grsecurity forums

by **amdfanatyk** » Sun Feb 26, 2012 8:41 am

Hi,
something was introduced between 2.6.32.36-grsec and 2.6.32.57-grsec that prevents Opera from playing flash movies on sites like gozie.com. It works with 2.6.32.36-grsec (FF & Opera), it doesn't work with 2.6.32.57-grsec (Opera).

by **PaX Team** » Mon Feb 27, 2012 6:12 am

amdfanatyk wrote:It works with 2.6.32.36-grsec (FF & Opera), it doesn't work with 2.6.32.57-grsec (Opera).

is MPROTECT enabled on opera?

by **amdfanatyk** » Mon Feb 27, 2012 5:31 pm

It's disabled. I tried with -pmrxse and -pmrxsE. No luck.

by **PaX Team** » Wed Feb 29, 2012 8:51 am

amdfanatyk wrote:It's disabled. I tried with -pmrxse and -pmrxsE. No luck.

can you double check in /proc/pid/status that PaX is really disabled on the process? also can you try to get some logs with strace -f -ff -o and send them to me please?

by **amdfanatyk** » Sat Mar 03, 2012 10:48 am

Code: Select all: cc1: warnings being treated as errors grsecurity/gracl.c: In function ‘__full_lookup’: grsecurity/gracl.c:1812: warning: passing argument 2 of ‘chk_glob_label’ discards qualifiers from pointer target type grsecurity/gracl.c:1812: warning: passing argument 3 of ‘chk_glob_label’ discards qualifiers from pointer target type

by **amdfanatyk** » Sat Mar 03, 2012 11:38 am

operapluginswrapper must have MPROTECT disabled in order to work.

by **amdfanatyk** » Sat Mar 03, 2012 3:17 pm

Another interesting thing is the fact that GIMP refused to start (SEGV) but when I did paxctl -c && paxctl -PMRXSe on it, GIMP started cleanly. How binary without paxctl header can get better protection than binary with -PMRXSe?

grsecurity forums

2.6.32.57-grsec bugs

2.6.32.57-grsec bugs

Re: 2.6.32.57-grsec bugs

Re: 2.6.32.57-grsec bugs

Re: 2.6.32.57-grsec bugs

Re: 2.6.32.57-grsec bugs

Re: 2.6.32.57-grsec bugs

Re: 2.6.32.57-grsec bugs