Debian
kded package

many KDE processes have rwx memory mappings

Bug #1828936 reported by Laurent Bonnaud
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kded (Debian)
New
Unknown
kded (Fedora)
Confirmed
Undecided
kded (Ubuntu)
New
Undecided
Unassigned

Bug Description

SUMMARY

As a defense against machine code injection against buffer overflow bugs, most Linux distributions have worked over the years to remove as many rwx memory mappings as possible in processes.

I checked this on several of my systems and unfortunately I found that many KDE processes do have rwx memory mappings.

I chose to report this bug against the kded package because it is one of the most fundamental affected KDE process I found. However, the problem seems to be more general in KDE. I apologize in advance for not finding a better software package to report this problem.

STEPS TO REPRODUCE
1. Log in Plasma
2. Run the following command:

$ grep rwx /proc/$(pidof kded5)/maps

OBSERVED RESULT

$ grep rwx /proc/$(pidof kded5)/maps
7f68d7c2a000-7f68d7c3a000 rwxp 00000000 00:00 0

EXPECTED RESULT

No output

ProblemType: Bug
DistroRelease: Ubuntu 19.04
Package: kded5 5.56.0-0ubuntu1
Uname: Linux 5.1.1-050101-generic x86_64
ApportVersion: 2.20.10-0ubuntu27
Architecture: amd64
CurrentDesktop: KDE
Date: Tue May 14 08:41:00 2019
SourcePackage: kded
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Laurent Bonnaud (laurent-bonnaud) wrote :
Revision history for this message
Laurent Bonnaud (laurent-bonnaud) wrote :

This problem is also present in KDE Neon:

  https://bugs.kde.org/show_bug.cgi?id=407496

Unfortunately, this distribution is not listed in launchpad.

Revision history for this message
In , L.Bonnaud (l.bonnaud-redhat-bugs) wrote :

Description of problem:

As a defense against machine code injection made possible by buffer overflow bugs, most Linux distributions have worked over the years to remove as many rwx memory mappings as possible in processes.

I checked this on several of my systems and unfortunately I found that many KDE processes do have rwx memory mappings.

I chose to report this bug against the kded package because it is one of the most fundamental affected KDE process I found. However, the problem seems to be more general in KDE. I apologize in advance for not finding a better software package to report this problem.

Version-Release number of selected component (if applicable):

Fedora 30 packages updated today.

How reproducible:

always

Steps to Reproduce:
1. Log in Plasma
2. Run the following command:

$ grep rwx /proc/$(pidof kded5)/maps

Actual results:

$ grep rwx /proc/$(pidof kded5)/maps
7f68d7c2a000-7f68d7c3a000 rwxp 00000000 00:00 0

Expected results:

No output

Additional info:

According to comments in this bug report:
  https://bugs.kde.org/show_bug.cgi?id=407496
other Linux distributions do not have the same problem.

Bug Watch Updater (bug-watch-updater)
Changed in kded (Debian):
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in kded (Fedora):
importance: Unknown → Undecided
status: Unknown → Confirmed
Laurent Bonnaud (laurent-bonnaud)
tags: added: eoan focal groovy hirsute
Revision history for this message
Laurent Bonnaud (laurent-bonnaud) wrote :

Hi,

according to upstream KDE developers who tested on other distribution, this bug is Debian/Ubuntu specific.

And it still exists in lunar:

# grep rwx /proc/$(pidof kded5)/maps
7f28a406e000-7f28a407e000 rwxp 00000000 00:00 0
7f28a89ea000-7f28a89eb000 rwxp 00000000 00:00 0

tags: added: jammy kinetic lunar
removed: disco eoan groovy hirsute
Laurent Bonnaud (laurent-bonnaud)
tags: added: kubuntu
Laurent Bonnaud (laurent-bonnaud)
tags: added: noble
removed: lunar
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.