grsecurity forums


https://forums.grsecurity.net./

2.6.29.3 compilation problem

https://forums.grsecurity.net./viewtopic.php?f=3&t=2143

Page 1 of 1

2.6.29.3 compilation problem

PostPosted: Fri May 15, 2009 3:32 am
by forsaken
I'm getting this error when I'm compiling 2.6.29.3 with grsecurity-2.1.14-2.6.29.3-200905131918.patch:

LD vmlinux
ld: vmlinux: section .rodata vma 0xffffffff8060b000 overlaps previous sections
ld: vmlinux: section __bug_table vma 0xffffffff806e8840 overlaps previous sections
ld: vmlinux: section .pci_fixup vma 0xffffffff806ef630 overlaps previous sections
ld: vmlinux: section __param vma 0xffffffff806f0bd0 overlaps previous sections
ld: vmlinux: section `.rodata' can't be allocated in segment 2
LOAD: .vsyscall_0 .vsyscall_fn .vsyscall_gtod_data .vsyscall_1 .vsyscall_2 .vgetcpu_mode .jiffies .rodata __bug_table .pci_fixup __param
ld: final link failed: Bad value
make: *** [vmlinux] Error 1

On Gentoo hardened with gcc-4.3.3.
Edit: x86_64 aswell

Re: 2.6.29.3 compilation problem

PostPosted: Fri May 15, 2009 10:25 am
by joshuapl
Hi,

I'm experiencing the same problem.
First I thought that it was something about my .config (copied from 2.6.27.5+grsecurity), but then I tried to compile the raw kernel with few grsecurity and PAX options enabled (make mrproper && make menuconfig && make bzImage)

Ah, one thing worth mentioning - this system is on x86_64.

Greetings,
--
Jacek
Poland

Re: 2.6.29.3 compilation problem

PostPosted: Fri May 15, 2009 2:49 pm
by spender
Hang in there, the PaX team is aware of the problem and will have a fix for it soon hopefully.

And when it's all over with, modifying the vsyscall table with a single write to reliably transfer from interrupt to process context (like in the remote root exploit at http://kernelbof.blogspot.com/) won't be possible anymore.

-Brad

Re: 2.6.29.3 compilation problem

PostPosted: Fri May 15, 2009 4:20 pm
by forsaken
Nice.

Re: 2.6.29.3 compilation problem

PostPosted: Sat May 16, 2009 6:45 am
by hanno
Ping?

The 2.6.29.3 update is a security update with real-world exploits floating around on milw0rm. Not the kind of update you wanna keep back.

Re: 2.6.29.3 compilation problem

PostPosted: Sat May 16, 2009 10:46 am
by spender
The vsyscall patch still needs more work, so for now I've reverted it and uploaded a new patch.

-Brad

Re: 2.6.29.3 compilation problem

PostPosted: Sat May 16, 2009 6:02 pm
by forsaken
The new patch works fine, thanks.

Re: 2.6.29.3 compilation problem

PostPosted: Sat May 16, 2009 10:09 pm
by spender
I've uploaded new patches that have the read-only vsyscall shadow map on x64 kernels. I also added /proc/<pid>/cmdline as one of the things protected (along with /proc/<pid>/fd and /proc/<pid>/mem) by the "d" subject flag in the RBAC system.

-Brad

Re: 2.6.29.3 compilation problem

PostPosted: Sun May 17, 2009 7:57 am
by joshuapl
Works for me too, after rebooting everything seems go run smoothly. Thanks!
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/