Page 1 of 1

Invisible segmentation fault

PostPosted: Tue May 15, 2007 4:39 am
by zarrelli
Hi,

after patching linux-2.6.19.2, with grsecurity-2.1.10-2.6.19.2-200701222307.patch (on ubuntu 7.04 server 64 bit) I found a weird behaviour during the boot: I see a lot of fast segmentation fault but the boot goes on. After this fast segfaults the kernel seems to boot normally and the on screen log starts with

kinit name_to_dev_t(/dev/sda1)=sda1(8,1)

and goes on till the end. Well, after the boot all seems working well, but I can't point out the problems. I can't find useful infos in sys logs, except, maybe, for the following lines:

May 15 10:28:02 cruncher kernel: [ 94.125669] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2076] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.126496] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2081] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.128386] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2090] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.130824] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2099] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.133542] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2109] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.136307] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2122] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.137281] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2128] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.138173] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2131] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.139021] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2136] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.139874] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2143] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.140725] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2148] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.141551] grsec: more alerts, logging disabled for 5 seconds


Any idea on what could it be and how to solve it?

Thanks in advance

Here my pax and grsec kernel config:


# Security options
#

#
# PaX
#
CONFIG_PAX=y

#
# PaX Control
#
CONFIG_PAX_SOFTMODE=y
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set

#
# Non-executable pages
#
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_MPROTECT=y
CONFIG_PAX_NOELFRELOCS=y

#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y

#
# Miscellaneous hardening features
#
CONFIG_PAX_MEMORY_SANITIZE=y

#
# Grsecurity
#
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
# CONFIG_GRKERNSEC_CUSTOM is not set

#
# Address Space Protection
#
CONFIG_GRKERNSEC_KMEM=y
# CONFIG_GRKERNSEC_IO is not set
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODSTOP=y
CONFIG_GRKERNSEC_HIDESYM=y

#
# Role Based Access Control Options
#
# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30

#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=1001
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y

#
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
# CONFIG_GRKERNSEC_PROC_IPADDR is not set
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set

#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_SHM=y
CONFIG_GRKERNSEC_DMESG=y
# CONFIG_GRKERNSEC_TPE is not set

#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_SOCKET=y
# CONFIG_GRKERNSEC_SOCKET_ALL is not set
# CONFIG_GRKERNSEC_SOCKET_CLIENT is not set
# CONFIG_GRKERNSEC_SOCKET_SERVER is not set

#
# Sysctl support
#
# CONFIG_GRKERNSEC_SYSCTL is not set

#
# Logging Options
#
# CONFIG_GRKERNSEC_SYSCTL is not set

#
# Logging Options
#
CONFIG_GRKERNSEC_FLOODTIME=5
CONFIG_GRKERNSEC_FLOODBURST=10
CONFIG_KEYS=y
# CONFIG_KEYS_DEBUG_PROC_KEYS is not set
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_NETWORK_XFRM is not set
CONFIG_SECURITY_CAPABILITIES=y
# CONFIG_SECURITY_ROOTPLUG is not set
# CONFIG_SECURITY_SELINUX is not set

Re: Invisible segmentation fault

PostPosted: Wed May 16, 2007 5:09 pm
by PaX Team
zarrelli wrote:May 15 10:28:02 cruncher kernel: [ 94.125669] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[sleep:2076] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
do you have other logs (notably, from PaX) as well?

other than that, you'd have to enable coredumps that early and see why /init crashed. or maybe run it by hand if that reproduces the crash, then you can debug it easily. you can also try to eliminate kernel config options, starting with the PaX bits and see when the problem goes away.

Re: Invisible segmentation fault

PostPosted: Fri May 18, 2007 7:17 am
by zarrelli
do you have other logs (notably, from PaX) as well?

other than that, you'd have to enable coredumps that early and see why /init crashed. or maybe run it by hand if that reproduces the crash, then you can debug it easily. you can also try to eliminate kernel config options, starting with the PaX bits and see when the problem goes away.


I was trying to enable ulimit -c 50000 but I don't understand how to enable it permanently at boot time in ubuntu 7.04. Anyone knows how to set up at boot?

If I understand well it's the process "sleep" spawner by init which is crashing.