Rav antivirus, and PAX

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Rav antivirus, and PAX

Postby fonya » Tue Sep 23, 2003 4:39 am

Hi,

I like to use ravlin8, and grsec enhanced kernel, without acl, and I runa trouble, when I start ravav, or ravlin8:

PAX: terminating task: /tmp/upxBHTOIQGAXXY (deleted)(3):24312, uid/euid: 0/0, EIP: 0805E160, ESP: 5D949090
PAX: bytes at EIP: 53 55 8b 6c 24 0c 68 90 2b 60 00 ff 55 5c 8b d8 83 c4 04 85
grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (3:24312) UID(0) EUID(0), parent (bash:29007) UID(0) EUID(0)

The task's file name is randomly changed, so I can't disable any exec restriction.

Can I solve this problem?

Thanx a lot!
fonya
 
Posts: 36
Joined: Thu Mar 28, 2002 11:22 am

Re: Rav antivirus, and PAX

Postby PaX Team » Tue Sep 23, 2003 7:55 am

fonya wrote:I like to use ravlin8, and grsec enhanced kernel, without acl, and I runa trouble, when I start ravav, or ravlin8:

PAX: terminating task: /tmp/upxBHTOIQGAXXY (deleted)(3):24312, uid/euid: 0/0, EIP: 0805E160, ESP: 5D949090
PAX: bytes at EIP: 53 55 8b 6c 24 0c 68 90 2b 60 00 ff 55 5c 8b d8 83 c4 04 85
upx compressed files won't work under PaX because of runtime code-generation. you can either use chpax (chpax -sp) or decompress the original executable (upx -d) and that should get it to work in general. however certain (all?) RAV executables perform self-checking and in that case your only option is to use the ACL system to disable PAGEEXEC/SEGMEXEC on them.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby fonya » Tue Sep 23, 2003 5:08 pm

Thanks a lot! The upx was the magic word.
And the rav doesn't use the self-check feature :)
fonya
 
Posts: 36
Joined: Thu Mar 28, 2002 11:22 am


Return to grsecurity support