Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: PaX mprotect now on for amd64 (Christos Zoulas) writes:


>I just turned on mprotect for amd64. The following sysctls have
>been set to 1

>    security.pax.mprotect.enable=1

>If you want to see what processes hit this you can:

>    security.pax.mprotect.debug=1

>This breaks programs that need to map segments both writable and executable,
>for example java. To fix them you can:

>paxctl +m /path/to/bin/java

It also hits firefox (from pkgsrc) or glxgears (from xbase).

pax_mprotect_adjust: /home/netbsd-current/src/sys/uvm/uvm_mmap.c,418: 266.1 (glxgears): -x
pid 266 (glxgears), uid 61: exited on signal 11 (core dumped)

gdb cannot use the coredump, either gdb is broken or the stack in the
coredump is damaged. glxgears tries to execute code that starts on
a page close to the stack.

rsp      0x7f7fffffc7e8
rip      0x7f7fefe00000

                                Michael van Elst
                                "A potential Snark may lurk in every tree."

Home | Main Index | Thread Index | Old Index