Portal 2 Incompatible With SELinux 212
jones_supa writes "Valve has recently released Portal 2 on Steam for Linux and opened a GitHub entry to gather all the bugs from the community. When one of the Valve developers closed a bug related to Portal 2 recommending that the users disable a security feature, the Linux community reacted. A crash is caused by the game's interaction with SELinux, the Linux kernel subsystem that deals with access control security policies. Portal 2 uses the third-party Miles Sound System MP3 decoder which, in turn, uses execheap, a feature that is normally disabled by SELinux. Like its name suggests, execheap allows a program to map a part of the memory so that it is both writable and executable. This could be a problem if someone chose to use that particular memory section for buffer overflow attacks; that would eventually permit the hacker to gain access to the system by running code. In the end, Valve developer David W. took responsibility of the problem: 'I apologize for the mis-communication: Some underlying infrastructure our games rely on is incompatible with SELinux. We are hoping to correct this. Of course closing this bug isn't appropriate and I am re-opening it.' This is more of an upstream problem for Valve. It's not something that they can fix directly, and most likely they will have to talk with the Miles developers and try to repair the problem from that direction."
AV sucks. (Score:1, Informative)
Anti-virus software is only good for finding known/dumb viruses.
Re:why does a decoder need execheap? (Score:5, Informative)
The Miles Sound System is a game sound API that does more than just play a single MP3. It plays lots and lots at once, with spacial geometry, allowing accurate 2D and 3D sound to be produced. Many, many games use RAD Tools' stuff, this likely wont be a Valve-only issue but one facing a lot of game companies should they port to linux.
I don't think it was a malicious mistake. (Score:5, Informative)
Re:why does a decoder need execheap? (Score:5, Informative)
Oh, and for a full list of details on this stuff, see the site here http://www.radgametools.com/mi... [radgametools.com]
no need to disable SELinux (Score:5, Informative)
you just need to allow the portal2 binary to use execheap. Now obviously its not good that portal2 uses execheap, but SELinux is fine grained enough to allow for it.
Re:AV sucks. (Score:2, Informative)
Oh, wow; why on earth is this marked as informative, it's an anti-informative comment.
Any decent anti-virus program is not just going to be checking known signatures, but they will also be checking for malicious activities, execution and memory use patterns that virus makers use that shouldn't be in valid programs.
This is why sometimes you'll get poorly written software that triggers false alarms, they do things they shouldn't and get caught for it.
Additionally statistically very few people will happen across 0-day viruses, it's mostly existing ones that they will come across.
Re: oh my god!! (Score:5, Informative)
SELinux may have improved by leaps and bounds since I last touched it, but honestly it IS a wrong headed approach designed for an environment where a single security violation can be a disaster of global proportions.
That's not to say that MAC is bad (it most certainly isn't) or that it's not a good idea on a desktop machine (it is). More that if you make something too draconian and too painful to relax a bit when needed, it tends to get turned off.
Re:Bad Practice (Score:3, Informative)
There are 2 ways of doing this:
1) Map the memory as writable to populate it and then remap it as executable to run it. This way, it can only be one thing at a time which means that the malicious code can't enable itself.
2) Map the memory at 2 virtual addresses, with different permissions. One virtual address is for writing and the other is for execution. This means that knowing the program counter or stack pointer isn't enough to write malicious code.
Re:AV sucks. (Score:4, Informative)
They do.
0% detection rate by all major AVs is pretty much a must-have if you want to sell a dropper.
Re:why does a decoder need execheap? (Score:2, Informative)
Let's keep this on topic: no matter what this library accomplishes (and whether that is needed or not), why does it need to map any region of memory as both writable and executable?
It's called "Just in Time Compilation" or JIT for short, a program generates machine instructions then executes the instructions it generated. JIT is useful for improving performance vs a standard emulation infrastructure like a switch statement inside a loop.
Re:why does a decoder need execheap? (Score:2, Informative)
Because Fraunhaufer (the MP3 patent holder) supplied RAD Game Tools with a Windows DLL for x86 platforms, and so they decompress the DLL into heap memory and then call functions on it on Linux. Lol.