grsecurity forums


https://forums.grsecurity.net./

Troubles with daemontools and PaX

https://forums.grsecurity.net./viewtopic.php?f=3&t=1073

Page 1 of 1

Troubles with daemontools and PaX

PostPosted: Mon Jan 24, 2005 9:52 am
by ah
I've got troubles with daemontools and PaX (current grsecurity against Linux 2.4.28, configured as suggest in http://grsecurity.net/quickstart.pdf):

Jan 24 13:45:13 sdsvl kernel: PAX: execution attempt in: <anonymous mapping>, 5b410000-5b412000 fffff000
Jan 24 13:45:13 sdsvl kernel: PAX: terminating task: /package/admin/daemontools-0.76/command/supervise(supervise):26385, uid/euid: 0/0, PC: 5b4109ac, SP:
5b4106dc
Jan 24 13:45:13 sdsvl kernel: PAX: bytes at PC: 58 b8 77 00 00 00 cd 80 b8 95 04 08 dc 09 41 5b 02 00 00 00
Jan 24 13:45:13 sdsvl kernel: grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by /package/admin/daemontools-0.76/command/supervise[supervise:26385] uid/euid:0/0 gid/egid:0/0, parent /package/admin/daemontools-0.76/command/svscan[svscan:9034] uid/euid:0/0 gid/egid:0/0

As suggested in http://grsecurity.net/quickstart.pdf (last page), I ran paxctl to disable pax for supervise:

paxctl -spmr /package/admin/daemontools-0.76/command/supervise

Doesn't help. What am I doing wrong?

PostPosted: Mon Jan 24, 2005 12:10 pm
by onyx
Do you have the patched binutils? Paxtcl works only with patched binutils. If you don't have it, try chpax instead of paxctl. (Eg if you have an old woody system)

Balint

PostPosted: Mon Jan 24, 2005 1:01 pm
by ah
Yeah, that's it. Thank you very much :)

Re: Troubles with daemontools and PaX

PostPosted: Mon Jan 24, 2005 6:45 pm
by PaX Team
ah wrote:Jan 24 13:45:13 sdsvl kernel: PAX: bytes at PC: 58 b8 77 00 00 00 cd 80 b8 95 04 08 dc 09 41 5b 02 00 00 00
it's the sigreturn trampoline, your glibc should be using its own, not the one provided by the kernel, better look around and see what went wrong there.

PostPosted: Mon Jan 24, 2005 7:01 pm
by ah
I'm everything else but an expert there. What could be the reason for the "wrong" glibc?

PostPosted: Tue Jan 25, 2005 1:40 am
by PaX Team
ah wrote:I'm everything else but an expert there. What could be the reason for the "wrong" glibc?
well, let's check your distro/glibc version first, maybe it's something we've already seen. normally any glibc 2.2+ should be using its own sigreturn code.

PostPosted: Tue Jan 25, 2005 5:32 am
by ah
sdsvl:~# cat /etc/debian_version
3.1
sdsvl:~# uname -r
2.4.28-grsec
sdsvl:~# dpkg -p libc6
Package: libc6
...
Source: glibc
Version: 2.3.2.ds1-20
...
Provides: glibc-2.3.2.ds1-20
...

PostPosted: Wed Jan 26, 2005 8:35 pm
by PaX Team
ah wrote:sdsvl:~# cat /etc/debian_version
3.1
debian's glibc used to have a similar issue but that manifested under 2.6 iirc and it was fixed last summer. so no idea about this one, try to submit a bugreport to their bugzilla.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/