If you have a spare Linux machine, running a GrSecurity kernel, then try this... 1. Install Firefox 2. Install the Adblock Plus extension 3. Go to Youtube and mess around a bit Give it a few minutes. Firefox should get quite slow, and eventually crash. The dmesg log will show the kernel terminating Firefox, due to some kind of memory management issue. As far as I can tell, this only happens with Adblock Plus under GrSec kernels. I know ABP is already rather controversial here, but... Could this indicate a vulnerability in the extension? Or perhaps in Firefox? (NB, I know basically nothing about how Firefox extensions work.)
It's unlikely an issue with ABP itself, but it's simply exposing an underlying issue. What are the exact errors?
Here: Code: [Sun Dec 21 19:31:46 2014] PAX: execution attempt in: <anonymous mapping>, 49325000-49329000 49325000 [Sun Dec 21 19:31:46 2014] PAX: terminating task: /usr/lib/firefox-31esr/firefox(firefox):1185, uid/euid: 1000/1000, PC: 493271e0, SP: 5f7a0fd4 [Sun Dec 21 19:31:46 2014] PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? [Sun Dec 21 19:31:46 2014] PAX: bytes at SP-4: 00000001 4220e271 00000182 41d26790 00000001 2e7a05b0 ffffff87 00000000 ffffff82 5f7a10c8 3f3d4050 41ad168e 00 000c81 00000000 ffffff82 2e7a05b0 ffffff87 41d26790 ffffff87 2e7a05b0 ffffff87 [Sun Dec 21 19:31:46 2014] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/lib/firefox-31esr/firefox[firefox:1185 ] uid/euid:1000/1000 gid/egid:100/100, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 [Sun Dec 21 19:37:55 2014] PAX: execution attempt in: <anonymous mapping>, 36cd0000-36cdb000 36cd0000 [Sun Dec 21 19:37:55 2014] PAX: terminating task: /usr/lib/firefox-31esr/firefox(firefox):1277, uid/euid: 1000/1000, PC: 36cda5d8, SP: 594deeb4 [Sun Dec 21 19:37:55 2014] PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? [Sun Dec 21 19:37:55 2014] PAX: bytes at SP-4: 00000001 47d331d1 00000182 446c2490 00000001 31b507c0 ffffff87 00000000 ffffff82 594defa8 264cc290 3ebf3236 00000c81 00000000 ffffff82 31b507c0 ffffff87 446c2490 ffffff87 31b507c0 ffffff87 [Sun Dec 21 19:37:55 2014] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/lib/firefox-31esr/firefox[firefox:1277] uid/euid:1000/1000 gid/egid:100/100, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 [Sun Dec 21 19:37:55 2014] Chrome_ChildThr[1331]: segfault at 0 ip 49cb642d sp 45c98ab0 error 6 in libmozalloc.so[49cb5000+2000] [Sun Dec 21 19:37:55 2014] grsec: Segmentation fault occurred at (nil) in /usr/lib/firefox-31esr/plugin-container[Chrome_ChildThr:1331] uid/euid:1000/1000 gid/egid:100/100, parent /[firefox:1277] uid/euid:1000/1000 gid/egid:100/100 [Sun Dec 21 19:37:55 2014] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/lib/firefox-31esr/plugin-container[Chrome_ChildThr:1331] uid/euid:1000/1000 gid/egid:100/100, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 Edit: note that mprotect() restrictions were entirely disabled at kernel build time.
Is this using any of your rlimit tricks or anything like that on Firefox? Oh, also https://bugzilla.mozilla.org/show_bug.cgi?id=1041342
D'oh! Thanks. Guess it was only a matter of time before it showed up without ABP. rlimit hacks I gave up on, BTW, as they don't work. The resource overstep denial thing, I think, is just the usual Linux ban on core dumps.
