Re: PaX mprotect now on for amd64

To: current-users%netbsd.org@localhost
Subject: Re: PaX mprotect now on for amd64
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Thu, 19 May 2016 05:20:19 +0000 (UTC)

christos%zoulas.com@localhost (Christos Zoulas) writes:


>Hi,

>I just turned on mprotect for amd64. The following sysctls have
>been set to 1

>    security.pax.mprotect.enable=1
>    security.pax.mprotect.global=1

>If you want to see what processes hit this you can:

>    security.pax.mprotect.debug=1

>This breaks programs that need to map segments both writable and executable,
>for example java. To fix them you can:

>paxctl +m /path/to/bin/java


It also hits firefox (from pkgsrc) or glxgears (from xbase).

pax_mprotect_adjust: /home/netbsd-current/src/sys/uvm/uvm_mmap.c,418: 266.1 (glxgears): -x
pid 266 (glxgears), uid 61: exited on signal 11 (core dumped)

gdb cannot use the coredump, either gdb is broken or the stack in the
coredump is damaged. glxgears tries to execute code that starts on
a page close to the stack.

rsp      0x7f7fffffc7e8
rip      0x7f7fefe00000

-- 
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."

References:
- PaX mprotect now on for amd64
  - From: Christos Zoulas

Prev by Date: daily CVS update output
Next by Date: bridge(4) and wm(4) with NET_MPSAFE is MP-scalable for now
Previous by Thread: Re: Some pkgsrc/mk/pax.mk suggestions (was: Re: PaX mprotect now on for amd64)
Next by Thread: Re: PaX mprotect now on for amd64
Indexes:

Home | Main Index | Thread Index | Old Index