Bug#929076: kded5: many KDE processes have rwx memory mappings
Package: kded5
Version: 5.54.0-1
Severity: important
Dear Maintainer,
As a defense against machine code injection attacks made possible by buffer overflow bugs, most Linux distributions have worked over the years to remove as many rwx memory mappings as possible in processes.
I checked this on several of my systems and unfortunately I found that many KDE processes do have rwx memory mappings.
I chose to report this bug against the kded package because it is one of the most fundamental affected KDE process I found. However, the problem seems to be more general in KDE. I apologize in advance for not finding a better software package to report this problem.
STEPS TO REPRODUCE
1. Log in Plasma
2. Run the following command:
$ grep rwx /proc/$(pidof kded5)/maps
OBSERVED RESULT
$ grep rwx /proc/$(pidof kded5)/maps
7f68d7c2a000-7f68d7c3a000 rwxp 00000000 00:00 0
EXPECTED RESULT
No output
-- System Information:
Debian Release: 10.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en>
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages kded5 depends on:
ii libc6 2.28-10
ii libkf5configcore5 5.54.0-1
ii libkf5coreaddons5 5.54.0-1
ii libkf5crash5 5.54.0-1
ii libkf5dbusaddons5 5.54.0-1
ii libkf5service-bin 5.54.0-1
ii libkf5service5 5.54.0-1
ii libqt5core5a 5.11.3+dfsg1-1
ii libqt5dbus5 5.11.3+dfsg1-1
ii libqt5gui5 5.11.3+dfsg1-1
ii libqt5widgets5 5.11.3+dfsg1-1
ii libstdc++6 9.1.0-2
kded5 recommends no packages.
kded5 suggests no packages.
-- no debconf information
--
Laurent.
Reply to: