On 05/16/2012 12:12 PM, PaX Team wrote:
On 16 May 2012 at 16:39, Hinnerk van Bruinehsen wrote:
at the moment the thunderbird-ebuild in the tree does a "pax mark m"
on the binary.
At least for me thunderbird works fine if I just disable jit.
there're a few packages that define a local 'jit' USE flag, i'd say
thunderbird/firefox/etc should use it as well to disable JIT related
options and avoid the pax-mark (not sure why pax-kernel came to mean
this, that's for kernel modules, not userland, and this JIT stuff is
useful for more kernels than just PaX based ones).
What would be the workflow for reporting that. Should I file a bugreport?
this i don't know, but probably bugzilla ;)
USE="pax_kernel" is supposed to mean "we are compiling this binary
because it may be run under a pax enabled kernel". I say "may" here
because people can have several kernels on their box, some may have pax
and some may not. So, if you expect the binary might break without pax
markings when running on a pax kernel, then set this flag. Since PT_PAX
markings are ignored by a vanilla kernel, no harm done.
This flag was introduced to distinguish the above from USE="hardened"
which only refers to the toolchain, and the goodies it brings along.
Having said that, its clearly better to disable JIT and not pax mark
then vice versa. We have jit disabled by default in the hardened profiles.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
