Bug#855798: udev: MemoryDenyWriteExecute=yes should not be applied to udev plugins

Mike Manning mmanning at brocade.com
Tue Feb 21 18:44:29 GMT 2017


The problem binary is built using Go and is not part of the Debian distro.
We are in the process of assessing why the way Go has created this
executable and shared libs is infringing the W^X check during dynamic load.
I am not aware of any other type of binary causing the problem, and have
tested the plugin mechanism as working fine for test scripts and for
statically linked executables created by Go. The question is where
the boundary for security lies in terms of calling executables outside of
systemd and indeed the distro, vs the pain involved in distro-upgrade due
to the debuggability issues with this. Thanks, Mike





More information about the Pkg-systemd-maintainers mailing list