grsecurity forums

[DpakoH]

[quote="spender"]The problem is fixed in 2.1.3. The /SYSV0000000 entry will be treated as a globbed object instead of a real file.

-Brad[/quote]

I have try to run Eclipse (http://www.eclipse.org) under non-root user and have in the logs:
Apr 25 12:33:07 some kernel: grsec: denied untrusted exec of /eclipse3.1/plugins/org.eclipse.swt.gtk_3.1.0/os/linux/x86/libswt-pi-gtk-3123.so by /java5/bin/java[java:4300] uid/euid:1001/1001 gid/egid:1001/1001, parent /eclipse3.1/eclipse[eclipse:9017] uid/euid:1001/1001 gid/egid:1001/1001
Apr 25 12:33:07 some kernel: grsec: denied executable mmap of /eclipse3.1/plugins/org.eclipse.swt.gtk_3.1.0/os/linux/x86/libswt-pi-gtk-3123.so by /java5/bin/java[java:4300] uid/euid:1001/1001 gid/egid:1001/1001, parent /eclipse3.1/eclipse[eclipse:9017] uid/euid:1001/1001 gid/egid:1001/1001

I will try to disable TPE and enable raw i/o from sysctl and see what should happens.

[DpakoH]

[quote="DpakoH"][quote="spender"]The problem is fixed in 2.1.3. The /SYSV0000000 entry will be treated as a globbed object instead of a real file.

-Brad[/quote]

I have try to run Eclipse (http://www.eclipse.org) under non-root user and have in the logs:
Apr 25 12:33:07 some kernel: grsec: denied untrusted exec of /eclipse3.1/plugins/org.eclipse.swt.gtk_3.1.0/os/linux/x86/libswt-pi-gtk-3123.so by /java5/bin/java[java:4300] uid/euid:1001/1001 gid/egid:1001/1001, parent /eclipse3.1/eclipse[eclipse:9017] uid/euid:1001/1001 gid/egid:1001/1001
Apr 25 12:33:07 some kernel: grsec: denied executable mmap of /eclipse3.1/plugins/org.eclipse.swt.gtk_3.1.0/os/linux/x86/libswt-pi-gtk-3123.so by /java5/bin/java[java:4300] uid/euid:1001/1001 gid/egid:1001/1001, parent /eclipse3.1/eclipse[eclipse:9017] uid/euid:1001/1001 gid/egid:1001/1001

I will try to disable TPE and enable raw i/o from sysctl and see what should happens.[/quote]

I checked it all with disabled TPE. All works correct. And Eclipse/Java and Wine/Cedega.