Kernel 2.6.7 + X 4.3.0 + ATI driver

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Kernel 2.6.7 + X 4.3.0 + ATI driver

Postby kekas » Tue Jun 29, 2004 6:56 pm

hello,

Hey, I'm having an problem with X and Pax that you could help I think..

Jun 29 22:42:56 solace kernel: PAX: execution attempt in: <anonymous mapping>, 081ec000-0824d000 081ec000
Jun 29 22:42:56 solace kernel: PAX: terminating task: /usr/X11R6/bin/XFree86(X):7122, uid/euid: 0/0, PC: 0824bcb0, SP: 59468edc
Jun 29 22:42:56 solace kernel: PAX: bytes at PC: 55 89 e5 83 ec 08 c7 04 24 08 be 24 08 8b 45 08 a3 10 be 24
Jun 29 22:42:56 solace kernel: PAX: bytes at SP: 080a2359 08228c70 00000000 59468f54 59468f58 59468f58 59468f18 00000000 00000018 00000000 081c0e20 08228c70 0824bcd8 082319b0 08215350 00000000 082154e0 00000000 081ba490 59468f68

How can I resolv this? It's something very important 'cause an desktop with a lot of protection but without X it's not very pretty :-? Anyway.. I have the I/O restrictions off.. but the /dev/mem ON because in the quickstart.pdf says that it's alright.. but when I went to this forum I see something like my problem.. and says to turn off the /dev/mem so I did it.. and the result was..

grsec: (:::kernel::::S:/) denied open of /dev/tty for reading writing by /sbin/hotplug[hotplug:15612] uid/euid:0/0 gid/egid:0/0, parent /[khelper:4] uid/euid:0/0 gid/egid:0/0
xinit: Connection refused (errno 111): unable to connect to X server
xinit: No such process (errno 3): Server error.

So.. how can I resolv this?

Thanks for anyway help! :D
kekas
 
Posts: 2
Joined: Tue Jun 29, 2004 6:31 pm

Re: Kernel 2.6.7 + X 4.3.0 + ATI driver

Postby PaX Team » Fri Jul 02, 2004 11:53 am

kekas wrote:Hey, I'm having an problem with X and Pax that you could help I think..

Jun 29 22:42:56 solace kernel: PAX: execution attempt in: <anonymous mapping>, 081ec000-0824d000 081ec000
Jun 29 22:42:56 solace kernel: PAX: terminating task: /usr/X11R6/bin/XFree86(X):7122, uid/euid: 0/0, PC: 0824bcb0, SP: 59468edc
Jun 29 22:42:56 solace kernel: PAX: bytes at PC: 55 89 e5 83 ec 08 c7 04 24 08 be 24 08 8b 45 08 a3 10 be 24
Jun 29 22:42:56 solace kernel: PAX: bytes at SP: 080a2359 08228c70 00000000 59468f54 59468f58 59468f58 59468f18 00000000 00000018 00000000 081c0e20 08228c70 0824bcd8 082319b0 08215350 00000000 082154e0 00000000 081ba490 59468f68

How can I resolv this?
this is most likely the X module loader problem, search this forum for possible solutions.
and the result was..

grsec: (:::kernel::::S:/) denied open of /dev/tty for reading writing by /sbin/hotplug[hotplug:15612] uid/euid:0/0 gid/egid:0/0, parent /[khelper:4] uid/euid:0/0 gid/egid:0/0
xinit: Connection refused (errno 111): unable to connect to X server
xinit: No such process (errno 3): Server error.
are you using the ACL system? if so, what do your ACLs look like?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby ray » Sat Jul 03, 2004 2:02 am

Hi,
Some time ago also had such problems with PaX and Xserver/Xorg-X11/ too.
Later resolved them /partly/ using +static when compiling Xserver, that is compile the whole server in 1 exec-file , with no modules loading. IMHO PaX breaks when tries to load modules, known issue. So when you compile Xserver statically there's no loading and it works.
I'm using Gentoo so it's easy for me to compile it with +static don't know about you.
Solved only partly because i'm using Nvidia and it has external binary modules to get 3D accel. In the mean time using nv-2D driver with no problems.
As far as i know ATI has some opensourced drivers so using +statix could solve the problem for you.
HTH
Rumen
ray
 
Posts: 8
Joined: Sun Jun 13, 2004 11:39 am

Postby torne » Sat Jul 03, 2004 10:40 am

ATI's driver is compiled outside of the X distribution tree, though, which means that compiling X itself with USE=static makes no difference. You need to modify the X distribution to include the ATI driver before compiling it statically, and the monolithic X tree is not exactly easy to work with.
torne
 
Posts: 54
Joined: Mon Aug 12, 2002 12:52 pm

Postby kekas » Sat Jul 24, 2004 4:16 pm

How can I do that? where can I find docs for that? Help me please because I can't find that..

Thanks! :wink:
kekas
 
Posts: 2
Joined: Tue Jun 29, 2004 6:31 pm

Postby torne » Sat Jul 24, 2004 5:35 pm

It will be very hard to do that and the process is probably undocumented. If you don't have any idea how to go about doing it then you probably won't be able to. I don't know without trying, and since I don't use X and don't have an ATI card, I'm unlikely to find the time.
torne
 
Posts: 54
Joined: Mon Aug 12, 2002 12:52 pm


Return to grsecurity support

cron