Signal doesn't start with noexec /tmp: failed to map segment from shared object

[szotsaki]

• I have searched open and closed issues for duplicates

---

Bug description

When I want to start Signal I get the following message printed in console:

A JavaScript error occurred in the main process
Uncaught Exception:
Error: /tmp/.org.chromium.Chromium.6xSpCT: failed to map segment from shared object
    at process.module.(anonymous function) [as dlopen] (ELECTRON_ASAR.js:172:20)
    at Object.Module._extensions..node (module.js:671:18)
    at Object.module.(anonymous function) [as .node] (ELECTRON_ASAR.js:186:18)
    at Module.load (module.js:561:32)
    at tryModuleLoad (module.js:504:12)
    at Function.Module._load (module.js:496:3)
    at Module.require (module.js:586:17)
    at require (internal/module.js:11:18)
    at Object.<anonymous> (/usr/lib64/signal-desktop/resources/app.asar/node_modules/@journeyapps/sqlcipher/lib/sqlite3.js:4:15)
    at Object.<anonymous> (/usr/lib64/signal-desktop/resources/app.asar/node_modules/@journeyapps/sqlcipher/lib/sqlite3.js:190:3)

Steps to reproduce

1. mount -o remount,noexec /tmp/
2. start signal-desktop

Actual result:

See above

Expected result:

Signal starts when /tmp is mounted noexec.

Screenshots

Platform info

Signal version:

1.15.5, in a previous version (I don't know exactly which one) it worked fine

Operating System:

openSUSE Tumbleweed x64

Linked device version:

Link to debug log

[scottnonnenberg-signal]

Tracking very similar issues here:

• Signal won't start after upgrade to 1.15.0 #2609
• Signal does not start: 'failed to map segment from shared object' #2641

[szotsaki]

I think the first one is not related; the second one is, but it's closed but the issue still exists. So I leave this open until the developers fix this bug.

[er0k]

I have the same issue.

$ uname -a
Linux 4.17.0-kali3-amd64 #1 SMP Debian 4.17.17-1kali1 (2018-08-21) x86_64 GNU/Linux
$ grep tmp /etc/fstab
tmpfs /tmp tmpfs defaults,noatime,nosuid,nodev,noexec,mode=1777,size=512M 0 0
$ mount | grep \/tmp
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noexec,noatime,size=524288k)
$ signal-desktop
A JavaScript error occurred in the main process
Uncaught Exception:
Error: /tmp/.org.chromium.Chromium.gIW37a: failed to map segment from shared object
    at process.module.(anonymous function) [as dlopen] (ELECTRON_ASAR.js:172:20)
    at Object.Module._extensions..node (module.js:671:18)
    at Object.module.(anonymous function) [as .node] (ELECTRON_ASAR.js:186:18)
    at Module.load (module.js:561:32)
    at tryModuleLoad (module.js:504:12)
    at Function.Module._load (module.js:496:3)
    at Module.require (module.js:586:17)
    at require (internal/module.js:11:18)
    at Object.<anonymous> (/opt/Signal/resources/app.asar/node_modules/@journeyapps/sqlcipher/lib/sqlite3.js:4:15)
    at Object.<anonymous> (/opt/Signal/resources/app.asar/node_modules/@journeyapps/sqlcipher/lib/sqlite3.js:190:3)

Re-mounting /tmp as executable does allow signal-desktop to start, but the Securing Debian Manual recommends mounting /tmp with noexec

[darkdragon-001]

Same problem here:

$ uname -a
Linux 4.18.8-041808-generic #201809150431 SMP Sat Sep 15 08:33:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ grep tmp /etc/fstab
tmpfs /tmp tmpfs defaults,nosuid,nodev,noexec,noatime 0 0
$ mount | grep \/tmp
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noexec,noatime)

Any progress?

[gerhard-tinned]

Same issue here. Sounds like there is not much progress on this. What is the workaround? allowing exec. on /tmp ?

OS distribution and version:

NAME="Linux Mint"
VERSION="18.3 (Sylvia)"
ID=linuxmint
ID_LIKE=ubuntu
PRETTY_NAME="Linux Mint 18.3"
VERSION_ID="18.3"
HOME_URL="http://www.linuxmint.com/"
SUPPORT_URL="http://forums.linuxmint.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/linuxmint/"
VERSION_CODENAME=sylvia
UBUNTU_CODENAME=xenial

Error messahe when started from the termina. (No GUI elements shown - not even an error message)

$ signal-desktop 
Set Windows Application User Model ID (AUMID) { appUserModelId: 'org.whispersystems.signal-desktop' }
NODE_ENV production
NODE_CONFIG_DIR /opt/Signal/resources/app.asar/config
NODE_CONFIG {}
ALLOW_CONFIG_MUTATIONS undefined
HOSTNAME undefined
NODE_APP_INSTANCE undefined
SUPPRESS_NO_CONFIG_WARNING undefined
userData: /home/user1/.config/Signal
config/get: Did not find user config file, cache is now empty object
config/get: Did not find ephemeral config file, cache is now empty object
Uncaught error or unhandled promise rejection: Error: /tmp/user/1000/.org.chromium.Chromium.1CW4Wx: failed to map segment from shared object
    at process.module.(anonymous function) [as dlopen] (ELECTRON_ASAR.js:166:20)
    at Object.Module._extensions..node (module.js:671:18)
    at Object.module.(anonymous function) [as .node] (ELECTRON_ASAR.js:180:18)
    at Module.load (module.js:561:32)
    at tryModuleLoad (module.js:504:12)
    at Function.Module._load (module.js:496:3)
    at Module.require (module.js:586:17)
    at require (internal/module.js:11:18)
    at Object.<anonymous> (/opt/Signal/resources/app.asar/node_modules/@journeyapps/sqlcipher/lib/sqlite3.js:4:15)
    at Object.<anonymous> (/opt/Signal/resources/app.asar/node_modules/@journeyapps/sqlcipher/lib/sqlite3.js:190:3)

Is there someone working on it? Can I help somehow?

[er0k]

Another workaround suggested in #2595 is to set TMPDIR to some other directory outside of /tmp, which seems to work as well. For example:

$ mkdir -p /home/er0k/tmp/signal
$ export TMPDIR=/home/er0k/tmp/signal

and then signal-desktop starts normally. The files created in that directory are executable files named .org.chromium.Chromium.xxxxxx, so I would guess this bug originates from the Chromium project and the way they are handling temporary files.

[scottnonnenberg-signal]

Duplicate #2595