grsecurity forums

Skip to content

Trusted Patch and mplayer - /SYSV0000000

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

Trusted Patch and mplayer - /SYSV0000000

Postby Raf256 » Wed Oct 19, 2005 4:57 pm

Code: Select all
grsec: denied untrusted exec of /SYSV00000000 by /usr/local/bin/mplayer[mplayer:4535] uid/euid:2560/2560 gid/egid:2560/2560, parent /bin/bash[bash:2209] uid/euid:2560/2560 gid/egid:2560/2560
grsec: signal 11 sent to /usr/local/bin/mplayer[mplayer:4535] uid/euid:2560/2560 gid/egid:2560/2560, parent /bin/bash[bash:2209] uid/euid:2560/2560 gid/egid:2560/2560


and I thought I saw it in some other apps as well.

2.6.13.2 + spender's patch for this kernel, debian unstable

what is the /SYSV00000000 anyway?
Raf256
 
Posts: 72
Joined: Mon Sep 19, 2005 8:38 pm
Top

Postby spender » Wed Oct 19, 2005 7:14 pm

/SYSV000000000 is shared memory that was in this case mapped executed by mplayer. It exists in a private namespace, so it's not visible on your filesystem.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top

Postby Raf256 » Fri Oct 21, 2005 8:42 am

spender wrote:/SYSV000000000 is shared memory that was in this case mapped executed by mplayer. It exists in a private namespace, so it's not visible on your filesystem.


So mplayer is doing something that requires higher privilages? How to gave them to it - what exacly to type/run/etc?
Raf256
 
Posts: 72
Joined: Mon Sep 19, 2005 8:38 pm
Top

Postby spender » Mon Oct 31, 2005 11:57 pm

This particular log has to do with TPE, so you would have to disable TPE for this user.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group