grsecurity forums

Code: Select all

# linux32 chroot /mnt/gentoo32 /bin/zsh
zsh: bus error  linux32 chroot /mnt/gentoo32 /bin/zsh


Code: Select all

Apr 29 19:48:11 localhost kernel: [27323.842138] grsec: Invalid alignment/Bus error occurred at 00000000e485d010 in /mnt/gentoo32/bin/zsh[zsh:26494] uid/euid:0/0 gid/egid:0/0, parent /bin/zsh[zsh:5486] uid/euid:0/0 gid/egid:0/0
Apr 29 19:51:04 localhost kernel: [27496.728461] grsec: Invalid alignment/Bus error occurred at 00000000f2a98010 in /mnt/gentoo32/bin/zsh[zsh:26533] uid/euid:0/0 gid/egid:0/0, parent /bin/zsh[zsh:5486] uid/euid:0/0 gid/egid:0/0
Apr 29 19:51:13 localhost kernel: [27505.163759] grsec: Invalid alignment/Bus error occurred at 00000000e6278010 in /mnt/gentoo32/bin/zsh[zsh:26536] uid/euid:0/0 gid/egid:0/0, parent /bin/zsh[zsh:5486] uid/euid:0/0 gid/egid:0/0
Apr 30 04:17:22 localhost kernel: [57874.832769] grsec: Invalid alignment/Bus error occurred at 00000000e53b6010 in /mnt/gentoo32/bin/zsh[zsh:5643] uid/euid:0/0 gid/egid:0/0, parent /bin/zsh[zsh:5486] uid/euid:0/0 gid/egid:0/0
Apr 30 04:23:19 localhost kernel: [58231.352764] grsec: Invalid alignment/Bus error occurred at 00000000e293b010 in /mnt/gentoo32/bin/zsh[zsh:5686] uid/euid:0/0 gid/egid:0/0, parent /bin/zsh[zsh:5486] uid/euid:0/0 gid/egid:0/0


Portage 2.2.0_alpha30 (hardened/linux/amd64/no-multilib, gcc-4.6.0, libc-0-r0, 2.6.38-hardened-r1 x86_64)

/etc/init.d/linux32 -> http://codepad.org/6J2MGqqD
.config -> http://codepad.org/d2D4O5K2

taaroa wrote:

Code: Select all

Apr 29 19:48:11 localhost kernel: [27323.842138] grsec: Invalid alignment/Bus error occurred at 00000000e485d010 in /mnt/gentoo32/bin/zsh[zsh:26494] uid/euid:0/0 gid/egid:0/0, parent /bin/zsh[zsh:5486] uid/euid:0/0 gid/egid:0/0

it this a PIE zsh binary? can you try to build a non-PIE one and test it? also can you try the same binary on a native i386 kernel?

.config -> http://codepad.org/d2D4O5K2

it seems that this config is incomplete, can you upload the entire one?

Code: Select all

# linux32 chroot /mnt/gentoo32 /bin/bash
zsh: bus error  linux32 chroot /mnt/gentoo32 /bin/bash
# linux32 chroot /mnt/gentoo32 /bin/bash
zsh: bus error  linux32 chroot /mnt/gentoo32 /bin/bash
# tail -2 /var/log/grsec.log
Apr 30 19:54:37 localhost kernel: [114109.788792] grsec: Invalid alignment/Bus error occurred at 00000000dbe64010 in /mnt/gentoo32/bin/bash[bash:9615] uid/euid:0/0 gid/egid:0/0, parent /bin/zsh[zsh:5486] uid/euid:0/0 gid/egid:0/0
Apr 30 19:54:42 localhost kernel: [114114.805237] grsec: Invalid alignment/Bus error occurred at 00000000e1830010 in /mnt/gentoo32/bin/bash[bash:9618] uid/euid:0/0 gid/egid:0/0, parent /bin/zsh[zsh:5486] uid/euid:0/0 gid/egid:0/0


Code: Select all

RELRO           STACK CANARY      NX/PaX        PIE                     FILE
Full RELRO      Canary found      NX enabled    PIE enabled             /mnt/gentoo32/bin/bash
RELRO           STACK CANARY      NX/PaX        PIE                     FILE
Full RELRO      Canary found      NX enabled    PIE enabled             /mnt/gentoo32/bin/zsh


.config -> https://bitbucket.org/taaroa/public/src/d0d05d62061c

a toolchain
sys-devel/binutils: 2.21
sys-devel/gcc: 4.6.0

* Switching native-compiler to x86_64-pc-linux-gnu-4.6.0-hardenednopie ...

Code: Select all

RELRO           STACK CANARY      NX/PaX        PIE                     FILE
Full RELRO      Canary found      NX enabled    No PIE                  /bin/zsh


Code: Select all

# tail -1 /var/log/grsec.log
May  1 12:00:21 localhost kernel: [172053.367711] grsec: Invalid alignment/Bus error occurred at 00000000e8a1e010 in /mnt/gentoo32/bin/bash[bash:30450] uid/euid:0/0 gid/egid:0/0, parent /bin/zsh[zsh:30416] uid/euid:0/0 gid/egid:0/0


* Switching native-compiler to x86_64-pc-linux-gnu-4.6.0-vanilla ...

Code: Select all

RELRO           STACK CANARY      NX/PaX        PIE                     FILE
Partial RELRO   No canary found   NX enabled    No PIE                  /bin/zsh


Code: Select all

# tail -1 /var/log/grsec.log
May  1 12:20:57 localhost kernel: [173289.729386] grsec: Invalid alignment/Bus error occurred at 00000000e3b31010 in /mnt/gentoo32/bin/bash[bash:27654] uid/euid:0/0 gid/egid:0/0, parent /bin/zsh[zsh:27623] uid/euid:0/0 gid/egid:0/0


PaX Team wrote:also can you try the same binary on a native i386 kernel?

on my previous system (hardened/linux/amd64/no-multilib, gcc-4.5.2, glibc-2.13-r2, 2.6.38-hardened x86_64) all worked correctly.

and

Code: Select all

# linux32 chroot /mnt/gentoo32 /bin/zsh
Linux taaroa 2.6.38-hardened #2 SMP Fri Apr 29 02:06:45 KRAST 2011 i686 GNU/Linux
# cc -v
Using built-in specs.
COLLECT_GCC=/usr/i686-pc-linux-gnu/gcc-bin/4.6.0/gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/i686-pc-linux-gnu/4.6.0/lto-wrapper
Target: i686-pc-linux-gnu
Configured with: /var/tmp/portage/sys-devel/gcc-4.6.0/work/gcc-4.6.0/configure --prefix=/usr --bindir=/usr/i686-pc-linux-gnu/gcc-bin/4.6.0 --includedir=/usr/lib/gcc/i686-pc-linux-gnu/4.6.0/include --datadir=/usr/share/gcc-data/i686-pc-linux-gnu/4.6.0 --mandir=/usr/share/gcc-data/i686-pc-linux-gnu/4.6.0/man --infodir=/usr/share/gcc-data/i686-pc-linux-gnu/4.6.0/info --with-gxx-include-dir=/usr/lib/gcc/i686-pc-linux-gnu/4.6.0/include/g++-v4 --host=i686-pc-linux-gnu --build=i686-pc-linux-gnu --disable-altivec --disable-fixed-point --with-ppl --with-cloog --disable-ppl-version-check --with-cloog-include=/usr/include/cloog-ppl --enable-lto --enable-nls --without-included-gettext --with-system-zlib --disable-werror --enable-secureplt --disable-multilib --enable-libmudflap --disable-libssp --enable-esp --enable-libgomp --enable-cld --with-python-dir=/share/gcc-data/i686-pc-linux-gnu/4.6.0/python --enable-checking=release --disable-libgcj --with-arch=i686 --enable-objc-gc --enable-languages=c,c++,objc,obj-c++,fortran --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --with-bugurl=http://bugs.gentoo.org/ --with-pkgversion='Gentoo Hardened 4.6.0 p0.9.2, pie-0.4.8'
Thread model: posix
gcc version 4.6.0 (Gentoo Hardened 4.6.0 p0.9.2, pie-0.4.8)


taaroa wrote:on my previous system (hardened/linux/amd64/no-multilib, gcc-4.5.2, glibc-2.13-r2, 2.6.38-hardened x86_64) all worked correctly.

can you post the log of strace /mnt/gentoo32/bin/bash, or even better, can you run it under gdb and post the backtrace (bt), disasm (x/8i $pc) and register info (info reg) when bash crashes?

PaX Team wrote:can you post the log of strace /mnt/gentoo32/bin/bash

do I understand these instructions correctly?

strace -> https://bitbucket.org/taaroa/public/src ... nux32trace

Code: Select all

# tail -3 /var/log/grsec.log
May  1 16:38:33 localhost kernel: [  952.419282] grsec: Invalid alignment/Bus error occurred at 00000000ea03a010 in /mnt/gentoo32/bin/bash[bash:5569] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/strace[strace:5568] uid/euid:0/0 gid/egid:0/0
May  1 16:38:33 localhost kernel: [  952.419312] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /mnt/gentoo32/bin/bash[bash:5569] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/strace[strace:5568] uid/euid:0/0 gid/egid:0/0
May  1 16:38:33 localhost kernel: [  952.419404] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/bin/strace[strace:5568] uid/euid:0/0 gid/egid:0/0, parent /bin/zsh[zsh:5537] uid/euid:0/0 gid/egid:0/0


taaroa wrote:do I understand these instructions correctly?

yes, thanks, so it was a read-only memory map of a file and its access failed... really weird. could you do the gdb thing as well? also can you tell me which grsec versions were included in the working/non-working hardened kernels? and last but not least, can you try the latest PaX test patch alone?

a test.

Code: Select all

# mkdir /mnt/gentoo32/test0
# cd /mnt/gentoo32/test0 && wget 'http://gentoo.netnitco.net/releases/amd64/autobuilds/20110428/hardened/stage3-amd64-hardened-20110428.tar.bz2'
# tar -xvjpf stage3-amd64-hardened-20110428.tar.bz2
#  cp -p /etc/init.d/gentoo32 /etc/init.d/gentoo64 && sed -i 's/gentoo32/gentoo32\/test0/g' /etc/init.d/gentoo64 && /etc/init.d/gentoo64 start
# chroot /mnt/gentoo32/test0 /bin/bash
# w
 23:50:32 up 1 day,  1:53,  0 users,  load average: 0,00, 0,01, 0,05


ia32?..

also can you tell me which grsec versions were included in the working/non-working hardened kernels?

http://git.overlays.gentoo.org/gitweb/? ... 58c419557e
>=2.6.38-r1 non-working

PaX Team wrote:can you run it under gdb and post the backtrace (bt), disasm (x/8i $pc) and register info (info reg) when bash crashes?

do I understand these instructions correctly?

gdb -> https://bitbucket.org/taaroa/public/cha ... a72c645d00

Code: Select all

May  3 02:41:46 localhost kernel: [103467.849929] grsec: Invalid alignment/Bus error occurred at 00000000f109c010 in /mnt/gentoo32/bin/bash[bash:3010] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/gdb[gdb:2987] uid/euid:0/0 gid/egid:0/0


taaroa wrote:do I understand these instructions correctly?

you should let it run until the process gets a signal, i.e., issue 'continue' when gdb stops after chroot executed bash.

PaX Team wrote:and last but not least, can you try the latest PaX test patch alone?

2.6.38-hardened-r4-grsec / 2.2.2-2.6.38.4-201105021909
without changes.

PaX Team wrote:

taaroa wrote:do I understand these instructions correctly?

you should let it run until the process gets a signal, i.e., issue 'continue' when gdb stops after chroot executed bash.

ok. https://bitbucket.org/taaroa/public/src/f5230c7f0f46

system.map -> https://bitbucket.org/taaroa/public/src ... d-r4-grsec
vmlinux -> https://bitbucket.org/taaroa/public/src ... d-r4-grsec
gdb -> https://bitbucket.org/taaroa/public/src ... 46/gdb.txt

is this correct?

can you try the latest test patch? i probably fixed this one too.