Page 1 of 1
Issues with 2.6.32.39-grsec
Posted:
Tue May 03, 2011 3:58 amby amdfanatyk
#1 Firefox 3.5.19 doesn't run. Instead it locks for infinite time and consumes 100% of CPU time.
(2.6.32.36-grsec is not affected)
Re: Issues with 2.6.32.39-grsec
Posted:
Tue May 03, 2011 5:07 amby PaX Team
amdfanatyk wrote:#1 Firefox 3.5.19 doesn't run. Instead it locks for infinite time and consumes 100% of CPU time.
(2.6.32.36-grsec is not affected)
is it
http://forums.grsecurity.net/viewtopic.php?f=3&t=2201?
Re: Issues with 2.6.32.39-grsec
Posted:
Tue May 03, 2011 6:31 amby amdfanatyk
I have no idea but the fact is that the same version of Firefox works with .36-grsec and doesn't work with .39-grsec.
Re: Issues with 2.6.32.39-grsec
Posted:
Tue May 03, 2011 9:32 amby spender
Can you paste the EI_PAX and PT_PAX_FLAGS portions of your .config?
-Brad
Re: Issues with 2.6.32.39-grsec
Posted:
Tue May 03, 2011 11:24 amby amdfanatyk
- Code: Select all
#
# PaX
#
CONFIG_ARCH_TRACK_EXEC_LIMIT=y
CONFIG_PAX=y
#
# PaX Control
#
CONFIG_PAX_SOFTMODE=y
# CONFIG_PAX_EI_PAX is not set
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
#
# Non-executable pages
#
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_SEGMEXEC=y
# CONFIG_PAX_EMUTRAMP is not set
CONFIG_PAX_MPROTECT=y
CONFIG_PAX_MPROTECT_COMPAT=y
CONFIG_PAX_ELFRELOCS=y
CONFIG_PAX_KERNEXEC=y
CONFIG_PAX_KERNEXEC_MODULE_TEXT=16
#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
# CONFIG_PAX_RANDKSTACK is not set
# CONFIG_PAX_RANDUSTACK is not set
CONFIG_PAX_RANDMMAP=y
#
# Miscellaneous hardening features
#
# CONFIG_PAX_MEMORY_SANITIZE is not set
# CONFIG_PAX_MEMORY_UDEREF is not set
# CONFIG_PAX_REFCOUNT is not set
# CONFIG_PAX_USERCOPY is not set
# CONFIG_KEYS is not set
# CONFIG_SECURITY is not set
# CONFIG_SECURITYFS is not set
# CONFIG_SECURITY_FILE_CAPABILITIES is not set
# CONFIG_IMA is not set
CONFIG_CRYPTO=y
Re: Issues with 2.6.32.39-grsec
Posted:
Tue May 03, 2011 6:50 pmby spender
Your problem is described here:
viewtopic.php?f=3&t=2603-Brad
Re: Issues with 2.6.32.39-grsec
Posted:
Wed May 04, 2011 1:34 pmby amdfanatyk
I don't get it. I don't see any difference between help from 2.6.32.36-grsec
If you have applications not marked by the PT_PAX_FLAGS ELF
program header then you MUST enable the EI_PAX marking support
otherwise they will not get any protection.
and 2.6.32.39-grsec
If you have applications not marked by the PT_PAX_FLAGS ELF
program header then you MUST enable the EI_PAX marking support
otherwise they will not get any protection.
.
Re: Issues with 2.6.32.39-grsec
Posted:
Wed May 04, 2011 1:48 pmby spender
Yeah the documentation wasn't updated properly for .32 though it is correct in .38. I was made aware of it last night and will fix it in the next patch.
-Brad
Re: Issues with 2.6.32.39-grsec
Posted:
Thu Jun 23, 2011 3:10 amby amdfanatyk
Can I use pax_softmode=1 to restore previous behaviour? Or it will disable even more protection?