grsecurity forums

It seems the latest FF 44 doesn't work at all with grsec / PaX.
I can't really trace the problem, but I've tried disabling every since protection on the Firefox (actually Iceweasel) binary, and all the libraries it comes bundled with, and still no go.
I've tried tracing it under GDB and this is what I get:
warning: Cannot call inferior functions, Linux kernel PaX protection forbids return to non-executable pages!
XPCOMGlueLoad error for file /usr/lib/iceweasel/libxul.so:
/usr/lib/iceweasel/libxul.so: cannot change memory protections: Permission denied

Without GDB it simply segfauls.

Obviously I've removed all the permissions from all the libraries and I still get the above. Has anyone noticed a problem with FF 44? Or is it just Debian's Iceweasel? Or just my configuration?

PaX flags don't matter on libraries, only on executables. can you post an strace -f output of firefox? also what does readelf -edW /usr/lib/iceweasel/libxul.so show?

Firefox 46.0.1 also crashes with kernel 4.5.3 if pached & enabled with PaX.
-----------------------------------------------------------------------------------------------------------------------------------------------------
out of memory
Assertion failure: [unhandlable oom] OOM in createJitRuntime, at /tmp/buildd/iceweasel-38.8.0esr/js/src/jscntxt.cpp:1184
Szegmentálási hiba (Segmentation fault)

-----------------------------------------------------------------------------------------------------------------------------------------------------

is it 46.0.1 or 38.8.0esr)? can you post the information i asked for before?

Yes.

The version information is:
szg@debian:~/firefox$ ./firefox --version
Mozilla Firefox 46.0.1

After the crash, a "Crash report window" was on the screen, but there was no button, like "show me what is in the crash report". I sniffed with wireshark, what were in the crash report packets, but there was no useful information.
The strace outpus is about ~9500 lines. Is it possible to attach text file somehow? (At "User Control Panel" ----> "Manage attachments" there is nothing regarding how to upload attachement)

you can just email me the strace output. use strace -f -ff -o firefox -e mmap,munmap,mprotect,open firefox to reduce its size and hopefully still get the information i need.

Don't know, which os you use, but never had problems with firefox and grsec.
I think the important part is to also disable mprotect for the plugin-container.

setfattr -n user.pax.flags -vm /usr/lib/firefox/firefox
setfattr -n user.pax.flags -vm /usr/lib/firefox/plugin-container

don't know, if there is a plugin-container for iceweasel in /usr/lib/iceweasel/plugin-container?

thanks for the strace logs, this looks like the culprit:

Code: Select all

mmap(NULL, 65536, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x361a3056000
mprotect(0x361a3056000, 4096, PROT_READ|PROT_WRITE) = -1 EACCES (Permission denied)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---

this runs against MPROTECT so you'll have to disable it on the firefox binaries as mentioned above.