grsecurity forums

[warchild]

I've read countless posts on this forum and many sites on the web regarding grsecurity and java.

I believe I found old posts from people running older versions of the Linux kernel, jre/sdk and gresecurity that actually got java running without it getting a SIG11 fairly often.

I've done the suggested chpax commands and even gone as far as 'chpax -pemrxs' all the binaries. Still, every so often I get a SIG11 sent to java.

Things *seem* to be working fine, so that makes me think that the majority of this java application is working fine. But the fact that I get fairly regular logs indicating the SIG11 bothers me and makes me think that something deep dark and ugly is going on.

I'm on debian stable, custom built kernel version 2.4.31 with MEDIUM grsecurity turned on, and j2sdk1.4.2_07.

If anyone has gotten a similarly new configuration with Linux, grsecurity and java working, please let me know what you are running and how you got it working without the frequent SIG11s.

Thanks!

[marcolinuz]

Hello,

I had your same configuration in my production server and I had your same problems.

Before today the server works good even if i got frequently and randomly SIGNAL 11 messages.

But today my server has crashed!!!!!!!

I make an integrity test on it, and it tells me that NOTHING was changed on my system.
The last messages on console (and on kern.log) was the java related SIGNAL 11 sent from grsec to the java processes.

After a reboot the server goes on and now it works fine like before the crash, but the messages still continue to trash my kern.log.

I have the insane idea that this isn't only a boring warning message but a real and critial problem.. :O(

Bye.