Firefox and Adblock Plus vs. GrSecurity kernels

Discussion in 'all things UNIX' started by Gullible Jones, Dec 21, 2014.

  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    If you have a spare Linux machine, running a GrSecurity kernel, then try this...

    1. Install Firefox
    2. Install the Adblock Plus extension
    3. Go to Youtube and mess around a bit

    Give it a few minutes. Firefox should get quite slow, and eventually crash. The dmesg log will show the kernel terminating Firefox, due to some kind of memory management issue.

    As far as I can tell, this only happens with Adblock Plus under GrSec kernels.

    I know ABP is already rather controversial here, but... Could this indicate a vulnerability in the extension? Or perhaps in Firefox?

    (NB, I know basically nothing about how Firefox extensions work.)
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It's unlikely an issue with ABP itself, but it's simply exposing an underlying issue. What are the exact errors?
     
  3. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Here:

    Code:
    [Sun Dec 21 19:31:46 2014] PAX: execution attempt in: <anonymous mapping>, 49325000-49329000 49325000
    [Sun Dec 21 19:31:46 2014] PAX: terminating task: /usr/lib/firefox-31esr/firefox(firefox):1185, uid/euid: 1000/1000, PC: 493271e0, SP: 5f7a0fd4
    [Sun Dec 21 19:31:46 2014] PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 
    [Sun Dec 21 19:31:46 2014] PAX: bytes at SP-4: 00000001 4220e271 00000182 41d26790 00000001 2e7a05b0 ffffff87 00000000 ffffff82 5f7a10c8 3f3d4050 41ad168e 00
    000c81 00000000 ffffff82 2e7a05b0 ffffff87 41d26790 ffffff87 2e7a05b0 ffffff87 
    [Sun Dec 21 19:31:46 2014] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/lib/firefox-31esr/firefox[firefox:1185
    ] uid/euid:1000/1000 gid/egid:100/100, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
    [Sun Dec 21 19:37:55 2014] PAX: execution attempt in: <anonymous mapping>, 36cd0000-36cdb000 36cd0000
    [Sun Dec 21 19:37:55 2014] PAX: terminating task: /usr/lib/firefox-31esr/firefox(firefox):1277, uid/euid: 1000/1000, PC: 36cda5d8, SP: 594deeb4
    [Sun Dec 21 19:37:55 2014] PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 
    [Sun Dec 21 19:37:55 2014] PAX: bytes at SP-4: 00000001 47d331d1 00000182 446c2490 00000001 31b507c0 ffffff87 00000000 ffffff82 594defa8 264cc290 3ebf3236 00000c81 00000000 ffffff82 31b507c0 ffffff87 446c2490 ffffff87 31b507c0 ffffff87 
    [Sun Dec 21 19:37:55 2014] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/lib/firefox-31esr/firefox[firefox:1277] uid/euid:1000/1000 gid/egid:100/100, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
    [Sun Dec 21 19:37:55 2014] Chrome_ChildThr[1331]: segfault at 0 ip 49cb642d sp 45c98ab0 error 6 in libmozalloc.so[49cb5000+2000]
    [Sun Dec 21 19:37:55 2014] grsec: Segmentation fault occurred at    (nil) in /usr/lib/firefox-31esr/plugin-container[Chrome_ChildThr:1331] uid/euid:1000/1000 gid/egid:100/100, parent /[firefox:1277] uid/euid:1000/1000 gid/egid:100/100
    [Sun Dec 21 19:37:55 2014] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/lib/firefox-31esr/plugin-container[Chrome_ChildThr:1331] uid/euid:1000/1000 gid/egid:100/100, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
    
    Edit: note that mprotect() restrictions were entirely disabled at kernel build time.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
  5. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    D'oh! Thanks. Guess it was only a matter of time before it showed up without ABP.

    rlimit hacks I gave up on, BTW, as they don't work. :) The resource overstep denial thing, I think, is just the usual Linux ban on core dumps.
     
Loading...