grsecurity forums

Hello,

Openarena and urbanterror refuses to work with grsecurity. Google is not helpful, or I just lost my mojo.

The kernel log says: grsec: denied untrusted exec (due to file in world-writable directory) of /dev/zero by /usr/bin/openarena The same error for urbanterror.

The last words of urbanterror: Sys_Error: recursive error after: VM_CompileX86: mprotect failed.
And of openarena: recursive error after: VM_CompileX86: mprotect failed.

I have MPROTECT disabled for the executables but the problem remains. I'm a bit puzzled as this usually works. Running Arch Linux, kernel 3.8.8, RBAC disabled.

Could you give some advice or hints?

Code: Select all

paxctl -czm /usr/lib/games/urbanterror/ioUrbanTerror

Looking at the error again - check the permissions on your directories & change them to NOT being world writable

Enable the RWX logging feature. It'll log what binary you need to disable mprotect on.

-Brad

Hi there,

This bug is still alive.

In the xterm the error message is the same:
recursive error after: VM_CompileX86: mprotect failed

The syslog error is slightly different, eralier it was /dev/zero now / :
grsec: denied untrusted exec (due to file in world-writable directory) of / by /usr/bin/openarena[openarena:2115]

(Naturally the RWX logging feature is enabled and paxctl -czm /usr/bin/openarena executed.)
Arch Linux, 3.10.10-6-grsec.

This is likely due to the binary trying to use RWX shared memory (implemented via a fake /SYSV00000* file on shmfs). If you strace the binary I imagine you'll find shmget/shmat calls. You'll need to add the TPE trusted GID to the supplemental group list of the user running the openarena binary.

-Brad