-
Bug
-
Resolution: Cannot Reproduce
-
P4
-
6u10
-
x86
-
linux
FULL PRODUCT VERSION :
java version "1.6.0_16"
ADDITIONAL OS VERSION INFORMATION :
Linux 2.6.29-hardened x86_64
EXTRA RELEVANT SYSTEM CONFIGURATION :
This is a *hardened* linux kernel with PaX exec protection turned on, see http://pax.grsecurity.net/:
No application (except for those which have been explicitely allowed to do so) may map an area of memory for both writing and execution: Each writeable area of memory is non-executable, and each executable area of memory is read-only. Applications violating this rule are killed by the kernel.
This is an almost perfect protection against all kinds of code injection exploits, but also inhibits any kind of JIT.
A DESCRIPTION OF THE PROBLEM :
Firefox is specified to run also with PaX execute protection enabled,
and it indeed does so as long as there is no java plugin:
All features of Firefox which would violate the execute protection (e.g. the JavaScript JIT) can be disabled (in case of JavaScript: Pure Interpreter is used instead).
Execute protection is essential for web browsers in any security-aware environment.
Of all executables on the system, firefox is perhaps the one for which execute protection is most critical.
That's what Intels NX technology was invented for...
As soon as the java plugin is present in the plugins directory, firefox is killed by the kernel on startup due to execute protection violation.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Use a linux system with PaX kernel extension and execute protection turned on
(in my case: Gentoo-hardened).
Install firefox and the java plugin.
Start firefox.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Working firefox and java plugin.
ACTUAL -
Firefox killed by kernel on startup due to execute protection violation.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
PaX message from the kernel in syslog.
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Firefox (including java applets) works fine if execute protection is turned off for firefox.
Expected solution:
Java plugin can run even with exec protection on:
Option to run it in non-JIT mode.
java version "1.6.0_16"
ADDITIONAL OS VERSION INFORMATION :
Linux 2.6.29-hardened x86_64
EXTRA RELEVANT SYSTEM CONFIGURATION :
This is a *hardened* linux kernel with PaX exec protection turned on, see http://pax.grsecurity.net/:
No application (except for those which have been explicitely allowed to do so) may map an area of memory for both writing and execution: Each writeable area of memory is non-executable, and each executable area of memory is read-only. Applications violating this rule are killed by the kernel.
This is an almost perfect protection against all kinds of code injection exploits, but also inhibits any kind of JIT.
A DESCRIPTION OF THE PROBLEM :
Firefox is specified to run also with PaX execute protection enabled,
and it indeed does so as long as there is no java plugin:
All features of Firefox which would violate the execute protection (e.g. the JavaScript JIT) can be disabled (in case of JavaScript: Pure Interpreter is used instead).
Execute protection is essential for web browsers in any security-aware environment.
Of all executables on the system, firefox is perhaps the one for which execute protection is most critical.
That's what Intels NX technology was invented for...
As soon as the java plugin is present in the plugins directory, firefox is killed by the kernel on startup due to execute protection violation.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Use a linux system with PaX kernel extension and execute protection turned on
(in my case: Gentoo-hardened).
Install firefox and the java plugin.
Start firefox.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Working firefox and java plugin.
ACTUAL -
Firefox killed by kernel on startup due to execute protection violation.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
PaX message from the kernel in syslog.
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Firefox (including java applets) works fine if execute protection is turned off for firefox.
Expected solution:
Java plugin can run even with exec protection on:
Option to run it in non-JIT mode.