grsecurity forums

[nn4l]

I'm running a plain kernel 2.4.26 with grsecurity 2.0 (CONFIG_GRKERNSEC_HI=y). When running Tomcat, the /var/log/syslog file shows many errors, but the web applications still run:

Code: Select all

May 12 05:56:06 marvin kernel: grsec: From 217.187.190.19: signal 4 sent to /chroot/web/opt/j2sdk1.4.2_04/bin/java[java:4299] uid/euid:105/105 gid
/egid:105/105, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
May 12 05:56:06 marvin kernel: grsec: From 217.187.190.19: signal 11 sent to /chroot/web/opt/j2sdk1.4.2_04/bin/java[java:4299] uid/euid:105/105 gi
d/egid:105/105, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
May 12 05:56:07 marvin last message repeated 3 times
May 12 05:56:15 marvin kernel: grsec: more alerts, logging disabled for 10 seconds
May 12 05:56:35 marvin kernel: grsec: From 217.187.190.19: signal 11 sent to /chroot/web/opt/j2sdk1.4.2_04/bin/java[java:4299] uid/euid:105/105 gi
d/egid:105/105, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
May 12 05:56:35 marvin last message repeated 3 times


But all PAX flags are disabled on this java executable (everything else in bin is unmodified):

Code: Select all

# chpax -v /chroot/web/opt/j2sdk1.4.2_04/bin/java

----[ chpax 0.6 : Current flags for /chroot/web/opt/j2sdk1.4.2_04/bin/java (pemrxs) ]----

 * Paging based PAGE_EXEC       : disabled
 * Trampolines                  : not emulated
 * mprotect()                   : not restricted
 * mmap() base                  : not randomized
 * ET_EXEC base                 : not randomized
 * Segmentation based PAGE_EXEC : disabled
#

How can I fix this behaviour? Should I recompile the kernel without PAX?

[PaX Team]

But all PAX flags are disabled on this java executable (everything else in bin is unmodified):

Code: Select all

# chpax -v /chroot/web/opt/j2sdk1.4.2_04/bin/java

----[ chpax 0.6 : Current flags for /chroot/web/opt/j2sdk1.4.2_04/bin/java (pemrxs) ]----

 * Paging based PAGE_EXEC       : disabled
 * Trampolines                  : not emulated
 * mprotect()                   : not restricted
 * mmap() base                  : not randomized
 * ET_EXEC base                 : not randomized
 * Segmentation based PAGE_EXEC : disabled
#

How can I fix this behaviour? Should I recompile the kernel without PAX?

given that PaX is already off on java, it's most likely an issue with java itself, not PaX. if you can get and analyze a coredump, you might be able to tell what goes wrong. you could also try another JVM or an older version of the Sun JVM.

[nn4l]

I have now tried this with the latest Java release (jdk1.5.0) with Tomcat 5.0.28 on a Debian woody system (kernel 2.4.28), with the same results.

Although Tomcat and all installed applications work just fine, I am still concerned with this strange error message.

Code: Select all

kernel: grsec: signal 11 sent to /chroot/web/opt/jdk1.5.0/bin/java[java:26206] uid/euid:103/103 gid/egid
:103/103, parent /chroot/web/opt/jdk1.5.0/bin/java[java:23361] uid/euid:103/103 gid/egid:103/103

Is there really no way of getting rid of this error message? This seems to be a frequent question in this and other forums.

[eRAZOR]

I have now tried this with the latest Java release (jdk1.5.0) with Tomcat 5.0.28 on a Debian woody system (kernel 2.4.28), with the same results.

Although Tomcat and all installed applications work just fine, I am still concerned with this strange error message.

Code: Select all

kernel: grsec: signal 11 sent to /chroot/web/opt/jdk1.5.0/bin/java[java:26206] uid/euid:103/103 gid/egid
:103/103, parent /chroot/web/opt/jdk1.5.0/bin/java[java:23361] uid/euid:103/103 gid/egid:103/103

Is there really no way of getting rid of this error message? This seems to be a frequent question in this and other forums.

Same here. Got nothing in the logs but this error.

[PaX Team]

Is there really no way of getting rid of this error message? This seems to be a frequent question in this and other forums.

as i said last time, without analyzing a coredump, i can't tell what's going on.