APT broken : libgcj.so.70: cannot enable executable stack

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Moderators: spender, PaX Team

APT broken : libgcj.so.70: cannot enable executable stack

Postby mikeeusa2 » Sun Nov 09, 2008 12:52 am

# apt-get -f install
Reading package lists... Done
Building dependency tree... Done
Correcting dependencies... Done
The following extra packages will be installed:
openoffice.org-gcj
The following packages will be upgraded:
openoffice.org-gcj
1 upgraded, 0 newly installed, 0 to remove and 5 not upgraded.
19 not fully installed or removed.
Need to get 0B/4366kB of archives.
After unpacking 0B of additional disk space will be used.
Do you want to continue [Y/n]? y
(Reading database ... 187877 files and directories currently installed.)
Preparing to replace openoffice.org-gcj 2.0.4.dfsg.2-7etch5 (using .../openoffice.org-gcj_2.0.4.dfsg.2-7etch6_i386.deb) ...
Unpacking replacement openoffice.org-gcj ...
gcj-dbtool-4.1: error while loading shared libraries: libgcj.so.70: cannot enable executable stack as shared object requires: Permission denied
dpkg: warning - old post-removal script returned error exit status 2
dpkg - trying script from the new package instead ...
gcj-dbtool-4.1: error while loading shared libraries: libgcj.so.70: cannot enable executable stack as shared object requires: Permission denied
dpkg: error processing /var/cache/apt/archives/openoffice.org-gcj_2.0.4.dfsg.2-7etch6_i386.deb (--unpack):
subprocess new post-removal script returned error exit status 2
gcj-dbtool-4.1: error while loading shared libraries: libgcj.so.70: cannot enable executable stack as shared object requires: Permission denied
dpkg: error while cleaning up:
subprocess post-removal script returned error exit status 2
Errors were encountered while processing:
/var/cache/apt/archives/openoffice.org-gcj_2.0.4.dfsg.2-7etch6_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

I tried to no avail:
caethaver2:/usr/lib# chpax -p libgcj.so.70
caethaver2:/usr/lib# chpax -p /usr/bin/gcj-dbtool-4.1
caethaver2:/usr/lib# chpax -p /usr/bin/gcj-dbtool


Also I found my server crashed/restarted too today. Where would I look at logs? There were no pwr outages and I have it on an UPS
mikeeusa2
 
Posts: 60
Joined: Thu May 15, 2008 1:54 am

Re: APT broken : libgcj.so.70: cannot enable executable stack

Postby mikeeusa2 » Sun Nov 09, 2008 12:59 am

Doing -s worked. Still don't know why server was found crashed, I'm using:
Linux 2.6.26.6-grsec #2 SMP Tue Oct 21 18:52:33 EDT 2008 i686 GNU/Linux
Is that a safe secure version?



Pax test output:
Writing output to paxtest.log
It may take a while for the tests to complete
Test results:
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later

Mode: blackhat
Linux 2.6.26.6-grsec #2 SMP Tue Oct 21 18:52:33 EDT 2008 i686 GNU/Linux

Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable anonymous mapping (mprotect) : Killed
Executable bss (mprotect) : Killed
Executable data (mprotect) : Killed
Executable heap (mprotect) : Killed
Executable shared library bss (mprotect) : Killed
Executable shared library data (mprotect): Killed
Executable stack (mprotect) : Killed
Anonymous mapping randomisation test : 17 bits (guessed)
Heap randomisation test (ET_EXEC) : 13 bits (guessed)
Heap randomisation test (ET_DYN) : 23 bits (guessed)
Main executable randomisation (ET_EXEC) : No randomisation
Main executable randomisation (ET_DYN) : 15 bits (guessed)
Shared library randomisation test : 17 bits (guessed)
Stack randomisation test (SEGMEXEC) : 23 bits (guessed)
Stack randomisation test (PAGEEXEC) : 24 bits (guessed)
Return to function (strcpy) : Vulnerable
Return to function (strcpy, RANDEXEC) : Vulnerable
Return to function (memcpy) : Vulnerable
Return to function (memcpy, RANDEXEC) : Vulnerable
Executable shared library bss : Killed
Executable shared library data : Killed
Writable text segments : Killed
mikeeusa2
 
Posts: 60
Joined: Thu May 15, 2008 1:54 am

Re: APT broken : libgcj.so.70: cannot enable executable stack

Postby PaX Team » Sun Nov 09, 2008 6:53 am

mikeeusa2 wrote:I tried to no avail:
caethaver2:/usr/lib# chpax -p libgcj.so.70
caethaver2:/usr/lib# chpax -p /usr/bin/gcj-dbtool-4.1
caethaver2:/usr/lib# chpax -p /usr/bin/gcj-dbtool
if you use SEGMEXEC as well then you'll need to disable both. actually neither is needed, -m should be enough to allow GNU_STACK processing.
Also I found my server crashed/restarted too today. Where would I look at logs?
wherever you log kernel logs, say /var/log/messages and look for any oops or other interesting messages reported before the crash/reboot.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to grsecurity support

cron