grsecurity forums

Hoi!

Every time grsec denies executable mmap for one of my perl scripts, the kernel crashes. Sometimes I have time to execute a reboot command, sometimes I don't :(

Any ideas what I should do?

The scripts are relative simple: tailing a logfile, and managing an access list based on logs.
kernel is 2.4.30-grsec2.1.5-200504082027
perl version: 5.8.4-8
libc6: 2.3.2.ds1-21
linux version: debian/sarge
tested on two different machines (dual xeon (4 processors with HT), and single processor p4 (2 processors with HT))

grsec reports these in syslog:
May 31 13:27:01 ripley kernel: grsec: (default:D:/usr/sbin/delexpired.pl) denied executable mmap of /lib/ld-2.3.2.so by /usr/sbin/delexpired.pl[delexpired.pl:15747] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:1559] uid/euid:0/0 gid/egid:0/0
May 31 13:27:01 ripley kernel: Unable to load interpreter /lib/ld-linux.so.2
May 31 13:27:01 ripley kernel: grsec: (default:D:/usr/sbin/delexpired.pl) signal 11 sent to /usr/sbin/delexpired.pl[delexpired.pl:15747] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:1559] uid/euid:0/0 gid/egid:0/0
May 31 13:27:01 ripley kernel: kernel BUG at memory.c:377!
May 31 13:27:01 ripley kernel: invalid operand: 0000
[...]
Jun 6 09:49:01 ripley /USR/SBIN/CRON[3097]: (root) CMD (/usr/sbin/delexpired.pl >/dev/null 2>&1)
Jun 6 09:49:01 ripley kernel: grsec: (default:D:/usr/sbin/delexpired.pl) denied executable mmap of /lib/ld-2.3.2.so by /usr/sbin/delexpired.pl[delexpired.pl:22802] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:3097] uid/euid:0/0 gid/egid:0/0
Jun 6 09:49:01 ripley kernel: grsec: (default:D:/usr/sbin/delexpired.pl) signal 11 sent to /usr/sbin/delexpired.pl[delexpired.pl:22802] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:3097] uid/euid:0/0 gid/egid:0/0
[...]
Jun 7 12:03:02 ripley kernel: grsec: From 213.178.99.46: (default:D:/usr/sbin/popauthd) denied executable mmap of /usr/bin/perl by /usr/sbin/popauthd[popauthd:362] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Does the problem still occur if you disable PaX in your configuration?

-Brad

Well, this is the acl for the delexpired.pl:

subject /usr/sbin/delexpired.pl doRPS {
/ h
/etc/exim4 rwcdl
/etc/exim4/access.info r
/etc/exim4/exim4.conf h
/lib r
/usr//lib r
/usr/bin/perl rx
-CAP_ALL
bind disabled
connect disabled
}

PaX was not disabled in kernel level, and unfortunately these servers can't be restarted too often, to try another kernels.

But I'll try it in an another machine.

Einon wrote:Hoi!

Every time grsec denies executable mmap for one of my perl scripts, the kernel crashes. Sometimes I have time to execute a reboot command, sometimes I don't

Any ideas what I should do?

can you try out 2.4.31 (the grsec test version is at the usual place)? i tried to fix this problem, or rather, some of the symptoms, as the underlying issue is very complex and i don't know yet what the proper solution should be (it's a kernel bug/feature back from the 1.3.xx days...).