grsecurity forums


https://forums.grsecurity.net./

SegFault while parsing learn logs

https://forums.grsecurity.net./viewtopic.php?f=3&t=2126

Page 1 of 1

SegFault while parsing learn logs

PostPosted: Mon Apr 13, 2009 7:43 am
by jacek_kal
Hi,

When I try to parse learn logs (created with gradm -F -L /etc/grsec/learning.logs), I got:
Code: Select all
Beginning full learning 1st pass...done.
Beginning full learning role reduction...done.
Beginning full learning 2nd pass...done.
Beginning full learning subject reduction for user root...done.
Beginning full learning subject reduction for user nobody...done.
Beginning full learning subject reduction for user dhcp...done.
Beginning full learning object reduction for subject /...done.
Segmentation fault


strace (few last lines):
Code: Select all
write(4, "\t/var\t\t\t\t\n"..., 10)     = 10
write(4, "\t/var/spool\t\t\t\n"..., 15) = 15
write(4, "\t/var/spool/cron\t\t\t\n"..., 20) = 20
write(4, "\t/var/log\t\t\th\n"..., 14)  = 14
write(4, "\t/boot\t\t\t\th\n"..., 12)   = 12
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++


Input file is only 2MB and it seems it doesen't matter how long it is created.

OS: gentoo 2.6.28-hardened-r7 with gradm sys-apps/gradm-2.1.13.200902232204 running on amd64.

How can I change learned data to policy? Is it my mistake or gradm?

Re: SegFault while parsing learn logs

PostPosted: Tue Apr 14, 2009 10:59 am
by spender
If you could send your learning log to spender@grsecurity.net, I can try to reproduce the crash.
Otherwise, I can give you some instructions to help debug it on your end.

-Brad

Re: SegFault while parsing learn logs

PostPosted: Tue Apr 14, 2009 11:10 am
by jacek_kal
Logs sent. Hope this will help :)

Re: SegFault while parsing learn logs

PostPosted: Tue Apr 14, 2009 2:02 pm
by spender
Thanks, I've fixed the problem in CVS. If you want to apply the fix to your own tree, here's the diff:

http://cvsweb.grsecurity.net/index.cgi/ ... 86;r2=1.87

Code: Select all
--- gradm2/gradm_newlearn.c   2009/02/21 17:15:32   1.86
+++ gradm2/gradm_newlearn.c   2009/04/14 17:56:26   1.87
@@ -1204,7 +1204,7 @@ show_ips:
          display_ip_tree(connect, GR_IP_CONNECT, stream);
       else
          fprintf(stream, "\tconnect\tdisabled\n");
-      if (node->subject->inaddr_any_override) {
+      if (node->subject != NULL && node->subject->inaddr_any_override) {
          struct in_addr addr;
          addr.s_addr = node->subject->inaddr_any_override;
          fprintf(stream, "\tip_override\t%s\n", inet_ntoa(addr));

Re: SegFault while parsing learn logs

PostPosted: Fri Apr 17, 2009 9:25 am
by jacek_kal
I can confirm, that with this patch learning works fine (even for 400MB file).

Thanks
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/