From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-hardened+bounces-4833-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id E1796138A1D
	for <garchives@archives.gentoo.org>; Sat,  1 Nov 2014 22:04:38 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id C8A8BE110A;
	Sat,  1 Nov 2014 22:04:36 +0000 (UTC)
Received: from puleglot.ru (unknown [78.47.99.242])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 0695FE1105
	for <gentoo-hardened@lists.gentoo.org>; Sat,  1 Nov 2014 22:04:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tsoy.me; s=mymail;
	h=Sender:Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Subject:To:From:Date; bh=gHPmT4PbR6Kcd2zmwozFbQKple/4KSdVEda4jYRN2ac=;
	b=h5m3beHxbyGyCZicbF14G7ahv5iGMLV7YQnuhmo9gNgRDK0CiatCjMCaOn4ad7bejjri6Bl/BiWPo+qSJCibZ5IWShLbOJiR8bJ10LNfgVkuqDXCQmtysTZIa3nllIaggd22xFAOuLy400MnC6Jhv8bv8jXTUgCbko4rFQ87tBc=;
Received: from 37-146-230-9.broadband.corbina.ru ([37.146.230.9] helo=home.puleglot)
	by puleglot.ru with esmtpsa (TLSv1.2:AES128-GCM-SHA256:128)
	(Exim 4.84)
	(envelope-from <puleglot@puleglot.ru>)
	id 1Xkgmf-0004IC-2k
	for gentoo-hardened@lists.gentoo.org; Sun, 02 Nov 2014 01:04:33 +0300
Date: Sun, 2 Nov 2014 01:04:30 +0300
From: Alexander Tsoy <alexander@tsoy.me>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] "grsec: denied RWX mprotect" doesn't kill app
 anymore
Message-ID: <20141102010430.5d1062fc@home.puleglot>
In-Reply-To: <20141101112151.5b6d7a07@maelstrom.zone>
References: <20141101100823.GA22195@home.power>
	<20141101112151.5b6d7a07@maelstrom.zone>
X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.24; x86_64-pc-linux-gnu)
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Sender: puleglot@puleglot.ru
X-Archives-Salt: 6b792496-4b71-4227-aed4-4476d23c1f7e
X-Archives-Hash: 396d830264e07fce477c047dda8dc83a

=D0=92 Sat, 1 Nov 2014 11:21:51 +0100
Amadeusz S=C5=82awi=C5=84ski <amade@asmblr.net> =D0=BF=D0=B8=D1=88=D0=B5=D1=
=82:

> On Sat, 1 Nov 2014 12:08:23 +0200
> Alex Efros <powerman@powerman.name> wrote:
>=20
> > Hi!
> >=20
> > I wonder is something was changed in handling "grsec: denied RWX
> > mprotect"? Previously when I see this in kernel log it usually
> > result in killing app (and I've to run `paxctl-ng -m /that/app`),
> > but now it looks like this doesn't happens anymore. For example:
> >=20
>=20
> https://bugs.freedesktop.org/show_bug.cgi?id=3D73473
>=20
> OpenGL apps fallback to software rendering if they can't mmap
> executable memory.

Alex uses nvidia blob, so fdo bug is unrelated here:

> > # eselect opengl list
> > Available OpenGL implementations:
> >   [1]   nvidia *
> >   [2]   xorg-x11

--=20
Alexander Tsoy