Since I am running Fedora 17 I have SELinux running, I've found that SELinux has a complaint about Steam: Attempted Access of execheap
I don't know much about SELinux or this low level stuff so I can't comment on what's happening here. A quick search online for execheap
turns up this piece on SELinux and execheap (among other things)[danwalsh.livejournal.com]
The article quotes Ulrich Drepper - the lead contributor and maintainer on GNU C - as saying about execheap:
"The POSIX specification does not permit it, but the Linux implementation of mprotect allows changing the access protection of memory on the heap (e.g., allocated using malloc). This error indicates that heap memory was supposed to be made executable. Doing this is really a bad idea. If anonymous, executable memory is needed it should be allocated using mmap which is the only portable mechanism."
Anyway I thought I'd post it hear to see if it's of any use to anyone.
Well, a bit more information on what the bug means from my investigations for bug reporting.
The 'execheap' SELinux warning is a warning that heap memory (dynamically allocated memory) has been flagged as Writeable and
Executable. This is a potential security exploit because malicious code could be injected into this memory and executed as part of the original process. This apparently wouldn't even be allowed in Windows under Data Execution Prevention - DEP (although I've not been able to confirm this).
The exploit appears to be open in source games - HL1 and TF2 (hl2_linux engine) confirmed by me. Also it was raising this issue in Steam Big Picture Mode for me around Christmas, but I haven't been able to reproduce this because other memory violations by Steam are preventing my opening BPM.
The call on my system for HL1 appears to be:
sys_mprotect(0x091C1000, 49152 /* 48 kibibyte */, PROT_READ | PROT_WRITE | PROT_EXEC);
You can decode that from /var/log/audit/audit.log
syscall=125 or sys_mprotect
a0=9779000 or 0x09779000 for another heap position
a1=c000 or 49152
a2=7 or PROT_READ(4) + PROT_WRITE(2) + PROT_EXEC(1)