Bug#887348: steam:i386: execmod access is requested, security issue
James Cowgill
jcowgill at debian.org
Wed Jan 17 12:15:48 UTC 2018
Hi,
On 16/01/18 03:41, Russell Coker wrote:
> On Monday, 15 January 2018 2:15:40 PM AEDT James Cowgill wrote:
>>> Sorry, we do not control the binaries that Valve
>>> use in Steam. You're welcome to take this upstream to
>>> https://github.com/ValveSoftware/steam-for-linux/issues/ if you believe
>>> the use of generic i386 binaries is a security problem.
>>>
>>> path="/home/rjc/.steam/ubuntu12_32/libavutil.so.55"
>>
>> Arguably this is an ffmpeg bug. I expect you will find that this will
>> also happen if you try to run any program which uses ffmpeg on a machine
>> with Debian i386 and SELinux installed.
>
> It's a compilation choice for ffmpeg. Last time I checked that same choice
> was made by the maintainers of the Debian package, so for some years I had a
> repository of alternate ffmpeg packages to support a more strict configuration
> of SE Linux on the i386 desktop - which incidentally also made things more
> secure for i386 users who didn't use SE Linux. I stopped supporting thost
> packages because i386 desktops are almost never used nowadays, the i386
> architecture is uncommon and most use of it is for routers and embedded
> systems.
>
> But in this case the compilation choice was made by Steam upstream. I filed a
> bug report here so that everyone is aware of it and anyone who looks up the
> issue will know that it's a known issue.
I had a harder look at this, and it seems that the x86 assembly from
modern ffmpeg will require significant patching to be made PIC on
x86_32. Changing a few flags to enable PIC results in hundreds of
assembly errors. At the moment the only way to avoid the textrels is to
disable all assembly which is too much of a performance hit (I expect
for both Debian and Steam).
A few bugs I found:
https://trac.ffmpeg.org/ticket/4928
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493705
James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20180117/e5049742/attachment.sig>
More information about the Pkg-games-devel
mailing list