grsecurity forums


https://forums.grsecurity.net./

Trusted Patch and mplayer - /SYSV0000000

https://forums.grsecurity.net./viewtopic.php?f=3&t=1324

Page 1 of 1

Trusted Patch and mplayer - /SYSV0000000

PostPosted: Wed Oct 19, 2005 4:57 pm
by Raf256
Code: Select all
grsec: denied untrusted exec of /SYSV00000000 by /usr/local/bin/mplayer[mplayer:4535] uid/euid:2560/2560 gid/egid:2560/2560, parent /bin/bash[bash:2209] uid/euid:2560/2560 gid/egid:2560/2560
grsec: signal 11 sent to /usr/local/bin/mplayer[mplayer:4535] uid/euid:2560/2560 gid/egid:2560/2560, parent /bin/bash[bash:2209] uid/euid:2560/2560 gid/egid:2560/2560


and I thought I saw it in some other apps as well.

2.6.13.2 + spender's patch for this kernel, debian unstable

what is the /SYSV00000000 anyway?

PostPosted: Wed Oct 19, 2005 7:14 pm
by spender
/SYSV000000000 is shared memory that was in this case mapped executed by mplayer. It exists in a private namespace, so it's not visible on your filesystem.

-Brad

PostPosted: Fri Oct 21, 2005 8:42 am
by Raf256
spender wrote:/SYSV000000000 is shared memory that was in this case mapped executed by mplayer. It exists in a private namespace, so it's not visible on your filesystem.


So mplayer is doing something that requires higher privilages? How to gave them to it - what exacly to type/run/etc?

PostPosted: Mon Oct 31, 2005 11:57 pm
by spender
This particular log has to do with TPE, so you would have to disable TPE for this user.

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/