Le 2015-01-20 12:40, Marko Randjelovic a écrit :
I was running Wheezy Iceweasel with vanilla 3.14 kernel with grsec. I
tried to play video on YouTube with gnash plugin but Iceweasel
crashed
with alike messages
execution attempt in ...
Terminating task /usr/lib/iceweasel/iceweasel
Full log can be found on http://paste.lisp.org/+343V
Hi,
My understanding from the grsec logs you pasted is that gnash tried to
allocate more memory than your RLIMIT-MEMLOCK limit (65536), and this is
the reason why gnash crashed.
I wouldn't hint this is sufficient to conclude in hacking. Flash is
known well enough for eating a lot of memory at times.
I would suggest either to try playing "similar" flash from trusted
sources (good luck finding them though, maybe @adobe.com - One might
also believe youtube.com is a trusted source ) and see if the plugin
crashes on them too ; or maybe to raise limit progressively to see where
it is accepted.
As a side note, youtube supports HTML5, and if your browser had no
flash support at all but HTML5 support, then you, your grsec kernel, and
all kittens in the world could just be delighted and still have youtube
content played fine.
Cheers,
Vincent
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/01628a71ffdcbbaab3e6816de3861...@raceme.org