary get any log output when run with --verbose as root? > This is a possible security risk and should be investigated. Sure, I'd love to if grsec and PaX was available upstream or in Fedora...
(In reply to comment #1) > (In reply to comment #0) > > Running Arch Linux with Hardened Kernel it is not possible to use colord. > > Even after setting all protection off the binary (- PaX flags: -p-s-m-xE--r > > [/usr/lib/colord/colord]). > > Define "use" -- does the binary run? If so, does the binary get any log > output when run with --verbose as root? > > > This is a possible security risk and should be investigated. > > Sure, I'd love to if grsec and PaX was available upstream or in Fedora... See https://github.com/thestinger/paxd/issues/11 for a more detailed report by the same person. An MPROTECT exception would have worked, but it wasn't being set correctly. Ideally an MPROTECT exception wouldn't be required (prevents injecting at code at runtime, so you can't go from ROP -> shellcode) but I don't actually run into this issue when I start colord with the grsecurity kernel.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.