[grsec] problems with latest 38.3 patch
Carlos Carvalho
carlos at fisica.ufpr.br
Thu Apr 21 16:17:50 EDT 2011
With 2.2.2-2.6.38.3-201104201821.patch and Debian I'm getting nasty
errors from web browsers.
First, with FF 3.5 in Debian, it gets stuck in an infinite loop at
startup consuming 100% cpu. strace of some seconds produced 600,000+
lines of which almost all are:
150049 mmap2(0xad000000, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xad057000
150049 mmap2(NULL, 2097152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xacf57000
150049 munmap(0xacf57000, 2097152) = 0
150051 munmap(0xad057000, 1048576) = 0
Next I tried vanilla FF 3.5 and 3.6. Both give
./firefox-bin: error while loading shared libraries: ./libxul.so: cannot make segment writable for relocation: Permission denied
Then I tried Debian chromium, which produces
/usr/lib/chromium-browser/chromium-browser: error while loading shared libraries: libGL.so.1: failed to map segment from shared object: Operation not permitted
Without grsec 38.3 works as usual. This is without KERN_LOCKOUT.
Is it possible to get the browsers running with the new grsec?
More information about the grsecurity
mailing list