Any suggestions for how to get mprotect to work with Kubuntu 14.04 (based on linux-3.14.6 with the corresponding gresecurity patch)?
With mprotect globally off, the system seems to work fine, so far.
But once I enable it, I can't get a normal login screen.
I can drop to tty, and from there have tried disabling mprotect just on /usr/bin/Xorg via paxctl. That hasn't made any difference.
What else should I try?
(sorry if I posted this already -- I don't see it in the threads list; maybe because I am new to this board?)
Getting mprotect to work with Kubuntu?
3 posts
• Page 1 of 1
Getting mprotect to work with Kubuntu?
by fredd-d » Wed Jun 18, 2014 11:04 pm
- fredd-d
- Posts: 3
- Joined: Tue Jun 10, 2014 5:11 am
Re: Getting mprotect to work with Kubuntu?
by PaX Team » Thu Jun 19, 2014 5:09 am
did you look at dmesg? grsec should report attempts that violate the MPROTECT policy. in general, you'll have to handle:
- libraries with text relocations (an i386 problem, should mostly be fixed upstream these days i think)
- executables/libraries with bad GNU_STACK headers (either missing or with RWE rights)
- JIT compiler engines (mesa, javascript, etc)
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
Re: Getting mprotect to work with Kubuntu?
by fredd-d » Thu Jun 19, 2014 1:13 pm
Seems to be fixed with exclusion of
/usr/sbin/lightdm-kde-greeter
/usr/bin/plasma-desktop
and
/usr/bin/kwin
/usr/sbin/lightdm-kde-greeter
/usr/bin/plasma-desktop
and
/usr/bin/kwin
- fredd-d
- Posts: 3
- Joined: Tue Jun 10, 2014 5:11 am
3 posts
• Page 1 of 1