[grsec] Nvidia libGL.so Problem
pageexec at freemail.hu
pageexec at freemail.hu
Mon Sep 6 17:24:35 EDT 2004
> Again, thanks very much. Someone (Tim, from mailing list) provided me with an
> account to upload the file to (see below)
so, i've taken a look at all this, and it seems that we have a fundemental
problem with the nvidia libGL as its data segment contains a section called
.writetext, which is what it says, a writable/executable section, apparently
meant for runtime code generation. so unless nvidia redesigns their code
(if it can be done at all in their case, that is), it won't ever work with
full PaX enabled on apps that use this library. what i don't understand
however is why paxctl/chpax -m didn't help, can you tell me what PaX features
you have in your kernel .config (and in particular, which executable marking
support you're using)? also a 'readelf -e', 'chpax -v' and 'paxctl -vQ' on
any of the failed apps would be helpful.
ps: i'm cc'ing the list again, in case someone else runs into this in
the future.
More information about the grsecurity
mailing list