Opened 3 years ago

Closed 3 years ago

#20976 closed defect (wontfix)

Official `sandboxed-tor-browser` binaries break with PaX MPROTECT.

Reported by: yawning Owned by: yawning
Priority: Medium Milestone:
Component: Archived/Tor Browser Sandbox Version:
Severity: Normal Keywords:
Cc: gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I suspect this is something to do with our deterministic build setup, as I do development on a box with a grsec kernel. The binary itself will run fine if you add the override attribute with setfatter or paxd, but it would be nice if it worked out of the box.

Child Tickets

Change History (7)

comment:1 Changed 3 years ago by gk

Cc: gk added

comment:2 Changed 3 years ago by cypherpunks

Do you have any more information about the crash? What library shows a denied RWX mmap in the kernel log? What do the logs from strace -fe trace=memory,process say?

I really doubt it has anything to do with a deterministic build setup. The only things PAX_MPROTECT does are:

  • Prevents creation of RWX mappings
  • Prevents creation of RX anonymous mappings
  • Prevents making a non-executable mapping executable
  • Prevents making an RX mapping writable with the exception of performing relocations on a non-PIC library

Deterministic shouldn't change the behavior of Firefox itself in a way that would violate any of these. My guess is you're linking in a library which for some reason tries to create an RWX mapping. But given that the current ESR breaks due to creating RWX mappings for JIT, I haven't even played with it myself.

Last edited 3 years ago by cypherpunks (previous) (diff)

comment:3 Changed 3 years ago by yawning

It's not firefox that's crashing, it's the launcher.

mprotect(0x52fb4b3000, 15585280, PROT_READ|PROT_WRITE) = -1 EACCES (Permission denied)
/home/yawning/.local/bin/sandboxed-tor-browser-0.0.2: error while loading shared libraries: cannot make segment writable for relocation: Permission denied
exit_group(127)                         = ?

comment:4 Changed 3 years ago by yawning

And scanelf reports: TEXTREL /home/yawning/.local/bin/sandboxed-tor-browser-0.0.2

Since the binaries I build locally don't have this issue, I'm inclined to thing something is hosed elsewhere....

comment:5 Changed 3 years ago by yawning

https://github.com/golang/go/commit/53aec79ce05cd5eff1c8f5576b553d3c429227c3

This is not in any released Go version as of this date.

comment:6 in reply to:  3 Changed 3 years ago by cypherpunks

Replying to yawning:

It's not firefox that's crashing, it's the launcher.

mprotect(0x52fb4b3000, 15585280, PROT_READ|PROT_WRITE) = -1 EACCES (Permission denied)
/home/yawning/.local/bin/sandboxed-tor-browser-0.0.2: error while loading shared libraries: cannot make segment writable for relocation: Permission denied
exit_group(127)                         = ?

What was 0x52fb4b3000 referring to in that trace? It had to have been a library or executable or something which was originally mapped as PROT_READ|PROT_EXEC, but what?

EDIT: Nevermind, I didn't see the link above.

Last edited 3 years ago by cypherpunks (previous) (diff)

comment:7 Changed 3 years ago by yawning

Resolution: wontfix
Status: newclosed

This might have solved itself, it might not. It's basically moot because I don't pay for grsec, and people that do can either wait till the launcher gets built with a new enough Go, or set the fs attributes to work around this issue.

Note: See TracTickets for help on using tickets.