Hi!
On Sat, Sep 19, 2015 at 09:33:15PM +0200, PaX Team wrote:
> did you see only a single log per executable or two? i'm asking it
> because this method of runtime codegen would produce two messages
> (and the grsec log message is actually wrong as it's not a denial
> but rather the opposite, spender will fix it in the next patch ;).
Two. I've omit second because it's same as first. Here is full log for xxkb:
2015-09-19_19:37:29.08354 kern.alert: grsec: denied text relocation in
/usr/lib64/opengl/nvidia/lib/libGLdispatch.so.0, VMA:0x77ad9d9cf000 0x00000000
by /usr/bin/xxkb[xxkb:2997] uid/euid:1000/1000 gid/egid:1000/1000, parent
/bin/bash[bash:12208] uid/euid:1000/1000 gid/egid:1000/1000
2015-09-19_19:37:29.08357 kern.alert: grsec: denied text relocation in
/usr/lib64/opengl/nvidia/lib/libGLdispatch.so.0, VMA:0x77ad9d9cf000 0x00000000
by /usr/bin/xxkb[xxkb:2997] uid/euid:1000/1000 gid/egid:1000/1000, parent
/bin/bash[bash:12208] uid/euid:1000/1000 gid/egid:1000/1000
2015-09-19_19:37:29.08853 kern.alert: grsec: denied RWX mprotect of
/usr/lib64/opengl/nvidia/lib/libGL.so.355.11 by /usr/bin/xxkb[xxkb:2997]
uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:12208]
uid/euid:1000/1000 gid/egid:1000/1000
--
WBR, Alex.
