-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/07/2011 10:48 PM, Kevin Kofler wrote: > Adam Williamson wrote: >> It seems like a similar bug has come up before in clamav: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=573191 > > This issue affects many JITs. The WebKit JIT is affected too. > Actually, the execmem boolean has been enabled by default for a > while, did it get disabled again in F17? We had been disabling the > QtWebKit JIT, but we reenabled it when we found out execmem got > enabled by default. More and more things in Fedora use JITs (see > also Orc etc.), and those JITs all tend to require execmem, with > upstreams showing little to no interest in changing them not to. > (There is a way, but 1. it's complicated and 2. it hurts > performance.) > > Kevin Kofler > Any time I go into a rawhide I enable the tightest controls. Then relax them as we get closer to Beta. I am thinking of dropping execmem protection from user apps altogether as I see almost all applications that a user relies on needing execmem. The attached regular expressions match all of the executables that we are currently marking as needing execmem protection.
/usr/(.*/)?bin/java.* /opt/(.*/)?bin/java[^/]* /usr/lib(.*/)?bin/java[^/]* /opt/ibm(/.*)?/eclipse/plugins(/.*)? /opt/real/(.*/)?realplay\.bin /opt/Adobe.*AIR/.*/Resources/Adobe.AIR.Updater /opt/Adobe.*AIR/.*/Resources/Adobe.AIR.Application /opt/matlab.*/bin.*/MATLAB.* /opt/MATLAB.*/bin.*/MATLAB.* /usr/matlab.*/bin.*/MATLAB.* /usr/Aptana[^/]*/AptanaStudio /usr/bin/mono.* /usr/lib/ghc-[^/]+/ghc.* /opt/ibm/java.*/(bin|javaws)(/.*)? /usr/sbin/VBox.* /usr/lib/opera(/.*)?/opera /usr/lib/opera(/.*)?/works /usr/lib/gimp/[^/]+/plug-ins/help-browser /usr/bin/haddock.* /usr/bin/octave-[^/]* /usr/libexec/gcc(/.*)?/gnat1 /usr/libexec/ghc-[^/]+/.*bin /usr/libexec/ghc-[^/]+/ghc.* /usr/java/eclipse[^/]*/eclipse /usr/lib/jvm/java(.*/)bin(/.*)? /opt/local/matlab.*/bin.*/MATLAB.* /opt/local/MATLAB.*/bin.*/MATLAB.* /usr/local/matlab.*/bin.*/MATLAB.* /usr/lib/wingide-[^/]+/bin/PyCore/python /usr/lib/erlang/erts-[^/]+/bin/beam.smp /usr/lib/thunderbird-[^/]+/thunderbird-bin /usr/local/Wolfram/Mathematica(/.*)?MathKernel /opt/ibm/lotus/Symphony/framework/rcp/eclipse/plugins(/.*)? /usr/bin/gij /usr/bin/sbcl /usr/bin/darcs /usr/bin/skype /usr/bin/frysk /usr/bin/grmic /usr/bin/dosbox /usr/bin/runghc /usr/bin/gnatls /usr/bin/fastjar /usr/bin/hasktags /usr/bin/valgrind /usr/bin/gkeytool /usr/bin/gnatbind /usr/bin/gnatmake /usr/bin/aticonfig /usr/bin/runhaskell /usr/bin/gcj-dbtool /usr/bin/gjarsigner /usr/bin/jv-convert /usr/lib/R/bin/exec/R /usr/bin/grmiregistry /usr/bin/gappletviewer /usr/bin/plasma-desktop /usr/lib/eclipse/eclipse /usr/sbin/vboxadd-service /opt/google/chrome/chrome /usr/lib/ia32el/ia32x_loader /usr/lib/virtualbox/VirtualBox /opt/likewise/bin/domainjoin-cli /opt/google/chrome/google-chrome /opt/real/RealPlayer/realplay\.bin /usr/local/RealPlayer/realplay\.bin /opt/secondlife-install/bin/SLPlugin /opt/Komodo-Edit-5/lib/mozilla/komodo-bin /usr/lib/chromium-browser/chromium-browser /opt/Adobe/Reader9/Reader/intellinux/bin/acroread -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk65Ls0ACgkQrlYvE4MpobPdBACgqyx6uG2FDQHAtzLJfXnd5oml d24An1kj4sVSieS9HWoZ9lTl+M3hL07y =yXOA -----END PGP SIGNATURE----- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
