[Gc] Linux failure with PaX

John Richard Moser nigelenki at comcast.net
Fri Jul 9 19:22:32 PDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm having a hard time running anything under the Boehm GC with a
PaX-enabled Linux system.  I compiled the Boehm GC with malloc
redirection and used LD_PRELOAD to preload:

LD_PRELOAD="/usr/lib/libdl.so /lib/libpthread.so.0 \
/usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.4/libgcc_s.so \
/usr/lib/libgc.so"

Simple programs like a leaking loop or nano will run.  Complex programs
like vim, firefox, gimp, bash, or almost anything else get killed:

PAX: execution attempt in: /usr/bin/fortune, 17efa000-17eff000 00000000
PAX: terminating task: /usr/bin/fortune(fortune):4789, uid/euid: 0/0,

PAX: execution attempt in: /lib/libc-2.3.3.so, 24792000-248a1000 00000000
PAX: terminating task: /usr/bin/vim(vim):4809, uid/euid: 0/0, PC:

PAX: execution attempt in: /usr/lib/libgc.so.1.0.2, 20879000-2089f000
00000000
PAX: terminating task: /usr/bin/vim(vim):13716, uid/euid: 1000/1000, PC:
2088ab47, SP: 58f97580

PAX: execution attempt in: /usr/lib/libgc.so.1.0.2, 24a55000-24a7b000
00000000
PAX: terminating task: /usr/bin/vim(vim):13719, uid/euid: 1000/1000, PC:
24a66b47, SP: 598f9fe0

PaX is a patch for Linux which prevents arbitrary code execution by
assuring no pages are both writable and executable.  See simplified
explaination at http://en.wikipedia.org/wiki/PaX to get familiar with
it, and to find links about it, and exactly what it does.

I successfully run all my applications on a PaX-enabled machine with a
handful of executables having various restrictions relaxed.  PaX is a
very useful and significant security technology, and only incurs a <2%
(<1% for me) performance overhead with SEGMEXEC and everything else on
in most if not all cases.

I despise garbage collecton.  It's not a concept I consider intelligent
or proper at all.  This does not forbid me from researching it, however;
and right now, I need the Boehm GC to work so I can research a serious
critical flaw in the entire GC concept.

It's already a known fact that under certain situations (xor-condensed
linked lists, processes making their own makeshift virtual ram, etc) the
GC can free up ram that's in use.  Programmers aren't the smartest bunch
on the planet (says the one making his own development framework), and
so they're bound to find some simplistic way to break the GC.  But I'm
not interested in that.  Let's assume it does work usually.

How's the GC work?  It wanders around in the heap looking for things
that look like pointers (WTF looks like a pointer?!)?  OK.  I'm 400+M
into swap.  You go ahead and wander around and see how far you get.

I want to put my system under the GC and see if it indeed thrashes the
hell out of swap.  I can help you set up a PaX box if you know how to
compile a Linux kernel; can even give you the scripts that set up proper
relaxed restrictions on binaries that need it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA71LnhDd4aOud5P8RAoGMAJ9gTKGQGmzkbiA9lPmIchhsxzoOuQCbBDL3
o0mOWtpM+DE+/WpYOMAZgvY=
=X87P
-----END PGP SIGNATURE-----


More information about the Gc mailing list