[grsec] Nvidia libGL.so Problem

[Ned Ludd]

On Mon, 2004-09-06 at 11:12, sqmishra at o2.ie wrote:
> Hello,
> 
> I'm running Gentoo/Xorg-6.7 with a PAX/GRSEC enabled kernel. I have an Nvidia video card. I'm getting the following kernel message(s) when I try and run any GL based applications.
> 

[snip common err]

> I get something similar with all GL based applications.

yep.. 'chpax || paxctl' is your friend.

The 3rd party nvidia stuff has runtime execution code in the shared
object ( & drivers ) so any program that is directly linked to it and 
calls whatever function in it is going to cause the same error. So just
use the chpax or paxctl on the glx{gears,info} or use the rbac system.

Anyway the root of the problem is in the 3rd party driver & app so it's
not something trivially we can fix. The vendor has to be persuaded to
release a non runtime exec compatible versions and I don't think they
really want to do that (yet).

> I know it doesn't make much sense to be using grsec with a desktop machine,

It makes complete sense to run grsec and PaX on a desktop just the same
as a server. Think about it for a sec.. Where do you ssh from into your
servers or whatever.. Most of the time your desktop, and if your desktop
gets owned then your going to be mega screwed.

>  but hoping someone could help me out with this.
> 
> Thanks.
> Samir.
> 
> 
> -------------------------------------------------------
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity

-- 
Ned Ludd <solar at gentoo.org>
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20040906/af0388d8/attachment.pgp