PAX, Java and segfaults?
Posted: Sat May 18, 2002 4:47 am
We are using grsecurity-1.9.2 through 1.9.4 on both kernels 2.4.17 and 2.4.18 and it's been pretty stable and nice, but I'm wondering what suggestions you might have about some problems we've been having getting some Java compilers to work. Before we applied the patch, they worked fine, but we applied the patch on all our servers and none of the java compilers work and produce PAX errors now. We definitely want to keep using the patches, but we also have some user's complaining about not being able to compile even simply hello world applets.
If you run the java compiler, it (the compile process) will be killed or it will result in a segfault. Before I go on about things that are probably irrelevant, we use the kernels mentioned above, on both Redhat 6.2 and 7.2 and it has the same results. The memory and CPU vary, but are usually one or two CPU's that are at least 1 GHZ each, and 1 to 2 GIG's of RAM (I don't think that information matters though). Anyway, whenever someone tries to use the java compiler, here is the log in dmesg showing PAX and the error.
PAX: terminating task: /usr/local/jdk1.2/bin/i386/native_threads/java(java):28301, uid/euid: 886/886, EIP: 0811B350, ESP: BFFA821C
PAX: bytes at EIP: 55 89 e5 83 ec 1c c7 45 f0 54 62 0c 08 8b 47 08 89 68 18 89
PAX: terminating task: /usr/local/jdk1.2/bin/i386/native_threads/java(java):30344, uid/euid: 886/886, EIP: 0811B350, ESP: BFFA19CC
PAX: bytes at EIP: 55 89 e5 83 ec 1c c7 45 f0 54 62 0c 08 8b 47 08 89 68 18 89
PAX: terminating task: /usr/local/jdk1.2/bin/i386/native_threads/java(java):6190, uid/euid: 886/886, EIP: 0811B350, ESP: BFFAEA6C
PAX: bytes at EIP: 55 89 e5 83 ec 1c c7 45 f0 54 62 0c 08 8b 47 08 89 68 18 89
PAX: terminating task: /usr/local/jdk1.2/bin/i386/native_threads/java(java):15457, uid/euid: 886/886, EIP: 0811B350, ESP: BFF5C83C
PAX: bytes at EIP: 55 89 e5 83 ec 1c c7 45 f0 54 62 0c 08 8b 47 08 89 68 18 89
PAX: terminating task: /usr/local/jdk1.2/bin/i386/native_threads/java(java):32262, uid/euid: 886/886, EIP: 0811B350, ESP: BFFB643C
PAX: bytes at EIP: 55 89 e5 83 ec 1c c7 45 f0 54 62 0c 08 8b 47 08 89 68 18 89
PAX: terminating task: /usr/local/jdk1.2/bin/i386/native_threads/java(java):12335, uid/euid: 886/886, EIP: 0811B350, ESP: BFF70A9C
PAX: bytes at EIP: 55 89 e5 83 ec 1c c7 45 f0 54 62 0c 08 8b 47 08 89 68 18 89
PAX: terminating task: /usr/local/jdk1.2/bin/i386/native_threads/javac(javac):20131, uid/euid: 0/0, EIP: 0811B790, ESP: BFFEB54C
PAX: bytes at EIP: 55 89 e5 83 ec 1c c7 45 f0 5c 67 0c 08 8b 47 08 89 68 18 89
You get the idea. I've tried running the chpax tool on it and I'm not sure if it helped or not. It did compile some simple hello world type of applets, but it still was killed and still segfaulted. I can't tell what's missing, to be honest, or what I need to do, since I'm not really too familiar with the java compiler -- but it did work without issue before the patch and I'm not sure what to do in regards to how PAX reacts to this. Any advice or guidance or links to any relevant information or experiences would be most helpful and appreciated. Thanks a lot, this is a great patch!
Regards,
Tim...
If you run the java compiler, it (the compile process) will be killed or it will result in a segfault. Before I go on about things that are probably irrelevant, we use the kernels mentioned above, on both Redhat 6.2 and 7.2 and it has the same results. The memory and CPU vary, but are usually one or two CPU's that are at least 1 GHZ each, and 1 to 2 GIG's of RAM (I don't think that information matters though). Anyway, whenever someone tries to use the java compiler, here is the log in dmesg showing PAX and the error.
PAX: terminating task: /usr/local/jdk1.2/bin/i386/native_threads/java(java):28301, uid/euid: 886/886, EIP: 0811B350, ESP: BFFA821C
PAX: bytes at EIP: 55 89 e5 83 ec 1c c7 45 f0 54 62 0c 08 8b 47 08 89 68 18 89
PAX: terminating task: /usr/local/jdk1.2/bin/i386/native_threads/java(java):30344, uid/euid: 886/886, EIP: 0811B350, ESP: BFFA19CC
PAX: bytes at EIP: 55 89 e5 83 ec 1c c7 45 f0 54 62 0c 08 8b 47 08 89 68 18 89
PAX: terminating task: /usr/local/jdk1.2/bin/i386/native_threads/java(java):6190, uid/euid: 886/886, EIP: 0811B350, ESP: BFFAEA6C
PAX: bytes at EIP: 55 89 e5 83 ec 1c c7 45 f0 54 62 0c 08 8b 47 08 89 68 18 89
PAX: terminating task: /usr/local/jdk1.2/bin/i386/native_threads/java(java):15457, uid/euid: 886/886, EIP: 0811B350, ESP: BFF5C83C
PAX: bytes at EIP: 55 89 e5 83 ec 1c c7 45 f0 54 62 0c 08 8b 47 08 89 68 18 89
PAX: terminating task: /usr/local/jdk1.2/bin/i386/native_threads/java(java):32262, uid/euid: 886/886, EIP: 0811B350, ESP: BFFB643C
PAX: bytes at EIP: 55 89 e5 83 ec 1c c7 45 f0 54 62 0c 08 8b 47 08 89 68 18 89
PAX: terminating task: /usr/local/jdk1.2/bin/i386/native_threads/java(java):12335, uid/euid: 886/886, EIP: 0811B350, ESP: BFF70A9C
PAX: bytes at EIP: 55 89 e5 83 ec 1c c7 45 f0 54 62 0c 08 8b 47 08 89 68 18 89
PAX: terminating task: /usr/local/jdk1.2/bin/i386/native_threads/javac(javac):20131, uid/euid: 0/0, EIP: 0811B790, ESP: BFFEB54C
PAX: bytes at EIP: 55 89 e5 83 ec 1c c7 45 f0 5c 67 0c 08 8b 47 08 89 68 18 89
You get the idea. I've tried running the chpax tool on it and I'm not sure if it helped or not. It did compile some simple hello world type of applets, but it still was killed and still segfaulted. I can't tell what's missing, to be honest, or what I need to do, since I'm not really too familiar with the java compiler -- but it did work without issue before the patch and I'm not sure what to do in regards to how PAX reacts to this. Any advice or guidance or links to any relevant information or experiences would be most helpful and appreciated. Thanks a lot, this is a great patch!
Regards,
Tim...