Invisible segmentation fault
Posted: Tue May 15, 2007 4:39 am
Hi,
after patching linux-2.6.19.2, with grsecurity-2.1.10-2.6.19.2-200701222307.patch (on ubuntu 7.04 server 64 bit) I found a weird behaviour during the boot: I see a lot of fast segmentation fault but the boot goes on. After this fast segfaults the kernel seems to boot normally and the on screen log starts with
kinit name_to_dev_t(/dev/sda1)=sda1(8,1)
and goes on till the end. Well, after the boot all seems working well, but I can't point out the problems. I can't find useful infos in sys logs, except, maybe, for the following lines:
May 15 10:28:02 cruncher kernel: [ 94.125669] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2076] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.126496] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2081] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.128386] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2090] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.130824] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2099] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.133542] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2109] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.136307] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2122] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.137281] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2128] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.138173] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2131] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.139021] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2136] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.139874] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2143] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.140725] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2148] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.141551] grsec: more alerts, logging disabled for 5 seconds
Any idea on what could it be and how to solve it?
Thanks in advance
Here my pax and grsec kernel config:
# Security options
#
#
# PaX
#
CONFIG_PAX=y
#
# PaX Control
#
CONFIG_PAX_SOFTMODE=y
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
#
# Non-executable pages
#
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_MPROTECT=y
CONFIG_PAX_NOELFRELOCS=y
#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
#
# Miscellaneous hardening features
#
CONFIG_PAX_MEMORY_SANITIZE=y
#
# Grsecurity
#
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
# CONFIG_GRKERNSEC_CUSTOM is not set
#
# Address Space Protection
#
CONFIG_GRKERNSEC_KMEM=y
# CONFIG_GRKERNSEC_IO is not set
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODSTOP=y
CONFIG_GRKERNSEC_HIDESYM=y
#
# Role Based Access Control Options
#
# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=1001
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
#
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
# CONFIG_GRKERNSEC_PROC_IPADDR is not set
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_SHM=y
CONFIG_GRKERNSEC_DMESG=y
# CONFIG_GRKERNSEC_TPE is not set
#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_SOCKET=y
# CONFIG_GRKERNSEC_SOCKET_ALL is not set
# CONFIG_GRKERNSEC_SOCKET_CLIENT is not set
# CONFIG_GRKERNSEC_SOCKET_SERVER is not set
#
# Sysctl support
#
# CONFIG_GRKERNSEC_SYSCTL is not set
#
# Logging Options
#
# CONFIG_GRKERNSEC_SYSCTL is not set
#
# Logging Options
#
CONFIG_GRKERNSEC_FLOODTIME=5
CONFIG_GRKERNSEC_FLOODBURST=10
CONFIG_KEYS=y
# CONFIG_KEYS_DEBUG_PROC_KEYS is not set
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_NETWORK_XFRM is not set
CONFIG_SECURITY_CAPABILITIES=y
# CONFIG_SECURITY_ROOTPLUG is not set
# CONFIG_SECURITY_SELINUX is not set
after patching linux-2.6.19.2, with grsecurity-2.1.10-2.6.19.2-200701222307.patch (on ubuntu 7.04 server 64 bit) I found a weird behaviour during the boot: I see a lot of fast segmentation fault but the boot goes on. After this fast segfaults the kernel seems to boot normally and the on screen log starts with
kinit name_to_dev_t(/dev/sda1)=sda1(8,1)
and goes on till the end. Well, after the boot all seems working well, but I can't point out the problems. I can't find useful infos in sys logs, except, maybe, for the following lines:
May 15 10:28:02 cruncher kernel: [ 94.125669] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2076] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.126496] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2081] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.128386] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2090] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.130824] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2099] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.133542] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2109] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.136307] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2122] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.137281] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2128] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.138173] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2131] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.139021] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2136] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.139874] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2143] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.140725] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2148] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.141551] grsec: more alerts, logging disabled for 5 seconds
Any idea on what could it be and how to solve it?
Thanks in advance
Here my pax and grsec kernel config:
# Security options
#
#
# PaX
#
CONFIG_PAX=y
#
# PaX Control
#
CONFIG_PAX_SOFTMODE=y
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
#
# Non-executable pages
#
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_MPROTECT=y
CONFIG_PAX_NOELFRELOCS=y
#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
#
# Miscellaneous hardening features
#
CONFIG_PAX_MEMORY_SANITIZE=y
#
# Grsecurity
#
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
# CONFIG_GRKERNSEC_CUSTOM is not set
#
# Address Space Protection
#
CONFIG_GRKERNSEC_KMEM=y
# CONFIG_GRKERNSEC_IO is not set
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODSTOP=y
CONFIG_GRKERNSEC_HIDESYM=y
#
# Role Based Access Control Options
#
# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=1001
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
#
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
# CONFIG_GRKERNSEC_PROC_IPADDR is not set
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_SHM=y
CONFIG_GRKERNSEC_DMESG=y
# CONFIG_GRKERNSEC_TPE is not set
#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_SOCKET=y
# CONFIG_GRKERNSEC_SOCKET_ALL is not set
# CONFIG_GRKERNSEC_SOCKET_CLIENT is not set
# CONFIG_GRKERNSEC_SOCKET_SERVER is not set
#
# Sysctl support
#
# CONFIG_GRKERNSEC_SYSCTL is not set
#
# Logging Options
#
# CONFIG_GRKERNSEC_SYSCTL is not set
#
# Logging Options
#
CONFIG_GRKERNSEC_FLOODTIME=5
CONFIG_GRKERNSEC_FLOODBURST=10
CONFIG_KEYS=y
# CONFIG_KEYS_DEBUG_PROC_KEYS is not set
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_NETWORK_XFRM is not set
CONFIG_SECURITY_CAPABILITIES=y
# CONFIG_SECURITY_ROOTPLUG is not set
# CONFIG_SECURITY_SELINUX is not set