Hello Mike, On Sat, Aug 06, 2011 at 10:58:56AM +0200, Mike Hommey wrote: > On Sat, Jul 09, 2011 at 05:00:55PM +0200, Helge Kreutzmann wrote: > > after the security update of iceweasel (DSA 2268-1) iceweasel no longer > > starts, even if I > > paxctl -c /usr/lib/xulrunner-1.9.1/xulrunner-stub > > paxctl -r /usr/lib/xulrunner-1.9.1/xulrunner-stub > > Before the upgrade and after a downgrade, i.e. > > dpkg -i xulrunner-1.9.1_1.9.1.16-7_amd64.deb libmozjs2d_1.9.1.16-7_amd64.deb > > and the above commands, iceweasel works again. > > > > Looks like getting web browser security in Debian is getting harder > > :-(( > > > > I'll post any further finding once available, if you hear anything > > from upstream (tips, patches, ...) or any other source (hardened > > gentoo, maybe) it would be great if you could post them as well. > > Did you find something new?
Yes, you need one more option in grsecurity enabled (and the
description of it is misleading):
-# CONFIG_PAX_EI_PAX is not set
+CONFIG_PAX_EI_PAX=y
Now iceweasel works again.
Sorry for not informing you.
Greetings
Helge
--
Dr. Helge Kreutzmann deb...@helgefjell.de
Dipl.-Phys. http://www.helgefjell.de/debian.php
64bit GNU powered gpg signed mail preferred
Help keep free software "libre": http://www.ffii.de/
signature.asc
Description: Digital signature
