Bug#598521: rhythmbox crashes if /tmp is mounted with noexec+nosuid attributes

Dominique Parisot zionly at free.fr
Wed Sep 29 16:56:19 UTC 2010 

Package: rhythmbox
Version: 0.12.8-2
Severity: normal
Tags: squeeze upstream

When noexec and nosuid attributes are used to mount /tmp, Rhythmbox crashes withe a core dump when the play button is pressed.

The core dump indicates that the crash occurres in orc_sse_set_mxcsr from liborc-0.4.so.0 :

(gdb) where
#0  0x00007f9fb7716bdc in orc_sse_set_mxcsr () from /usr/lib/liborc-0.4.so.0
#1  0x00007f9fb771ce2a in orc_compiler_sse_assemble () from /usr/lib/liborc-0.4.so.0
#2  0x00007f9fb770e5a5 in orc_program_compile_full () from /usr/lib/liborc-0.4.so.0
#3  0x00007f9fb1df7632 in ?? () from /usr/lib/gstreamer-0.10/libgstaudioconvert.so
#4  0x00007f9fb1df0b0d in ?? () from /usr/lib/gstreamer-0.10/libgstaudioconvert.so
#5  0x00007f9fb1ded9c2 in ?? () from /usr/lib/gstreamer-0.10/libgstaudioconvert.so
#6  0x00007f9fcfdaf139 in ?? () from /usr/lib/libgstbase-0.10.so.0
#7  0x00007f9fcfdaf6bd in ?? () from /usr/lib/libgstbase-0.10.so.0
#8  0x00007f9fcfb07f8d in ?? () from /usr/lib/libgstreamer-0.10.so.0

If /tmp is remounted with exec and suite attributes, rhythmbox works fine.

For me, it's important to set these attributes on /tmp for security reasons.

Thank you

Dominique Parisot



-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages rhythmbox depends on:
ii  dbus                    1.2.24-3         simple interprocess messaging syst
ii  gconf2                  2.28.1-3         GNOME configuration database syste
ii  gnome-icon-theme        2.30.3-1         GNOME Desktop icon theme
ii  gstreamer0.10-alsa [gst 0.10.30-1        GStreamer plugin for ALSA
ii  gstreamer0.10-plugins-b 0.10.19-2+b2     GStreamer plugins from the "bad" s
ii  gstreamer0.10-plugins-b 0.10.30-1        GStreamer plugins from the "base" 
ii  gstreamer0.10-plugins-g 0.10.24-1        GStreamer plugins from the "good" 
ii  gstreamer0.10-x         0.10.30-1        GStreamer plugins for X11 and Pang
ii  libatk1.0-0             1.30.0-1         The ATK accessibility toolkit
ii  libc6                   2.11.2-6         Embedded GNU C Library: Shared lib
ii  libcairo2               1.8.10-6         The Cairo 2D vector graphics libra
ii  libdbus-1-3             1.2.24-3         simple interprocess messaging syst
ii  libdbus-glib-1-2        0.88-2           simple interprocess messaging syst
ii  libfontconfig1          2.8.0-2.1        generic font configuration library
ii  libfreetype6            2.4.2-1          FreeType 2 font engine, shared lib
ii  libgconf2-4             2.28.1-3         GNOME configuration database syste
ii  libglib2.0-0            2.24.2-1         The GLib library of C routines
ii  libgnome-media0         2.30.0-1         runtime libraries for the GNOME me
ii  libgstreamer-plugins-ba 0.10.30-1        GStreamer libraries from the "base
ii  libgstreamer0.10-0      0.10.30-1        Core GStreamer libraries and eleme
ii  libgtk2.0-0             2.20.1-1+b1      The GTK+ graphical user interface 
ii  libgudev-1.0-0          160-1            GObject-based wrapper library for 
ii  libice6                 2:1.0.6-1        X11 Inter-Client Exchange library
ii  libnotify1 [libnotify1- 0.5.0-2          sends desktop notifications to a n
ii  libpango1.0-0           1.28.1-1         Layout and rendering of internatio
ii  libpython2.6            2.6.6-3          Shared Python runtime library (ver
ii  libsm6                  2:1.1.1-1        X11 Session Management library
ii  libsoup-gnome2.4-1      2.30.2-1         an HTTP library implementation in 
ii  libsoup2.4-1            2.30.2-1         an HTTP library implementation in 
ii  libtotem-plparser17     2.30.2-1         Totem Playlist Parser library - ru
ii  libxml2                 2.7.7.dfsg-4     GNOME XML library
ii  media-player-info       6-1              Media player identification files
ii  python-gnome2           2.28.1-1         Python bindings for the GNOME desk
ii  python-gst0.10          0.10.19-1        generic media-playing framework (P
ii  python-gtk2             2.17.0-4         Python bindings for the GTK+ widge
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

Versions of packages rhythmbox recommends:
ii  avahi-daemon             0.6.27-2        Avahi mDNS/DNS-SD daemon
ii  gstreamer0.10-plugins-ug 0.10.15-1       GStreamer plugins from the "ugly" 
ii  gvfs-backends            1.6.3-1         userspace virtual filesystem - bac
ii  notification-daemon      0.5.0-2         daemon to displays passive pop-up 
ii  rhythmbox-plugins        0.12.8-2        plugins for rhythmbox music player
ii  yelp                     2.30.1+webkit-1 Help browser for GNOME

Versions of packages rhythmbox suggests:
ii  gnome-codec-install         0.4.7        GStreamer codec installer
ii  gnome-control-center        1:2.30.1-2   utilities to configure the GNOME d
ii  gstreamer0.10-plugins-bad   0.10.19-2+b2 GStreamer plugins from the "bad" s
ii  rhythmbox-plugin-cdrecorder 0.12.8-2     burning plugin for rhythmbox music
pn  rhythmbox-plugin-coherence  <none>       (no description available)

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: core.gz
Type: application/x-gzip
Size: 5166754 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20100929/ec1b932f/attachment-0001.bin>

More information about the pkg-gnome-maintainers mailing list