grsecurity forums


https://forums.grsecurity.net./

Getting mprotect to work with Kubuntu?

https://forums.grsecurity.net./viewtopic.php?f=3&t=3986

Page 1 of 1

Getting mprotect to work with Kubuntu?

PostPosted: Wed Jun 18, 2014 11:04 pm
by fredd-d
Any suggestions for how to get mprotect to work with Kubuntu 14.04 (based on linux-3.14.6 with the corresponding gresecurity patch)?

With mprotect globally off, the system seems to work fine, so far.
But once I enable it, I can't get a normal login screen.
I can drop to tty, and from there have tried disabling mprotect just on /usr/bin/Xorg via paxctl. That hasn't made any difference.

What else should I try?

(sorry if I posted this already -- I don't see it in the threads list; maybe because I am new to this board?)

Re: Getting mprotect to work with Kubuntu?

PostPosted: Thu Jun 19, 2014 5:09 am
by PaX Team
did you look at dmesg? grsec should report attempts that violate the MPROTECT policy. in general, you'll have to handle:
  • libraries with text relocations (an i386 problem, should mostly be fixed upstream these days i think)
  • executables/libraries with bad GNU_STACK headers (either missing or with RWE rights)
  • JIT compiler engines (mesa, javascript, etc)
PS: only the first post is moderated (to prevent spam), later ones go through unmoderated.

Re: Getting mprotect to work with Kubuntu?

PostPosted: Thu Jun 19, 2014 1:13 pm
by fredd-d
Seems to be fixed with exclusion of
/usr/sbin/lightdm-kde-greeter
/usr/bin/plasma-desktop
and
/usr/bin/kwin
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/