grsecurity forums

Xorg binary is marked -pmrxse (paxctl 0.5).

Code: Select all

X Window System Version 7.2.0
Release Date: 22 January 2007
X Protocol Version 11, Revision 0, Release 7.2
Build Operating System: Linux 2.6.19.3-grsec i686
Current Operating System: Linux 2.6.22.2-grsec #1 Tue Aug 14 16:11:47 CEST 2007 i686
Build Date: 04 April 2007

[...]

(WW) <default pointer>: No Device specified, looking for one...
(II) <default pointer>: Setting Device option to "/dev/input/mice"
(--) <default pointer>: Device: "/dev/input/mice"
(==) <default pointer>: Protocol: "Auto"
(**) Option "AlwaysCore"
(**) <default pointer>: always reports core events
(==) <default pointer>: Emulate3Buttons, Emulate3Timeout: 50
(**) <default pointer>: ZAxisMapping: buttons 4 and 5
(**) <default pointer>: Buttons: 9
(II) XINPUT: Adding extended input device "<default pointer>" (type: MOUSE)
(II) XINPUT: Adding extended input device "Keyboard0" (type: KEYBOARD)
(II) XINPUT: Adding extended input device "Mouse0-isa0060/serio0/input0" (type: KEYBOARD)
(II) XINPUT: Adding extended input device "evdev brain" (type: evdev brain)
(II) Mouse0-isa0060/serio0/input0: Init
(II) evdev brain: Rescanning devices (2).
(II) Mouse0-isa0060/serio0/input0: On
(--) <default pointer>: PnP-detected protocol: "ExplorerPS/2"
(II) <default pointer>: ps2EnableDataReporting: succeeded

Backtrace:
0: X [0x80f6ec2]
1: X(xf86SigHandler+0xa6) [0x80f6e6e]
2: [0xb7f64420]
3: X(CreateConnectionBlock+0x5a) [0x806e348]
4: X(main+0x6eb) [0x806e0ef]
5: /lib/libc.so.6(__libc_start_main+0xc6) [0xb7cb17ce]
6: X(FontFileCompleteXLFD+0xa1) [0x806d941]

Fatal server error:
Caught signal 11.  Server aborting


Now you mention it.
I changed one option in my .config:
#
# Address Space Protection
#
CONFIG_GRKERNSEC_KMEM=y
# CONFIG_GRKERNSEC_IO is not set
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODSTOP=y
CONFIG_GRKERNSEC_HIDESYM=y

With a similar chipset grsec used to work with CONFIG_GRKERNSEC_IO=y. Biggest change would be the kernel (2.6.19.x-grsec -> 2.6.22.2-grsec) and one option (CONFIG_MTRR=y).

Since the help (GRKERNSEC_IO) clearly warns for X I did not give it second thoughts though. Using MTRR is off course questionable in terms of security.

Isn't a signal 11 to be expected with paranoia settings from grsec if you want performance from X?

It never works with "Disable privileged IO=y" so You can rather set it to "n". I always use grsec and X server crashes only with 2.6.22.2 maybe PAX_KERNEXEC=y despite the fact I didn't enable it.

amdfanatyk wrote:Xorg binary is marked -pmrxse (paxctl 0.5).

Code: Select all

Backtrace:
0: X [0x80f6ec2]
1: X(xf86SigHandler+0xa6) [0x80f6e6e]
2: [0xb7f64420]
3: X(CreateConnectionBlock+0x5a) [0x806e348]
4: X(main+0x6eb) [0x806e0ef]
5: /lib/libc.so.6(__libc_start_main+0xc6) [0xb7cb17ce]
6: X(FontFileCompleteXLFD+0xa1) [0x806d941]

Fatal server error:
Caught signal 11.  Server aborting


i'll need more info about this segfault. best would be to run X itself from gdb and when it breaks on the segfault, get info like i r, x/8i $pc, x/8x $sp, bt, and the maps file of the X process (it still exists when you're in the debugger).

I was trying to check if it's PaX fault but OF COURSE I cannot compile it:

Code: Select all

UPD     include/linux/compile.h
  CC      init/version.o
  LD      init/built-in.o
  LD      .tmp_vmlinux1
fs/built-in.o: In function `load_elf_binary':
binfmt_elf.c:(.text+0x2f4c8): undefined reference to `pax_set_initial_flags'
make: *** [.tmp_vmlinux1] Błąd 1


amdfanatyk wrote:I was trying to check if it's PaX fault but OF COURSE I cannot compile it:

OF COURSE you haven't searched the forum about this problem.

With only PaX patch applied it also crashes Xorg.

amdfanatyk wrote:With only PaX patch applied it also crashes Xorg.

how about answering my other questions then?

PaX Team wrote:

amdfanatyk wrote:With only PaX patch applied it also crashes Xorg.

how about answering my other questions then?

I really don't have time to play with Xorg and recompile it with --enable-debug. It doesn't work for everybody so anyone can reproduce this issue.

amdfanatyk wrote:I really don't have time to play with Xorg and recompile it with --enable-debug.

you don't need to recompile anything, just run X in gdb and issue the few commands when it breaks on the segfault.

It doesn't work for everybody so anyone can reproduce this issue.

nice to know it doesn't work here, wouldn't have noticed if you hadn't told me .

When I run Xorg from gdb whole system freezes so I cannot provide anything. Could You remove new feature called "non-executable kernel pages"? Since it has been added, PaX and grsec became useless. There is no sense in releasing next PaX and grsec versions while they are useless.

amdfanatyk wrote:When I run Xorg from gdb whole system freezes so I cannot provide anything. Could You remove new feature called "non-executable kernel pages"? Since it has been added, PaX and grsec became useless. There is no sense in releasing next PaX and grsec versions while they are useless.

thing is, KERNEXEC is a 4 year old feature, so i doubt it's causing the problem per se. do you get the same problem even if you disable it? also, can you at least send me an strace -f run on X, just to see what it's doing before it triggers the problem?

It's disabled but I didn't see this feature in previous releases or it was placed in other group in xconfig.

Strace output.

amdfanatyk wrote:Xorg binary is marked -pmrxse (paxctl 0.5).

Does it work with "chpax / -m / (PemRxS)" + "CONFIG_PAX_EI_PAX y" + "MAC system integration (direct)" + "CONFIG_GRKERNSEC_KMEM n" + "GRKERNSEC_IO n" + "CONFIG _PAX_NOELFRELOCS n" + SEGMEXEC ?

amdfanatyk wrote:It's disabled but I didn't see this feature in previous releases or it was placed in other group in xconfig.

it had a dependency before that i removed since (PCI BIOS stuff).

Strace output.

can you email it instead? i didn't manage to get it from that site...