grsecurity forums


https://forums.grsecurity.net./

grsec crashing Gameserver

https://forums.grsecurity.net./viewtopic.php?f=3&t=1107

Page 1 of 1

grsec crashing Gameserver

PostPosted: Tue Feb 22, 2005 9:40 am
by In Flames
Hello,

i habe patched my kernel with the grsec security patch.
I have 3 Mohaa Spearhead, but they crash often since i habe patched my 2.6.10 Kernel.

The processes get status 11 and hang up.

First Server

Feb 21 17:50:40 debian kernel: grsec: From 80.184.55.XXX: signal 11 sent to /srv/mohrifle/spearhead_lnxded[spearhead_lnxde:30648] uid/euid:1000/1000 gid/egid:100/100, parent /bin/bash[sh:8779] uid/euid:1000/1000 gid/egid:100/100


Secend and third server

Feb 21 22:07:20 debian kernel: grsec: From 80.184.55.XXX: signal 11 sent to /srv/mohaa/spearhead_lnxded[spearhead_lnxde:19271] uid/euid:1000/1000 gid/egid:100/100, parent /srv/mlds.sh[mlds.sh:7551] uid/euid:1000/1000 gid/egid:100/100

Feb 21 22:09:44 debian kernel: grsec: From 80.184.55.XXX: signal 11 sent to /srv/mohrifle/spearhead_lnxded[spearhead_lnxde:23418] uid/euid:1000/1000 gid/egid:100/100, parent /bin/bash[sh:8779] uid/euid:1000/1000 gid/egid:100/100


I hope you can help me, thank you very much

Greetings from Germany

PostPosted: Tue Feb 22, 2005 3:25 pm
by glaeken
try turning PAX features off for this process in ACL
or try chpax utility

PostPosted: Wed Feb 23, 2005 3:24 am
by In Flames
Thank you.

That I already considered myself but the grsec patch is than useless??


Thanks

PostPosted: Wed Feb 23, 2005 10:19 am
by glaeken
No, probably only some of the PAX features are in conflict with this game server. You can play around with them to know exactly which part of PAX makes it unusable. Instead you can use RBAC system to "guard" this gameserver. As I suppose it doesn't need i.e. access to /etc/shadow nor /proc neither other system-critical places (/bin etc.)

PostPosted: Thu Feb 24, 2005 5:07 am
by In Flames
The chpax patch doesent help

PostPosted: Thu Feb 24, 2005 5:21 pm
by spender
If there are no other grsec logs associated with this, I don't think it is related to grsec. Grsec is not sending the signal, it is merely logging what the system was doing anyways. I would need an strace of the process to determine what the culprit is.

-Brad

PostPosted: Fri Feb 25, 2005 4:04 am
by PaX Team
In Flames wrote:That I already considered myself but the grsec patch is than useless??
indeed, disabling PaX features should be your last resort only, as that solves the symptoms, not the problem (unless the problem is actual runtime code generation, but i take it that this server doesn't want to do that per se, you would have gotten a PaX kill message for that). imho, this is some application bug triggered by one of the hardening options in grsec (including PaX, but i think it can at most be randomization, not the non-exec pages). you can tell better if you can get a coredump and analyze it a bit. i posted the procedure here and/or the mailing list some time ago, if you have the time/knowledge (or can ask someone else) to do it, give it a try, you may well be uncovering some important bug in there. we can also help if you can give us shell access or at least the coredump, contact me or spender in private then (note that the coredump contains all writable process memory, including potentially sensitive info, you don't want to put it on a public webserver ;-).
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/