Best unofficial Apache Server developers community
Username
Forgot password?
Sign in with Twitter account
Sign in with Facebook account

Linux kernel with grsec + Java / Apache Tomcat

1

226 views

I've got a Debian Linux 64 bit dedicated server. The kernel has the grsec patch applied.

I'm mainly using this server to run Apache Tomcat (6.0.26, Java 6) and everything seems fine.

The only issue, is that when I start Tomcat, I get a few of these:

grsec: From xxx.xxx.xxx.xxx: Segmentation fault occurred at 00007fefe04e4000 in /home/t/jre1.6.0_20/bin/java[java:22403] uid/euid:1001/1001 gid/egid:1001/1001, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: more alerts, logging disabled for 10 seconds

Then no error logs anymore. Everything is fine.

The kernel is:

Linux 2.6.32.2-xxxx-grs-ipv4-64 #1 SMP Tue Dec 29 14:41:12 UTC 2009 x86_64 GNU/Linux

And the webapp works fine.

So there are segmentation fault when Tomcat starts, but everything seems to works fine.

Is this concerning? Should I move to a non-grsec kernel?

linux tomcat java grsec
asked June 12, 2010 6:06 am CDT
NoozNooz42
posted via ServerFault

2 Answers

0
 

I'm also hosted by OVH and I have a bunch of this:

Jul 20 07:29:25 nsxxxxxx kernel: grsec: From x.x.x.x: Segmentation fault occurred at 00007f0e17e3e300 in /usr/lib/jvm/java-6-sun-1.6.0.17/jre/bin/java[java:4177] uid/euid:1011/1011 gid/egid:1011/1011, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Jul 20 07:29:25 nsxxxxxx kernel: grsec: From x.x.x.x: Segmentation fault occurred at 0000000000000008 in /usr/lib/jvm/java-6-sun-1.6.0.17/jre/bin/java[java:30441] uid/euid:1011/1011 gid/egid:1011/1011, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Jul 20 07:29:25 nsxxxxxx kernel: grsec: From x.x.x.x: Segmentation fault occurred at 0000000000000008 in /usr/lib/jvm/java-6-sun-1.6.0.17/jre/bin/java[java:30441] uid/euid:1011/1011 gid/egid:1011/1011, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Jul 20 07:30:00 nsxxxxxx kernel: grsec: From x.x.x.x: Segmentation fault occurred at 0000000000000008 in /usr/lib/jvm/java-6-sun-1.6.0.17/jre/bin/java[java:30620] uid/euid:1011/1011 gid/egid:1011/1011, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Jul 20 07:30:02 nsxxxxxx kernel: grsec: From x.x.x.x: Segmentation fault occurred at 0000000000000008 in /usr/lib/jvm/java-6-sun-1.6.0.17/jre/bin/java[java:30620] uid/euid:1011/1011 gid/egid:1011/1011, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Jul 20 07:30:02 nsxxxxxx kernel: grsec: From x.x.x.x: Segmentation fault occurred at 000000000000001c in /usr/lib/jvm/java-6-sun-1.6.0.17/jre/bin/java[java:30672] uid/euid:1011/1011 gid/egid:1011/1011, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Jul 20 07:30:14 nsxxxxxx kernel: grsec: From x.x.x.x: Segmentation fault occurred at 0000000000000008 in /usr/lib/jvm/java-6-sun-1.6.0.17/jre/bin/java[java:30683] uid/euid:1011/1011 gid/egid:1011/1011, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Jul 20 07:30:14 nsxxxxxx kernel: grsec: From x.x.x.x: Segmentation fault occurred at 0000000000000008 in /usr/lib/jvm/java-6-sun-1.6.0.17/jre/bin/java[java:30683] uid/euid:1011/1011 gid/egid:1011/1011, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 ...

It seems that changing the kernel to a non GRSEC one could work.

answered December 21, 2010 6:39 am CST
Thierry
0
 

Java, among other things, is known to not play nice together with grsec.

You'll have to use chpax against Java binary at least, but switching to a non-grsec kernel is a better option.

answered December 21, 2010 6:39 am CST
halp

Your answer

Join with account you already have

Sign in with Twitter account
Sign in with Facebook account
Sign in with Google Friend Connect

Preview
Similar questions
Eclipse tomcat: how can i deploy a java tomcat project to a directory without having tomcat installed?
November 23, 2010
Eclipse adding java ant based project: Specified buildfile does not contain a javac task
November 21, 2010
Linux file server
December 8, 2010
Linux HTML file server
December 8, 2010
Why does 'ls' command in linux return some results in [squarebrackets].jar ?
November 25, 2010
Linux web server shared hosting file errors
December 16, 2010
SAXParseException using Apache Sorl with tomcat on CentOS5
December 21, 2010
What are good resources for getting started with Apache Tomcat 7?
October 6, 2010
I am unable to connect to my Apache Tomcat installation.
July 27, 2010
Forward Shibboleth Environment Variables to Tomcat via Apache
December 6, 2009
Linux services: is there a GUI for services?
August 3, 2010
Why is a Tomcat webapp failing when an almost identical app starts within the same Tomcat instance?
December 17, 2010
How to correct Wicket in Tomcat at /myapp behinds Apache proxy at / that send incorrect redirect to /myapp/xxx instead of /xxx?
December 12, 2010
How to run GWT application in Tomcat?
November 12, 2010
Starting Tomcat from Eclipse
November 26, 2010
Tomcat Referrer Lockdown
December 22, 2009
Web-Service on Tomcat with Timeout
December 17, 2010
How to deploy to Tomcat from NetBeans?
May 6, 2010
Configure nginx for jboss/tomcat
November 16, 2009
Mysql not reconnecting with JNDI Tomcat 6
December 3, 2009
Tomcat restart, no all apps start
November 10, 2009
How to start stop tomcat server using CMD?
December 21, 2010
400 "bad request" after tomcat installation on kubuntu
January 29, 2010
Tomcat sessions expiring unexpectedly
June 6, 2009
Is it possible to disable jsessionid in tomcat servlet?
June 7, 2009
Best tomcat hosting servrice provider for jsp
February 12, 2010
Eclipse: start a tomcat project
August 5, 2010
How to install several Tomcat instances on Ubuntu?
May 19, 2010
Tomcat: how to set short expiry for javascript files
September 1, 2010
Tomcat cluster with inconsistent static resources
December 17, 2010