grsecurity forums


https://forums.grsecurity.net./

fonts on desktop and secure execute patch

https://forums.grsecurity.net./viewtopic.php?f=3&t=1318

Page 1 of 1

fonts on desktop and secure execute patch

PostPosted: Thu Oct 13, 2005 1:25 pm
by Raf256
I keep getting:

Code: Select all
[4313829.681000] grsec: denied untrusted exec of /usr/local/share/fonts/verdanai.ttf by /usr/lib/opera/8.02-20050727.1/opera[opera:1777] uid/euid:2560/2560 gid/egid:2560/2560, parent /usr/bin/kdeinit[kdesktop:11229] uid/euid:2560/2560 gid/egid:2560/2560

[4313840.029000] grsec: denied untrusted exec of /usr/local/share/fonts/arial.ttf by /usr/lib/opera/8.02-20050727.1/opera[opera:1777] uid/euid:2560/2560 gid/egid:2560/2560, parent /usr/bin/kdeinit[kdesktop:11229] uid/euid:2560/2560 gid/egid:2560/2560

[4313840.098000] grsec: denied untrusted exec of /usr/local/share/fonts/verdana.ttf by /usr/lib/opera/8.02-20050727.1/opera[opera:1777] uid/euid:2560/2560 gid/egid:2560/2560, parent /usr/bin/kdeinit[kdesktop:11229] uid/euid:2560/2560 gid/egid:2560/2560

[4313841.199000] grsec: denied untrusted exec of /usr/local/share/fonts/verdanai.ttf by /usr/lib/opera/8.02-20050727.1/opera[opera:1777] uid/euid:2560/2560 gid/egid:2560/2560, parent /usr/bin/kdeinit[kdesktop:11229] uid/euid:2560/2560 gid/egid:2560/2560



and so on, from meany programs including Opera, DialogBlocks, and others.

How to fix it?
2.6.13.2 + Spender's patch for it

Re: fonts on desktop and secure execute patch

PostPosted: Thu Oct 13, 2005 1:42 pm
by PaX Team
Raf256 wrote:I keep getting:

Code: Select all
[4313841.199000] grsec: denied untrusted exec of /usr/local/share/fonts/verdanai.ttf by /usr/lib/opera/8.02-20050727.1/opera[opera:1777] uid/euid:2560/2560 gid/egid:2560/2560, parent /usr/bin/kdeinit[kdesktop:11229] uid/euid:2560/2560 gid/egid:2560/2560



and so on, from meany programs including Opera, DialogBlocks, and others.

How to fix it?
2.6.13.2 + Spender's patch for it
probably a library is trying to mmap verdanai.ttf with PROT_EXEC rights, you have to debug it to find out the culprit and then let upstream know that font files are not supposed to be executed.

PostPosted: Fri Oct 14, 2005 9:05 am
by Raf256
As for Opera, it had been apparently fixed in 8.02 --> 8.50
For the other programs, I will inform authors.

Can I somehow check is the problem rather caused by the program itself, or by one of library it uses?

PostPosted: Fri Oct 14, 2005 11:48 am
by PaX Team
Raf256 wrote:As for Opera, it had been apparently fixed in 8.02 --> 8.50
For the other programs, I will inform authors.

Can I somehow check is the problem rather caused by the program itself, or by one of library it uses?
yes you can, but it requires debugging with gdb (you have break on the mmap(PROT_EXEC) call then examine the stack backtrace to see who initiated it).
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/