These messages are benign, and you can ignore them.
Examples:
Example if you are running an ASL kernel:
PAX: execution attempt in: <anonymous mapping>, 53181000-53184000 53181000 PAX: terminating task: /usr/libexec/paxtest/anonmap(anonmap):1234, uid/euid: 0/0, PC: 53181000, SP: 23498723984 PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PAX: bytes at SP-4: 12345465682347509817324059871340598734
You may also see messages such as this:
kernel: grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/libexec/paxtest/execheap[execheap:5854] uid/euid:0/0 gid/egid:0/0, parent /usr/libexec/paxtest/execheap[execheap:5853] uid/euid:0/0 gid/egid:0/0
Example if you are not running an ASL kernel:
kernel: anonmap[12345]: segfault at 00002aaaaaaab000 rip 00002aaaaaaab000 rsp 00007fff457153f8 error 15
Discussion
If you see these log messages for any of these programs:
/usr/libexec/paxtest/anonmap /usr/libexec/paxtest/execbss /usr/libexec/paxtest/execdata /usr/libexec/paxtest/execheap /usr/libexec/paxtest/execstack /usr/libexec/paxtest/mprotanon /usr/libexec/paxtest/mprotbss /usr/libexec/paxtest/mprotdata /usr/libexec/paxtest/mprotheap /usr/libexec/paxtest/mprotshbss /usr/libexec/paxtest/mprotshdata /usr/libexec/paxtest/mprotstack /usr/libexec/paxtest/shlibbss /usr/libexec/paxtest/shlibdata
These are caused as part of ASL's built in kernel vulnerability scanner. These messages in syslog are normal and harmless and you can ignore them. They mean the vulnerability scanner is working correctly. These messages do not cause any harm to the system, and are perfectly safe.
If you are running an ASL kernel you are immune to the vulnerabilities the scanner will test for and the "PAX:" messages indicate that ASL is working normally and safely.
If you are not running an ASL kernel you will not see the PAX: messages, which means you are vulnerable to some of these tests. The ASL GUI will report the specific vulnerabilities, you can also get a report from the command line by running this command as root:
asl -s
The solution to kernel level vulnerabilities is to run the ASL kernel. Standard Linux kernels are not immune to all kernel exploits and vulnerabilities.
Can I suppress these events so they are not logged?
No. These are generated by the kernel itself, and suppressing these events would mean that you wouldnt be notified of an actual attack on your system either. These messages mean that the kernel is working correctly, and this is an important part of the health management system in ASL.
Comments
0 comments
Please sign in to leave a comment.