Signal 11 (SEGV) caught by ps (procps version 3.2.8).

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Signal 11 (SEGV) caught by ps (procps version 3.2.8).

Postby bugmenot » Thu Feb 21, 2013 12:18 pm

How can I solve this error.

root@:~# ps ax
PID TTY STAT TIME COMMAND
1 ? Ss 0:01 init [2]
37 ? S< 0:00 [cpuset]
38 ? S< 0:00 [khelper]
39 ? S 0:00 [kdevtmpfs]
40 ? S< 0:00 [netns]
41 ? S 0:00 [sync_supers]
42 ? S 0:00 [bdi-default]
43 ? S< 0:00 [kintegrityd]
44 ? S< 0:00 [kblockd]
45 ? S 0:00 [khungtaskd]
46 ? S 0:00 [kswapd0]
47 ? SN 0:00 [ksmd]
48 ? SN 0:00 [khugepaged]
49 ? S 0:00 [fsnotify_mark]
50 ? S< 0:00 [crypto]
116 ? S< 0:00 [ata_sff]
129 ? S< 0:00 [mpt_poll_0]
131 ? S< 0:00 [mpt/0]
145 ? S 0:00 [scsi_eh_2]
150 ? S 0:00 [kworker/u:3]
194 ? S 0:00 [kjournald]
339 ? S< 0:00 [kpsmoused]
796 ? Ss 0:00 /sbin/portmap
986 ? Sl 0:00 /usr/sbin/rsyslogd -c4
1091 ? S 0:00 /usr/sbin/vmtoolsd
1123 ? Ss 0:00 /usr/sbin/apache2 -k start
1152 ? Ss 0:00 /usr/sbin/atd


Signal 11 (SEGV) caught by ps (procps version 3.2.8).
Please send bug reports to <feedback@lists.sf.net> or <albert@users.sf.net>
root@:~#




root@:~# sysctl -a | grep grsec
kernel.grsecurity.linking_restrictions = 1
kernel.grsecurity.enforce_symlinksifowner = 1
kernel.grsecurity.symlinkown_gid = 33
kernel.grsecurity.exec_logging = 1
kernel.grsecurity.signal_logging = 1
kernel.grsecurity.forkfail_logging = 1
kernel.grsecurity.timechange_logging = 1
kernel.grsecurity.chroot_execlog = 1
kernel.grsecurity.audit_chdir = 1
kernel.grsecurity.audit_mount = 1
kernel.grsecurity.resource_logging = 1
kernel.grsecurity.audit_ptrace = 1
kernel.grsecurity.grsec_lock = 0
kernel.osrelease = 3.2.38-grsec


root@:~# cat /etc/debian_version
6.0.6

root@:~# cat /etc/group | grep www-data:x
www-data:x:33:
bugmenot
 
Posts: 14
Joined: Sat Jun 27, 2009 12:42 am

Re: Signal 11 (SEGV) caught by ps (procps version 3.2.8).

Postby spender » Thu Feb 21, 2013 2:53 pm

Can you strace ps ax ?

Has procps been updated recently? What's the last patch that didn't exhibit this problem?

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: Signal 11 (SEGV) caught by ps (procps version 3.2.8).

Postby bugmenot » Fri Feb 22, 2013 3:12 am

root@:~# dpkg -l | grep procps
ii procps 1:3.2.8-9squeeze1 /proc file system utilities



The last two patch exhibit that problem. I sad that the patch caused that problem before but unfortunately it is still repeating with that one.

grsecurity-2.9.1-3.2.39-201302202032.patch
I didnt try that one, ıf you say so, i can try that.
bugmenot
 
Posts: 14
Joined: Sat Jun 27, 2009 12:42 am

Re: Signal 11 (SEGV) caught by ps (procps version 3.2.8).

Postby spender » Fri Feb 22, 2013 8:14 am

Can you provide the strace?

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: Signal 11 (SEGV) caught by ps (procps version 3.2.8).

Postby bugmenot » Fri Feb 22, 2013 8:53 am

bugmenot
 
Posts: 14
Joined: Sat Jun 27, 2009 12:42 am

Re: Signal 11 (SEGV) caught by ps (procps version 3.2.8).

Postby spender » Mon Feb 25, 2013 10:29 pm

This is actually an upstream problem. 3.2.29 backported a change that allowed /proc/pid/status to show all supplementary groups, not just a max of 32. Procps wants to read a line and extract out each supplementary group, but there's a bug in its implementation where it instead basically assumes that a full line will occur within a single 1024 byte read(). Since it doesn't, it keeps looping, eventually performs an integer overflow on its size argument to realloc, and crashes after the resulting overflowed-size buffer is allocated.

So you'll only see this if a particular task is running with a rather large number of supplementary groups. I'm waiting to see how upstream responds to this problem, but it doesn't look like they've figured out the above yet.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: Signal 11 (SEGV) caught by ps (procps version 3.2.8).

Postby spender » Mon Feb 25, 2013 10:33 pm

If you'd like to revert to the previous kernel behavior, just apply one of the following patches on top of the already-patched kernel:

For 3.8:

Code: Select all
diff --git a/fs/proc/array.c b/fs/proc/array.c
index 077235f..439544f 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -212,7 +212,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
        group_info = cred->group_info;
        task_unlock(p);
 
-       for (g = 0; g < group_info->ngroups; g++)
+       for (g = 0; g < min(group_info->ngroups, NGROUPS_SMALL); g++)
                seq_printf(m, "%d ",
                           from_kgid_munged(user_ns, GROUP_AT(group_info, g)));
        put_cred(cred);


For 3.2:

Code: Select all
diff --git a/fs/proc/array.c b/fs/proc/array.c
index 3a1dafd..439b5a1 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -204,7 +204,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
        group_info = cred->group_info;
        task_unlock(p);
 
-       for (g = 0; g < group_info->ngroups; g++)
+       for (g = 0; g < min(group_info->ngroups, NGROUPS_SMALL); g++)
                seq_printf(m, "%d ", GROUP_AT(group_info, g));
        put_cred(cred);
 
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity support