Page 1 of 1
denied executable mmap of
Posted:
Fri Aug 18, 2006 4:43 amby p1kus
denied executable mmap of /etc/ld.so.cache by /sbin/gradm
strace gradm
...
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=48263, ...}) = 0
old_mmap(NULL, 48263, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f2d000
close(3) = 0
...
2.6.17.8-grsec, gradm v2.1.9
Can someone tell what is wrong?
Posted:
Sun Aug 20, 2006 12:04 pmby spender
What distro and glibc version are you using? You seem to be the first person to have a glibc that wants to mmap /etc/ld.so.cache as executable.
-Brad
Posted:
Mon Aug 21, 2006 10:16 amby p1kus
glibc-2.3.6 and slack 10.1, but it didnt happen before,
when i used
gradm v2.1.9
grsecurity-2.1.9-2.6.16.19-200606041421
i have got other problems
p1kus
Re: denied executable mmap of
Posted:
Wed Aug 23, 2006 7:25 amby PaX Team
p1kus wrote:denied executable mmap of /etc/ld.so.cache by /sbin/gradm
strace gradm
...
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=48263, ...}) = 0
old_mmap(NULL, 48263, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f2d000
close(3) = 0
...
2.6.17.8-grsec, gradm v2.1.9
Can someone tell what is wrong?
your gcc probably doesn't emit PT_GNU_STACK or emits one with RWE rights (check readelf -l), that will turn on READ_IMPLIES_EXEC (if PaX/non-exec pages are disabled) and trigger grsec.
Posted:
Thu Aug 24, 2006 3:40 amby p1kus
readelf -l /sbin/gradm
Elf file type is EXEC (Executable file)
Entry point 0x8049570
There are 7 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000034 0x08048034 0x08048034 0x000e0 0x000e0 R E 0x4
INTERP 0x000114 0x08048114 0x08048114 0x00013 0x00013 R 0x1
[Requesting program interpreter: /lib/ld-linux.so.2]
LOAD 0x000000 0x08048000 0x08048000 0x28d1c 0x28d1c R E 0x1000
LOAD 0x029000 0x08071000 0x08071000 0x02428 0x07b1c RW 0x1000
DYNAMIC 0x029014 0x08071014 0x08071014 0x000c8 0x000c8 RW 0x4
NOTE 0x000128 0x08048128 0x08048128 0x00020 0x00020 R 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.ABI-tag .hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame
03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
04 .dynamic
05 .note.ABI-tag
06
from PAX options are only enabled
PAX_MEMORY_SANITIZE
PAX_MEMORY_UDEREF
Posted:
Fri Aug 25, 2006 3:51 pmby PaX Team
p1kus wrote:readelf -l /sbin/gradm
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
thanks, so gradm is clean at least. what about the parent process of gradm (probably your shell)?
Posted:
Mon Aug 28, 2006 4:53 amby p1kus
readelf -l /bin/bash
...
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4
...
thanks for help
Posted:
Mon Aug 28, 2006 5:25 pmby PaX Team
p1kus wrote:readelf -l /bin/bash
...
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4
...
thanks for help
that's the problem then, your bash says it wants an executable stack, which it doesn't really, but due to the broken PT_GNU_STACK crap the kernel believes it and gives it one. then due to further broken crap in READ_IMPLIES_EXEC handling all children of bash will also get flagged by this and that's why you get the gradm failure. solution is to fix your userland, or at least bash so that it's not marked with an RWE GNU_STACK. the quick workaround is execstack -c. if you had enabled non-exec page support in PaX, all this would not have occured btw as i disable GNU_STACK handling for good.
Posted:
Wed Aug 30, 2006 11:59 amby p1kus
CONFIG_PAX=y
CONFIG_PAX_SOFTMODE=y
# CONFIG_PAX_EI_PAX is not set
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
# CONFIG_PAX_HAVE_ACL_FLAGS is not set
CONFIG_PAX_HOOK_ACL_FLAGS=y
CONFIG_PAX_NOEXEC=y
# CONFIG_PAX_PAGEEXEC is not set
# CONFIG_PAX_SEGMEXEC is not set
# CONFIG_PAX_KERNEXEC is not set
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
CONFIG_PAX_NOVSYSCALL=y
CONFIG_PAX_MEMORY_SANITIZE=y
CONFIG_PAX_MEMORY_UDEREF=y
I have enabled non-exec page support (should other EXEC options be enabled?)
and I still have problem with denied executable mmap of /etc/ld.so.cache.
but i noticed that kernel have RWE GNU_STACK
readelf -l vmlinux
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4
p1kus
Posted:
Wed Aug 30, 2006 1:04 pmby PaX Team
p1kus wrote:I have enabled non-exec page support (should other EXEC options be enabled?)
yes, you need at least PAGEEXEC or SEGMEXEC.
but i noticed that kernel have RWE GNU_STACK
readelf -l vmlinux
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4
vmlinux is not a userland application, what you see in its ELF headers has little to do with reality.
Posted:
Thu Aug 31, 2006 9:47 amby p1kus
thanks for help it's working
same problem
Posted:
Fri Mar 02, 2007 9:11 amby Einon
Hi!
I run into this problem as well, I tried what's written above, but no use.
My system is:
- Code: Select all
Linux junior 2.6.18.2-grsec #1 SMP Mon Nov 13 15:13:22 CET 2006 x86_64 GNU/Linux
config:
- Code: Select all
CONFIG_PAX=y
# CONFIG_PAX_SOFTMODE is not set
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_MPROTECT=y
CONFIG_PAX_NOELFRELOCS=y
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
CONFIG_PAX_MEMORY_SANITIZE=y
binaries:
- Code: Select all
junior:~# readelf -l /bin/bash
...
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 RW 8
...
junior:~# readelf -l /usr/bin/perl
...
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 RW 8
...
junior:~# chpax -v /usr/bin/perl
----[ chpax 0.7 : Current flags for /usr/bin/perl (pemrxs) ]----
* Paging based PAGE_EXEC : disabled
* Trampolines : not emulated
* mprotect() : not restricted
* mmap() base : not randomized
* ET_EXEC base : not randomized
* Segmentation based PAGE_EXEC : disabled
junior:~#
GRADM: v.2.1.9
Tested with:
- Code: Select all
www-data@junior:/home/terel/www.terel.eu$ perl -MHTML::Entities -e '$a = "Våre norske tegn bør æres"; decode_entities($a); print "$a\n";'
Can't load '/usr/lib/perl5/auto/HTML/Parser/Parser.so' for module HTML::Parser: /usr/lib/perl5/auto/HTML/Parser/Parser.so: failed to map segment from shared object: Permission denied at /usr/lib/perl/5.8/XSLoader.pm line 70.
at /usr/lib/perl5/HTML/Parser.pm line 17
Compilation failed in require at /usr/lib/perl5/HTML/Entities.pm line 147.
Compilation failed in require.
BEGIN failed--compilation aborted.
www-data@junior:/home/terel/www.terel.eu$
Re: same problem
Posted:
Sat Mar 10, 2007 6:08 amby PaX Team
Einon wrote:I run into this problem as well
no, you didn't. instead you run into this:
- Code: Select all
failed to map segment from shared object: Permission denied
which has been discussed several times on this board. reading the .config help about NOELFRELOCS is also useful at times...