[Mono-bugs] [Bug 61710][Nor] New - mono can't compile with PaX
Sun, 18 Jul 2004 18:30:02 -0400 (EDT)
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by firstname.lastname@example.org.
--- shadow/61710 2004-07-18 18:30:02.000000000 -0400
+++ shadow/61710.tmp.22201 2004-07-18 18:30:02.000000000 -0400
@@ -0,0 +1,65 @@
+Product: Mono: Runtime
+OS Details: Gentoo with PaX
+Severity: 001 One hour
+Summary: mono can't compile with PaX
+Description of Problem:
+When building mono, at least one kill occurs with PaX:
+PAX: execution attempt in: <anonymous mapping>, 22018000-22020000 22018000
+PAX: terminating task:
+uid/euid: 0/0, PC: 22018050, SP: 5cb37e6c
+I'm digging my way through to see what needs to be done, but I'm assuming
+you'll need to `paxctl -pemrxs` against this binary during building, before
+using it. You may wish to use both 'chpax' and 'paxctl' at this point.
+You can find information on PaX at:
+Basically, it's a strict executable space protection scheme.
+Steps to reproduce the problem:
+1. Set up a PaX-enabled system
+2. Compile mono
+3. Watch lt-mono die.
+lt-mono dies due to a PaX kill, compilation halts.
+mono should finish installing and get merged to /
+How often does this happen?
+See the two links above. It's not feasible to say, "just get a binary
+download" or "don't use PaX," in this situation; however, you'll want to
+allow the paxctl and chpax commands to fail in the Makefile, as non-PaX
+systems won't have these installed.
+Anything that does JIT during build will need restrictions removed as given
+This should be a fairly simple build system fix (mark affected binaries
+before using them, and after building). I've left the priority at "Normal"
+because I figure none of the Internet cares about security at this point,
+and would rather we switch off our protections. Raise if you disagree with