grsecurity forums


https://forums.grsecurity.net./

jEdit - linked to "resource limits" or "java

https://forums.grsecurity.net./viewtopic.php?f=3&t=253

Page 1 of 1

jEdit - linked to "resource limits" or "java

PostPosted: Tue Dec 31, 2002 11:27 am
by Meths
Hi,

I'm getting the following messages when trying to run jedit:

Dec 31 15:10:21 hyperion kernel: PAX: terminating task: /usr/local/j2sdk1.4.1_01/jre/bin/java(java):913, uid/euid: 1000/1000, EIP: 22E90344, ESP: 5CB3265C
Dec 31 15:10:21 hyperion kernel: PAX: bytes at EIP: 68 7f 02 00 00 d9 6c 24 00 58 c3 90 cc cc cc cc 00 00 00 00
Dec 31 15:10:21 hyperion kernel: grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (java:913) UID(1000) EUID(1000), parent (waimea:520) UID(1000) EUID(1000)

I tried changing the chpax options on java_vm to no avail. When I try and chpax -v java it tells me it is an unknown file type.

What is happening to cause the errors and how do I solve it? I'm running debian stable with 2.4.20 and grsecurity1.9.8rc2.

TIA

Meths

PostPosted: Tue Dec 31, 2002 11:30 am
by Meths
Oh, and at the moment everything in /proc/sys/kernel/grsecurity/ set to 0 and no ACLs.

Re: jEdit - linked to "resource limits" or "j

PostPosted: Tue Dec 31, 2002 1:14 pm
by PaX Team
Meths wrote:I tried changing the chpax options on java_vm to no avail. When I try and chpax -v java it tells me it is an unknown file type.

What is happening to cause the errors and how do I solve it? I'm running debian stable with 2.4.20 and grsecurity1.9.8rc2.
it's the non-executable feature killing java (it has some FPU initialization code in the .data segment. when you tried to chpax 'java', did you mean /usr/local/j2sdk1.4.1_01/jre/bin/java or something else (former should be an ELF file and chpax should be able to work on it)? the RLIMIT_CORE message is due to the fact that PaX also tries to dump core (useful if one wants to analyze the circumstances of real exploit attempts) and apparently your core file size limit is set to 0.

PostPosted: Tue Dec 31, 2002 1:37 pm
by Meths
Thanks. The -p did it, but after the -s. I noticed this in another topic that when you disable seg-based page exec it reads page based page exec as enabled when it was disabled before. Is this going to be fixed?

Yeah I was talking about another java but that was my mistake, nothing to worry about.

PostPosted: Tue Dec 31, 2002 2:42 pm
by PaX Team
Meths wrote:Is this going to be fixed?
fixed (will report enabled/overridden as appropriate), you can grab the new chpax from the PaX site. happy new year to everyone ;-).
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/