1 |
On чт, 2004-10-21 at 21:27 +0200, pageexec@××××××××.hu wrote: |
2 |
> > The problem is that when running 'glxinfo' or 'glxgears' (as root) PaX |
3 |
> > kills them (in dmesg output). |
4 |
> |
5 |
> can you send the logs (that should be an automatic reaction ;-)? |
6 |
> my guess is that it's the GL API stubs that i've fixed for 4.3 |
7 |
> but haven't ported forward to 4.4/xorg yet. it could also be that |
8 |
> your GL driver (userland) generates code at runtime, in that case |
9 |
> you have to disable PaX on these apps. |
10 |
> |
11 |
> |
12 |
> -- |
13 |
> gentoo-hardened@g.o mailing list |
14 |
> |
15 |
Hi, |
16 |
OK saved the dmesg-s. There are two of them, first with nvidia-glx |
17 |
compiled with hardened-gcc-3.4.2-r2-spec the second one with |
18 |
vanilla-gcc-3.4.2-r2-spec (using gcc-config). |
19 |
... BEGIN 1.... |
20 |
e100: eth0: e100_watchdog: link up, 100Mbps, full-duplex |
21 |
Disabled Privacy Extensions on device c01502a0(lo) |
22 |
e100: eth0: e100_watchdog: link up, 100Mbps, full-duplex |
23 |
eth0: no IPv6 routers present |
24 |
grsec: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE |
25 |
against limit 1024 by /usr/bin/postgres[postmaster:9569] uid/euid:70/70 |
26 |
gid/egid:70/70, parent $ |
27 |
device eth0 entered promiscuous mode |
28 |
mtrr: 0xc0000000,0x4000000 overlaps existing 0xc0000000,0x200000 |
29 |
grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE |
30 |
against limit 0 by /usr/X11R6/bin/glxinfo[glxinfo:12753] |
31 |
uid/euid:1002/1002 gid/egid:100/100, par$ |
32 |
ReiserFS: hda2: warning: vs-8115: get_num_ver: not directory item |
33 |
ReiserFS: hda2: warning: vs-8115: get_num_ver: not directory item |
34 |
agpgart: Found an AGP 2.0 compliant device at 0000:00:00.0. |
35 |
agpgart: Putting AGP V3 device at 0000:00:00.0 into 16x mode |
36 |
agpgart: SiS delay workaround: giving bridge time to recover. |
37 |
agpgart: Putting AGP V3 device at 0000:01:00.0 into 16x mode |
38 |
agpgart: Found an AGP 2.0 compliant device at 0000:00:00.0. |
39 |
agpgart: Putting AGP V3 device at 0000:00:00.0 into 16x mode |
40 |
agpgart: SiS delay workaround: giving bridge time to recover. |
41 |
agpgart: Putting AGP V3 device at 0000:01:00.0 into 16x mode |
42 |
grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE |
43 |
against limit 0 by /usr/X11R6/bin/glxinfo[glxinfo:19269] |
44 |
uid/euid:1002/1002 gid/egid:100/100, par$ |
45 |
PAX: execution attempt in: /usr/lib/opengl/nvidia/lib/libGL.so.1.0.6111, |
46 |
2349b000-234aa000 00058000 |
47 |
PAX: terminating task: /usr/X11R6/bin/glxinfo(glxinfo):19278, uid/euid: |
48 |
0/0, PC: 234a4afc, SP: 595b9d2c |
49 |
PAX: bytes at PC: 65 a1 f0 ff ff ff ff a0 18 04 00 00 cc cc cc cc cc cc |
50 |
cc cc |
51 |
PAX: bytes at SP: 23b5780a 00000000 00000000 00000064 00000064 16609948 |
52 |
1662e3f0 2418c040 1663d678 1663d678 1663d6a8 1663d6a8 00000025 00000025 |
53 |
235b5444 bda45739 00000$ |
54 |
grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE |
55 |
against limit 0 by /usr/X11R6/bin/glxinfo[glxinfo:19278] uid/euid:0/0 |
56 |
gid/egid:0/0, parent /bin/b$ |
57 |
PAX: execution attempt in: /usr/lib/opengl/nvidia/lib/libGL.so.1.0.6111, |
58 |
2150b000-2151a000 00058000 |
59 |
PAX: terminating task: /usr/X11R6/bin/glxgears(glxgears):19280, |
60 |
uid/euid: 0/0, PC: 21514afc, SP: 5a7b5f8c |
61 |
PAX: bytes at PC: 65 a1 f0 ff ff ff ff a0 18 04 00 00 cc cc cc cc cc cc |
62 |
cc cc |
63 |
PAX: bytes at SP: 21a8d80a 00000000 00000000 0000012c 0000012c 175f6be0 |
64 |
1761b688 220c2040 1762a938 1762a938 1762a968 1762a968 00000021 00000021 |
65 |
2162f444 662781bd 00000$ |
66 |
grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE |
67 |
against limit 0 by /usr/X11R6/bin/glxgears[glxgears:19280] uid/euid:0/0 |
68 |
gid/egid:0/0, parent /bin$ |
69 |
...END 1 ... |
70 |
And the second: |
71 |
...BEGIN 2 ... |
72 |
e100: eth0: e100_watchdog: link up, 100Mbps, full-duplex |
73 |
Disabled Privacy Extensions on device c014f740(lo) |
74 |
e100: eth0: e100_watchdog: link up, 100Mbps, full-duplex |
75 |
agpgart: Detected SiS 746 chipset |
76 |
agpgart: Maximum main memory to use for agp memory: 203M |
77 |
agpgart: AGP aperture is 128M @ 0xd0000000 |
78 |
eth0: no IPv6 routers present |
79 |
grsec: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE |
80 |
against limit 1024 by /usr/bin/postgres[postmaster:9625] uid/euid:70/70 |
81 |
gid/egid:70/70, parent $ |
82 |
device eth0 entered promiscuous mode |
83 |
agpgart: Found an AGP 2.0 compliant device at 0000:00:00.0. |
84 |
agpgart: Putting AGP V3 device at 0000:00:00.0 into 16x mode |
85 |
agpgart: SiS delay workaround: giving bridge time to recover. |
86 |
agpgart: Putting AGP V3 device at 0000:01:00.0 into 16x mode |
87 |
agpgart: Found an AGP 2.0 compliant device at 0000:00:00.0. |
88 |
agpgart: Putting AGP V3 device at 0000:00:00.0 into 16x mode |
89 |
agpgart: SiS delay workaround: giving bridge time to recover. |
90 |
agpgart: Putting AGP V3 device at 0000:01:00.0 into 16x mode |
91 |
kjournald starting. Commit interval 5 seconds |
92 |
EXT3 FS on hda1, internal journal |
93 |
EXT3-fs: mounted filesystem with ordered data mode. |
94 |
PAX: execution attempt in: /usr/lib/opengl/nvidia/lib/libGL.so.1.0.6111, |
95 |
2689c000-268ab000 00058000 |
96 |
PAX: terminating task: /usr/X11R6/bin/glxinfo(glxinfo):11814, uid/euid: |
97 |
0/0, PC: 268a5afc, SP: 5c308b9c |
98 |
PAX: bytes at PC: 65 a1 f0 ff ff ff ff a0 18 04 00 00 cc cc cc cc cc cc |
99 |
cc cc |
100 |
PAX: bytes at SP: 26f5880a 00000000 00000000 00000064 00000064 126314d0 |
101 |
12655f58 2758d040 126651e0 126651e0 12665210 12665210 00000025 00000025 |
102 |
269b6444 facc1702 00000$ |
103 |
grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE |
104 |
against limit 0 by /usr/X11R6/bin/glxinfo[glxinfo:11814] uid/euid:0/0 |
105 |
gid/egid:0/0, parent /bin/b$ |
106 |
PAX: execution attempt in: /usr/lib/opengl/nvidia/lib/libGL.so.1.0.6111, |
107 |
24464000-24473000 00058000 |
108 |
PAX: terminating task: /usr/X11R6/bin/glxgears(glxgears):11815, |
109 |
uid/euid: 0/0, PC: 2446dafc, SP: 5f15e97c |
110 |
PAX: bytes at PC: 65 a1 f0 ff ff ff ff a0 18 04 00 00 cc cc cc cc cc cc |
111 |
cc cc |
112 |
PAX: bytes at SP: 249e680a 00000000 00000000 0000012c 0000012c 12408b68 |
113 |
1242d5f0 2501b040 1243c8a0 1243c8a0 1243c8d0 1243c8d0 00000021 00000021 |
114 |
24588444 5cc35c54 00000$ |
115 |
...END 2 ... |
116 |
Note that i've activated quite all of PaX as grsec2 (TPE also, see some |
117 |
info about gid:100). The postgresql issue is known one. |
118 |
Also remember that after emerging xorg-X11-6.8.0-r1 (couldn't start X) |
119 |
so disabled all Pax flags on some binary (with the error) - maybe xinit, |
120 |
tried checking the binaries now but they are too many out there. |
121 |
Found it: /usr/X11R6/bin/Xorg (or at least keep an error on this). |
122 |
Thanks. |
123 |
-- |
124 |
Rumen Yotov <rumen_yotov@×××.bg> |