Oded Arbel wrote: >Mandrake's secure kernel (grsecurity patched) - when ever I try to run >eclipse executable, I get this error: >java.lang.UnsatisfiedLinkError: >/home/odeda/local/eclipse-dev/eclipse/plugins/org.eclipse.swt.gtk_3.0.0/o >s/linux/x86/libswt-pi-gtk-3016.so: > /home/odeda/local/eclipse-dev/eclipse/plugins/org.eclipse.swt.gtk_3.0.0/ >os/linux/x86/libswt-pi-gtk-3016.so: failed to map segment from shared > object: Permission denied
Ok, let's explain what's going on here. One way to battle exploits of buffer oferflows & friends is to deny executing of code from the stack.
What usually happens with a buffer overrun expolit is that the stack that normally contains variable information is run over with executable code which is made to run with a clever trick (for details consult "Smashing the stack for sun and profit" by Aleph One: http://www.insecure.org/stf/smashstack.txt)
What the grsecruity patch tries to do then, is to disable the possability of running code that is located on the stack.
There are some applications though, that during their normal runtime will allocate some memory, write code to it and execute it. This is called "trampoline code". I know some previous version of GCC used to do that for example. It seems the JDK tries to do the same (which makes sense if you stop to thing about a just ibn time compiler, btw).
I don't know enough about grsecurity patch to tell you exactly how to do this, but if it has an option of supporting trampoline code which i assume it does but maybe is disabled by default, enable it and recompile the kernel. This should solve the problem.
Hope this helps, Gilad
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
