If BitTornado is used on a Hardened Gentoo system with psyco installed, PaX terminates the process (specifically, btdownloadgui.py). I assume this has something to do with Python, as psyco speeds up python code execution. Unmerging psyco resolves the problem. Reproducible: Always Steps to Reproduce: 1. on hardened, emerge bittornado psyco 2. execute a .torrent file, with bittornado as the default client Actual Results: PaX terminates BitTornado download GUI Expected Results: Begun downloading torrent log output: Jun 16 19:12:38 [kernel] PAX: execution attempt in: <anonymous mapping>, 2943c000-2b43c000 2943c000 Jun 16 19:12:38 [kernel] PAX: terminating task: /usr/bin/python2.3(btdownloadgui.p):14351, uid/euid: 1000/1000, PC: 2943c000, SP: 4fd7b04c Jun 16 19:12:38 [kernel] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/bin/btdownloadgui.py[btdownloadgui.p:14351] uid/euid:1000/1000 gid/egid:100/100, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 emerge -v --info output: Portage 2.0.51.19 (hardened/x86/2.6, gcc-3.3.5-20050130, glibc-2.3.4.20041102-r1, 2.6.11-hardened-r14 i686) ================================================================= System uname: 2.6.11-hardened-r14 i686 Intel(R) Pentium(R) 4 CPU 2.53GHz Gentoo Base System version 1.6.12 Python: dev-lang/python-2.3.5 [2.3.5 (#1, May 11 2005, 18:37:00)] dev-lang/python: 2.3.5 sys-apps/sandbox: [Not Present] sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.8.5-r3, 1.5, 1.7.9-r1, 1.6.3, 1.4_p6, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.6.8.1-r2 ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="" ARCH="x86" AUTOCLEAN="yes" BASH_ENV="/etc/spork/is/not/valid/profile.env" CFLAGS="-O2 -march=i686 -pipe" CHOST="i686-pc-linux-gnu" CLASSPATH="." CLEAN_DELAY="5" COLORTERM="gnome-terminal" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CVS_RSH="ssh" CXXFLAGS="-O2 -march=i686 -pipe" DESKTOP_SESSION="gnome" DESKTOP_STARTUP_ID="" DISPLAY=":0.0" DISTDIR="/usr/portage/distfiles" EDITOR="/usr/bin/emacs" ELIBC="glibc" FEATURES="autoaddcvs autoconfig ccache collision-protect distlocks sandbox sfperms strict test userpriv" FETCHCOMMAND="/usr/bin/wget -t 5 --passive-ftp -P ${DISTDIR} ${URI}" GCC_SPECS="" GDK_USE_XFT="1" GDMSESSION="gnome" GDM_XSERVER_LOCATION="local" GENTOO_MIRRORS="http://gentoo.osuosl.org/ ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo http://csociety-ftp.ecn.purdue.edu/pub/gentoo/ ftp://csociety-ftp.ecn.purdue.edu/pub/gentoo/ ftp://mirror.iawnet.sandia.gov/pub/gentoo/ ftp://ftp.ussg.iu.edu/pub/linux/gentoo http://gentoo.seren.com/gentoo http://gentoo.chem.wisc.edu/gentoo/ ftp://gentoo.chem.wisc.edu/gentoo/ http://cudlug.cudenver.edu/gentoo/ ftp://cudlug.cudenver.edu/pub/mirrors/distributions/gentoo/ http://gentoo.ccccom.com ftp://gentoo.ccccom.com http://gentoo.mirrors.tds.net/gentoo ftp://gentoo.mirrors.tds.net/gentoo http://gentoo.netnitco.net ftp://gentoo.netnitco.net/pub/mirrors/gentoo/source/ http://mirror.espri.arizona.edu/gentoo/ http://mirror.clarkson.edu/pub/distributions/gentoo/ http://mirrors.acm.cs.rpi.edu/gentoo/ ftp://ftp.ndlug.nd.edu/pub/gentoo/ http://open-systems.ufl.edu/mirrors/gentoo http://gentoo.llarian.net/ ftp://gentoo.llarian.net/pub/gentoo http://gentoo.binarycompass.org http://mirror.datapipe.net/gentoo http://mirror.datapipe.net/gentoo http://gentoo.eliteitminds.com http://gentoo.cs.lewisu.edu/gentoo/ ftp://linux.cs.lewisu.edu/gentoo/ http://prometheus.cs.wmich.edu/gentoo http://modzer0.cs.uaf.edu/public/gentoo/ http://mirror.usu.edu/mirrors/gentoo/ ftp://mirror.usu.edu/mirrors/gentoo/ http://lug.mtu.edu/gentoo http://mirror.phy.olemiss.edu/mirror/gentoo" GNOME_DESKTOP_SESSION_ID="Default" GNOME_KEYRING_SOCKET="/tmp/keyring-zvFFL8/socket" GRP_STAGE23_USE="x86 berkdb crypt readline nls ssl tcpd zlib pam pic hardened dlloader"GTK_RC_FILES="/etc/gtk/gtkrc:/home/chris/.gtkrc-1.2-gnome2" GUILE_LOAD_PATH="/usr/share/guile/1.6" G_BROKEN_FILENAMES="1" HOME="/home/chris" HOSTNAME="hal" INFOPATH="/usr/share/info:/usr/share/binutils-data/i686-pc-linux-gnu/2.15.92.0.2/info:/usr/share/gcc-data/i686-pc-linux-gnu/3.3.5-20050130/info:/usr/share/info/emacs-21" JAVAC="/opt/sun-jdk-1.4.2.08/bin/javac" JAVA_HOME="/opt/sun-jdk-1.4.2.08" JDK_HOME="/opt/sun-jdk-1.4.2.08" KERNEL="linux" LANG="en_US.utf8" LC_ALL="en_US.utf8" LESS="-R" LESSOPEN="|lesspipe.sh %s" LOGNAME="chris" LS_COLORS="no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=01;32:*.cmd=01;32:*.exe=01;32:*.com=01;32:*.btm=01;32:*.bat=01;32:*.sh=01;32:*.csh=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.mng=01;35:*.xcf=01;35:*.pcx=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.avi=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.mov=01;35:*.qt=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.fli=01;35:*.gl=01;35:*.dl=01;35:*.pdf=00;32:*.ps=00;32:*.txt=00;32:*.patch=00;32:*.diff=00;32:*.log=00;32:*.tex=00;32:*.doc=00;32:*.mp3=00;36:*.wav=00;36:*.mid=00;36:*.midi=00;36:*.au=00;36:*.ogg=00;36:*.flac=00;36:*.aac=00;36:" MAKEOPTS="-j2" MANPATH="/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/i686-pc-linux-gnu/2.15.92.0.2/man:/usr/share/gcc-data/i686-pc-linux-gnu/3.3.5-20050130/man::/opt/sun-jdk-1.4.2.08/man" NOCOLOR="false" OPENGL_PROFILE="xorg-x11" PAGER="/usr/bin/less" PATH="/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/3.3.5-20050130:/usr/i386-pc-linux-gnu/gcc-bin/3.3.5:/opt/sun-jdk-1.4.2.08/bin:/opt/sun-jdk-1.4.2.08/jre/bin:/opt/sun-jdk-1.4.2.08/jre/javaws:/usr/games/bin" PKGDIR="/usr/portage//packages/x86/" PORTAGE_ARCHLIST="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 ppc-macos ppc-od s390 sh sparc x86 x86-fbsd x86-obsd x86-od" PORTAGE_BINHOST_CHUNKSIZE="3000" PORTAGE_CALLER="emerge" PORTAGE_GID="250" PORTAGE_MASTER_PID="18135" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" PRELINK_PATH="" PRELINK_PATH_MASK="/usr/lib/gstreamer-0.8:/usr/lib/wine:/usr/lib/valgrind:/opt" PWD="/home/chris" PYTHONDOCS="/usr/share/doc/python-docs-2.3.5/html" RESUMECOMMAND="/usr/bin/wget -c -t 5 --passive-ftp -P ${DISTDIR} ${URI}" RPMDIR="/usr/portage/rpm" RSYNC_RETRIES="3" RSYNC_TIMEOUT="180" SANE_CONFIG_DIR="/etc/sane.d" SESSION_MANAGER="local/hal:/tmp/.ICE-unix/713" SHELL="/bin/bash" SHLVL="1" SSH_AGENT_PID="2195" SSH_AUTH_SOCK="/tmp/ssh-mptzAHo713/agent.713" STAGE1_USE="hardened pic " SYNC="rsync://rsync.us.gentoo.org/gentoo-portage" TERM="xterm" USE="3dnow 3dnowext X a52 aalib acl acpi adns aim alsa apache2 artworkextra authdaemond avi avifile bash-completion berkdb bitmap-fonts bzip2 bzlib c++ calendar caps cdparanoia cdr chroot cjk crypt cups curl curlwrappers dga divx4linux dlloader doc dv dvb dvd dvdr dvdread eds emacs encode esd evo examples exif extensions fam fbcon firebird flac flash foomaticdb ftlk ftp gabber gb gcj gd gdbm gif gimp gimpprint glut gmp gnome gnustep gnutls gphoto2 gpm gstreamer gtk gtk2 gtkhtml guile hal hardened hardenedphp howl icq ieee1394 imagemagick imap imlib inline innodb ipv6 ithreads jack java javascript jikes jpeg junit kerberos krb4 lcms ldap leim libcaca libgda libwww lm_sensors mad matroska matrox memlimit mikmod mime ming mmap mmx mmxext mng motif mozsvg mozxmlterm mp3 mpeg mpi msn mysql mysqli ncurses nls nptl odbc ogg oggvorbis openal opengl oscal oss other_var1 other_var2 pam pcre pda pdflib perl php pic plotutils png portaudio posix ppds python quicktime readline real recode sasl scanner sdl sftplogging sharedext sharedmem shorten skey slang slp smartcard sndfile sockets socks5 spell spl sse sse2 ssl svg svga symlink szip tcltk tcpd tetex theora threads tidy tiff tokenizer toolbar truetype truetype-fonts unicode usb userlocales v41 v4l v4l2 vcd videos vorbis wifi win32codecs wmf wnf wxwindows x86 xml xml2 xmms xosd xprint xv xvid yahoo zlib userland_GNU kernel_linux elibc_glibc" USER="chris" USERLAND="GNU" USERNAME="chris" USE_EXPAND="FRITZCAPI_CARDS FCDSL_CARDS VIDEO_CARDS INPUT_DEVICES LINGUAS USERLAND KERNEL ELIBC" WINDOWID="37748938" XARGS="xargs -r" XAUTHORITY="/home/chris/.Xauthority" XINITRC="/etc/X11/xinit/xinitrc" XPSERVERLIST="" _="/usr/bin/emerge"
pysco is a JIT compiler that emits machine code on the fly instead of interpreting it. By nature this is exactly what PaX was designed to prevent. The only real solution is to not use pysco. Try pyrex or other tools out there which can fully compile python objects