[grsec] Nvidia libGL.so Problem
sqmishra at o2.ie
sqmishra at o2.ie
Mon Sep 6 16:04:50 EDT 2004
Thanks for ALL your help.
I guess the problem is not trivial, and I'll probably have to disable some of the PAX related kernel settings. GLX stuff was working before I turned on the "Non-Executable Pages"-related options.
I have all the log listings, system specs, systrace & Nvidia file you may need (chpax/paxctl -m did not fix things), but the file is ~150K. Unfortunately, I don't have anywhere public to post this file. If someone would be kind enough to provide me with temporary access to a server so I can upload it or something, that would be great. Otherwise I could send it as an email attachment, probably not a good idea to send it to the mailing list though.
Thanks again.
PS good to hear I'm not being paranoid by running PAX/GRSEC on a desktop. I've only really used the PAX related stuff so far, working towards getting my head around Grsec.
On Monday 06 September 2004 22:49, pageexec at freemail.hu wrote:
| > Sep 6 18:21:18 amoeba PAX: execution attempt in: /usr/lib/opengl/nvidia/lib/libGL.so.1.0.6111, 2574c000-2575b000 00058000
| > Sep 6 18:21:18 amoeba PAX: terminating task: /usr/X11R6/bin/glxinfo(glxinfo):7661, uid/euid: 9999/9999, PC: 25755afc, SP: 5bc95e2c
| > Sep 6 18:21:18 amoeba PAX: bytes at PC: 65 a1 c8 ff ff ff ff a0 18 04 00 00 cc cc cc cc cc cc cc cc
| > Sep 6 18:21:18 amoeba PAX: bytes at SP: 25daa80a 00000000 00000000 00000064 00000064 080662c8 0808ad58 269fc040 080ad400 080ad400 080ad430 080ad430 0000002c 0000002c 25974540 25974188 00000000 00000000 00000000 00008c09
|
| this piece of code has something to do with thread local storage (TLS),
| it retrieves some function pointer table pointer from there then jumps
| through an entry in it. now, there's some investigation to do ;-). first,
| could you make libGL.so available somewhere? second, you could in the
| meantime provide the following information:
|
| readelf -e /usr/lib/opengl/nvidia/lib/libGL.so.1.0.6111
|
| then also try paxctl/chpax -m on /usr/X11R6/bin/glxinfo and see if that
| gets it to run (or at least die at a different place).
|
| all the above will help establish where exactly that piece of code is,
| whether it should be there (i.e., is it and does it really have to be
| runtime generated, or it's just a toolchain/nvidia bug) and maybe, how
| it can be fixed (in any case, it'll be nvidia's job).
|
|
|
More information about the grsecurity
mailing list