SegFault while parsing learn logs

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

SegFault while parsing learn logs

Postby jacek_kal » Mon Apr 13, 2009 7:43 am

Hi,

When I try to parse learn logs (created with gradm -F -L /etc/grsec/learning.logs), I got:
Code: Select all
Beginning full learning 1st pass...done.
Beginning full learning role reduction...done.
Beginning full learning 2nd pass...done.
Beginning full learning subject reduction for user root...done.
Beginning full learning subject reduction for user nobody...done.
Beginning full learning subject reduction for user dhcp...done.
Beginning full learning object reduction for subject /...done.
Segmentation fault


strace (few last lines):
Code: Select all
write(4, "\t/var\t\t\t\t\n"..., 10)     = 10
write(4, "\t/var/spool\t\t\t\n"..., 15) = 15
write(4, "\t/var/spool/cron\t\t\t\n"..., 20) = 20
write(4, "\t/var/log\t\t\th\n"..., 14)  = 14
write(4, "\t/boot\t\t\t\th\n"..., 12)   = 12
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++


Input file is only 2MB and it seems it doesen't matter how long it is created.

OS: gentoo 2.6.28-hardened-r7 with gradm sys-apps/gradm-2.1.13.200902232204 running on amd64.

How can I change learned data to policy? Is it my mistake or gradm?
jacek_kal
 
Posts: 3
Joined: Sat Sep 17, 2005 9:00 am

Re: SegFault while parsing learn logs

Postby spender » Tue Apr 14, 2009 10:59 am

If you could send your learning log to spender@grsecurity.net, I can try to reproduce the crash.
Otherwise, I can give you some instructions to help debug it on your end.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: SegFault while parsing learn logs

Postby jacek_kal » Tue Apr 14, 2009 11:10 am

Logs sent. Hope this will help :)
jacek_kal
 
Posts: 3
Joined: Sat Sep 17, 2005 9:00 am

Re: SegFault while parsing learn logs

Postby spender » Tue Apr 14, 2009 2:02 pm

Thanks, I've fixed the problem in CVS. If you want to apply the fix to your own tree, here's the diff:

http://cvsweb.grsecurity.net/index.cgi/ ... 86;r2=1.87

Code: Select all
--- gradm2/gradm_newlearn.c   2009/02/21 17:15:32   1.86
+++ gradm2/gradm_newlearn.c   2009/04/14 17:56:26   1.87
@@ -1204,7 +1204,7 @@ show_ips:
          display_ip_tree(connect, GR_IP_CONNECT, stream);
       else
          fprintf(stream, "\tconnect\tdisabled\n");
-      if (node->subject->inaddr_any_override) {
+      if (node->subject != NULL && node->subject->inaddr_any_override) {
          struct in_addr addr;
          addr.s_addr = node->subject->inaddr_any_override;
          fprintf(stream, "\tip_override\t%s\n", inet_ntoa(addr));
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: SegFault while parsing learn logs

Postby jacek_kal » Fri Apr 17, 2009 9:25 am

I can confirm, that with this patch learning works fine (even for 400MB file).

Thanks
jacek_kal
 
Posts: 3
Joined: Sat Sep 17, 2005 9:00 am


Return to grsecurity support