Closed polkit-github-migration-bot closed 9 months ago
In gitlab.freedesktop.org by xry111 on Jul 29, 2023, 10:22
Well, it's caused by MemoryDenyWriteExecute=yes
. It seems the JIT compiler in mozjs attempts to create WX memory mappings.
I think the reasonable thing to do is disabling JIT.
In gitlab.freedesktop.org by xry111 on Jul 29, 2023, 10:56
Hmm, even if JIT is disabled this still does not work. I've created https://bugzilla.mozilla.org/show_bug.cgi?id=1846122, but for now the only possible short-term fix is allowing W/X mapping if mozjs used.
In gitlab.freedesktop.org by jrybar on Jul 31, 2023, 12:36
Hello Xi,
thanks for looking into this.
I'm just writing a release-announcement mail stating that the next version is planned for December.
Knowing this, I can add a note about this flaw with a link to your patch. Is that acceptable solution for now?
In gitlab.freedesktop.org by xry111 on Jul 31, 2023, 12:53
Ok.
In gitlab.freedesktop.org by xry111 on Jul 29, 2023, 10:16
Link to the original issue: https://gitlab.freedesktop.org/polkit/polkit/-/issues/199
Current behaviour, description of the problem
Install polkit-123 built with mozjs-102, then
Desired behaviour
polkit daemon should start fine.
Reproducer
See current behavior.
Detailed description
Bisect pinpoints to 25eef55dddbf0b4d635fbdd508710b496be80d9c as the first bad commit. I'll try to figure out which specific hardening option caused this.