| 1 |
On чт, 2004-10-21 at 21:27 +0200, pageexec@××××××××.hu wrote: |
| 2 |
> > The problem is that when running 'glxinfo' or 'glxgears' (as root) PaX |
| 3 |
> > kills them (in dmesg output). |
| 4 |
> |
| 5 |
> can you send the logs (that should be an automatic reaction ;-)? |
| 6 |
> my guess is that it's the GL API stubs that i've fixed for 4.3 |
| 7 |
> but haven't ported forward to 4.4/xorg yet. it could also be that |
| 8 |
> your GL driver (userland) generates code at runtime, in that case |
| 9 |
> you have to disable PaX on these apps. |
| 10 |
> |
| 11 |
> |
| 12 |
> -- |
| 13 |
> gentoo-hardened@g.o mailing list |
| 14 |
> |
| 15 |
Hi, |
| 16 |
OK saved the dmesg-s. There are two of them, first with nvidia-glx |
| 17 |
compiled with hardened-gcc-3.4.2-r2-spec the second one with |
| 18 |
vanilla-gcc-3.4.2-r2-spec (using gcc-config). |
| 19 |
... BEGIN 1.... |
| 20 |
e100: eth0: e100_watchdog: link up, 100Mbps, full-duplex |
| 21 |
Disabled Privacy Extensions on device c01502a0(lo) |
| 22 |
e100: eth0: e100_watchdog: link up, 100Mbps, full-duplex |
| 23 |
eth0: no IPv6 routers present |
| 24 |
grsec: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE |
| 25 |
against limit 1024 by /usr/bin/postgres[postmaster:9569] uid/euid:70/70 |
| 26 |
gid/egid:70/70, parent $ |
| 27 |
device eth0 entered promiscuous mode |
| 28 |
mtrr: 0xc0000000,0x4000000 overlaps existing 0xc0000000,0x200000 |
| 29 |
grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE |
| 30 |
against limit 0 by /usr/X11R6/bin/glxinfo[glxinfo:12753] |
| 31 |
uid/euid:1002/1002 gid/egid:100/100, par$ |
| 32 |
ReiserFS: hda2: warning: vs-8115: get_num_ver: not directory item |
| 33 |
ReiserFS: hda2: warning: vs-8115: get_num_ver: not directory item |
| 34 |
agpgart: Found an AGP 2.0 compliant device at 0000:00:00.0. |
| 35 |
agpgart: Putting AGP V3 device at 0000:00:00.0 into 16x mode |
| 36 |
agpgart: SiS delay workaround: giving bridge time to recover. |
| 37 |
agpgart: Putting AGP V3 device at 0000:01:00.0 into 16x mode |
| 38 |
agpgart: Found an AGP 2.0 compliant device at 0000:00:00.0. |
| 39 |
agpgart: Putting AGP V3 device at 0000:00:00.0 into 16x mode |
| 40 |
agpgart: SiS delay workaround: giving bridge time to recover. |
| 41 |
agpgart: Putting AGP V3 device at 0000:01:00.0 into 16x mode |
| 42 |
grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE |
| 43 |
against limit 0 by /usr/X11R6/bin/glxinfo[glxinfo:19269] |
| 44 |
uid/euid:1002/1002 gid/egid:100/100, par$ |
| 45 |
PAX: execution attempt in: /usr/lib/opengl/nvidia/lib/libGL.so.1.0.6111, |
| 46 |
2349b000-234aa000 00058000 |
| 47 |
PAX: terminating task: /usr/X11R6/bin/glxinfo(glxinfo):19278, uid/euid: |
| 48 |
0/0, PC: 234a4afc, SP: 595b9d2c |
| 49 |
PAX: bytes at PC: 65 a1 f0 ff ff ff ff a0 18 04 00 00 cc cc cc cc cc cc |
| 50 |
cc cc |
| 51 |
PAX: bytes at SP: 23b5780a 00000000 00000000 00000064 00000064 16609948 |
| 52 |
1662e3f0 2418c040 1663d678 1663d678 1663d6a8 1663d6a8 00000025 00000025 |
| 53 |
235b5444 bda45739 00000$ |
| 54 |
grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE |
| 55 |
against limit 0 by /usr/X11R6/bin/glxinfo[glxinfo:19278] uid/euid:0/0 |
| 56 |
gid/egid:0/0, parent /bin/b$ |
| 57 |
PAX: execution attempt in: /usr/lib/opengl/nvidia/lib/libGL.so.1.0.6111, |
| 58 |
2150b000-2151a000 00058000 |
| 59 |
PAX: terminating task: /usr/X11R6/bin/glxgears(glxgears):19280, |
| 60 |
uid/euid: 0/0, PC: 21514afc, SP: 5a7b5f8c |
| 61 |
PAX: bytes at PC: 65 a1 f0 ff ff ff ff a0 18 04 00 00 cc cc cc cc cc cc |
| 62 |
cc cc |
| 63 |
PAX: bytes at SP: 21a8d80a 00000000 00000000 0000012c 0000012c 175f6be0 |
| 64 |
1761b688 220c2040 1762a938 1762a938 1762a968 1762a968 00000021 00000021 |
| 65 |
2162f444 662781bd 00000$ |
| 66 |
grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE |
| 67 |
against limit 0 by /usr/X11R6/bin/glxgears[glxgears:19280] uid/euid:0/0 |
| 68 |
gid/egid:0/0, parent /bin$ |
| 69 |
...END 1 ... |
| 70 |
And the second: |
| 71 |
...BEGIN 2 ... |
| 72 |
e100: eth0: e100_watchdog: link up, 100Mbps, full-duplex |
| 73 |
Disabled Privacy Extensions on device c014f740(lo) |
| 74 |
e100: eth0: e100_watchdog: link up, 100Mbps, full-duplex |
| 75 |
agpgart: Detected SiS 746 chipset |
| 76 |
agpgart: Maximum main memory to use for agp memory: 203M |
| 77 |
agpgart: AGP aperture is 128M @ 0xd0000000 |
| 78 |
eth0: no IPv6 routers present |
| 79 |
grsec: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE |
| 80 |
against limit 1024 by /usr/bin/postgres[postmaster:9625] uid/euid:70/70 |
| 81 |
gid/egid:70/70, parent $ |
| 82 |
device eth0 entered promiscuous mode |
| 83 |
agpgart: Found an AGP 2.0 compliant device at 0000:00:00.0. |
| 84 |
agpgart: Putting AGP V3 device at 0000:00:00.0 into 16x mode |
| 85 |
agpgart: SiS delay workaround: giving bridge time to recover. |
| 86 |
agpgart: Putting AGP V3 device at 0000:01:00.0 into 16x mode |
| 87 |
agpgart: Found an AGP 2.0 compliant device at 0000:00:00.0. |
| 88 |
agpgart: Putting AGP V3 device at 0000:00:00.0 into 16x mode |
| 89 |
agpgart: SiS delay workaround: giving bridge time to recover. |
| 90 |
agpgart: Putting AGP V3 device at 0000:01:00.0 into 16x mode |
| 91 |
kjournald starting. Commit interval 5 seconds |
| 92 |
EXT3 FS on hda1, internal journal |
| 93 |
EXT3-fs: mounted filesystem with ordered data mode. |
| 94 |
PAX: execution attempt in: /usr/lib/opengl/nvidia/lib/libGL.so.1.0.6111, |
| 95 |
2689c000-268ab000 00058000 |
| 96 |
PAX: terminating task: /usr/X11R6/bin/glxinfo(glxinfo):11814, uid/euid: |
| 97 |
0/0, PC: 268a5afc, SP: 5c308b9c |
| 98 |
PAX: bytes at PC: 65 a1 f0 ff ff ff ff a0 18 04 00 00 cc cc cc cc cc cc |
| 99 |
cc cc |
| 100 |
PAX: bytes at SP: 26f5880a 00000000 00000000 00000064 00000064 126314d0 |
| 101 |
12655f58 2758d040 126651e0 126651e0 12665210 12665210 00000025 00000025 |
| 102 |
269b6444 facc1702 00000$ |
| 103 |
grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE |
| 104 |
against limit 0 by /usr/X11R6/bin/glxinfo[glxinfo:11814] uid/euid:0/0 |
| 105 |
gid/egid:0/0, parent /bin/b$ |
| 106 |
PAX: execution attempt in: /usr/lib/opengl/nvidia/lib/libGL.so.1.0.6111, |
| 107 |
24464000-24473000 00058000 |
| 108 |
PAX: terminating task: /usr/X11R6/bin/glxgears(glxgears):11815, |
| 109 |
uid/euid: 0/0, PC: 2446dafc, SP: 5f15e97c |
| 110 |
PAX: bytes at PC: 65 a1 f0 ff ff ff ff a0 18 04 00 00 cc cc cc cc cc cc |
| 111 |
cc cc |
| 112 |
PAX: bytes at SP: 249e680a 00000000 00000000 0000012c 0000012c 12408b68 |
| 113 |
1242d5f0 2501b040 1243c8a0 1243c8a0 1243c8d0 1243c8d0 00000021 00000021 |
| 114 |
24588444 5cc35c54 00000$ |
| 115 |
...END 2 ... |
| 116 |
Note that i've activated quite all of PaX as grsec2 (TPE also, see some |
| 117 |
info about gid:100). The postgresql issue is known one. |
| 118 |
Also remember that after emerging xorg-X11-6.8.0-r1 (couldn't start X) |
| 119 |
so disabled all Pax flags on some binary (with the error) - maybe xinit, |
| 120 |
tried checking the binaries now but they are too many out there. |
| 121 |
Found it: /usr/X11R6/bin/Xorg (or at least keep an error on this). |
| 122 |
Thanks. |
| 123 |
-- |
| 124 |
Rumen Yotov <rumen_yotov@×××.bg> |
Archives