failed to map segment from shared object
Posted: Tue Jan 21, 2003 12:42 pm
hi.
im running slackware 8.1 with kernel 2.4.20 gradm 1.6 and the latest stable grsecurity patch
ive read somebody trying to put /bin/bash in a chroot of sorts and decided to try it just for kicks
so..
i put this in /etc/grsec/acl
/bin/secure lo {
/ h
-CAP_ALL
RES_FSIZE 0 0
RES_DATA 0 0
RES_RSS 0 0
RES_NOFILE 0 0
RES_MEMLOCK 0 0
RES_STACK 0 0
RES_AS 0 0
RES_NPROC 0 0
RES_LOCKS 0 0
connect {
disabled
}
bind {
disabled
}
}
gave /bin/secure as the shell for my test user, logged in and played around a bit
then i got this acl from this:
/bin/secure o {
/var/spool/mail
/usr/local/bin/telnet x
/usr/local/bin/ftp x
/usr/lib/qt-3.0.4
/usr/lib/libssl.so.0 x
/usr/games/fortune x
/usr/bin x
/proc/meminfo r
/lib rx
/lib/ld-2.2.5.so x
/home/test/test x
/home/test/.bash_history ra
/home/test
/etc/profile.d r
/etc/ld.so.cache rx
/etc r
/dev/tty rw
/bin x
/bin/secure x
/ h
-CAP_ALL
RES_FSIZE 50973 50973
RES_DATA 176912 176912
RES_STACK 25576 25576
RES_RSS 0 0
RES_NPROC 6 6
RES_NOFILE 260 260
RES_MEMLOCK 0 0
RES_AS 2429216 2429216
RES_LOCKS 0 0
connect {
disabled
}
bind {
disabled
}
}
... when logged in as the test user i cant run lynx/mail/ssh/ftp/pine
test@dev-null:~$ lynx
lynx: error while loading shared libraries: libssl.so.0: failed to map segment from shared object: Cannot allocate memory
test@dev-null:~$ mail
Segmentation fault
test@dev-null:~$ ssh
ssh: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Cannot allocate memory
test@dev-null:~$ ftp
ftp: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Cannot allocate memory
test@dev-null:~$ pine
Segmentation fault
test@dev-null:~$
/var/log/kernel reports:
Jan 21 11:41:29 dev-null kernel: grsec: From 127.0.0.1: attempted resource overstep by requesting 2658304 for RLIMIT_AS against limit 2429216 by (lynx:6005) UID(1017) EUID(1017), parent (secure:5994) UID(1017) EUID(1017)
Jan 21 11:41:31 dev-null kernel: grsec: From 127.0.0.1: attempted resource overstep by requesting 32768 for RLIMIT_STACK against limit 25576 by (mail:6006) UID(1017) EUID(1017), parent (secure:5994) UID(1017) EUID(1017)
Jan 21 11:41:31 dev-null kernel: grsec: From 127.0.0.1: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (mail:6006) UID(1017) EUID(1017), parent (secure:5994) UID(1017) EUID(1017)
Jan 21 11:41:32 dev-null kernel: grsec: From 127.0.0.1: attempted resource overstep by requesting 2707456 for RLIMIT_AS against limit 2429216 by (ssh:6007) UID(1017) EUID(0), parent (secure:5994) UID(1017) EUID(1017)
Jan 21 11:41:34 dev-null kernel: grsec: From 127.0.0.1: attempted resource overstep by requesting 2535424 for RLIMIT_AS against limit 2429216 by (ftp:6008) UID(1017) EUID(1017), parent (secure:5994) UID(1017) EUID(1017)
Jan 21 11:41:57 dev-null kernel: grsec: From 127.0.0.1: attempted resource overstep by requesting 3203072 for RLIMIT_AS against limit 2429216 by (pine:6012) UID(1017) EUID(1017), parent (secure:5994) UID(1017) EUID(1017)
Jan 21 11:41:57 dev-null kernel: grsec: From 127.0.0.1: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (pine:6012) UID(1017) EUID(1017), parent (secure:5994) UID(1017) EUID(1017)
what did i miss?
and how do i get all this to work?
thanks.
Val Polyakov
im running slackware 8.1 with kernel 2.4.20 gradm 1.6 and the latest stable grsecurity patch
ive read somebody trying to put /bin/bash in a chroot of sorts and decided to try it just for kicks
so..
i put this in /etc/grsec/acl
/bin/secure lo {
/ h
-CAP_ALL
RES_FSIZE 0 0
RES_DATA 0 0
RES_RSS 0 0
RES_NOFILE 0 0
RES_MEMLOCK 0 0
RES_STACK 0 0
RES_AS 0 0
RES_NPROC 0 0
RES_LOCKS 0 0
connect {
disabled
}
bind {
disabled
}
}
gave /bin/secure as the shell for my test user, logged in and played around a bit
then i got this acl from this:
/bin/secure o {
/var/spool/mail
/usr/local/bin/telnet x
/usr/local/bin/ftp x
/usr/lib/qt-3.0.4
/usr/lib/libssl.so.0 x
/usr/games/fortune x
/usr/bin x
/proc/meminfo r
/lib rx
/lib/ld-2.2.5.so x
/home/test/test x
/home/test/.bash_history ra
/home/test
/etc/profile.d r
/etc/ld.so.cache rx
/etc r
/dev/tty rw
/bin x
/bin/secure x
/ h
-CAP_ALL
RES_FSIZE 50973 50973
RES_DATA 176912 176912
RES_STACK 25576 25576
RES_RSS 0 0
RES_NPROC 6 6
RES_NOFILE 260 260
RES_MEMLOCK 0 0
RES_AS 2429216 2429216
RES_LOCKS 0 0
connect {
disabled
}
bind {
disabled
}
}
... when logged in as the test user i cant run lynx/mail/ssh/ftp/pine
test@dev-null:~$ lynx
lynx: error while loading shared libraries: libssl.so.0: failed to map segment from shared object: Cannot allocate memory
test@dev-null:~$ mail
Segmentation fault
test@dev-null:~$ ssh
ssh: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Cannot allocate memory
test@dev-null:~$ ftp
ftp: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Cannot allocate memory
test@dev-null:~$ pine
Segmentation fault
test@dev-null:~$
/var/log/kernel reports:
Jan 21 11:41:29 dev-null kernel: grsec: From 127.0.0.1: attempted resource overstep by requesting 2658304 for RLIMIT_AS against limit 2429216 by (lynx:6005) UID(1017) EUID(1017), parent (secure:5994) UID(1017) EUID(1017)
Jan 21 11:41:31 dev-null kernel: grsec: From 127.0.0.1: attempted resource overstep by requesting 32768 for RLIMIT_STACK against limit 25576 by (mail:6006) UID(1017) EUID(1017), parent (secure:5994) UID(1017) EUID(1017)
Jan 21 11:41:31 dev-null kernel: grsec: From 127.0.0.1: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (mail:6006) UID(1017) EUID(1017), parent (secure:5994) UID(1017) EUID(1017)
Jan 21 11:41:32 dev-null kernel: grsec: From 127.0.0.1: attempted resource overstep by requesting 2707456 for RLIMIT_AS against limit 2429216 by (ssh:6007) UID(1017) EUID(0), parent (secure:5994) UID(1017) EUID(1017)
Jan 21 11:41:34 dev-null kernel: grsec: From 127.0.0.1: attempted resource overstep by requesting 2535424 for RLIMIT_AS against limit 2429216 by (ftp:6008) UID(1017) EUID(1017), parent (secure:5994) UID(1017) EUID(1017)
Jan 21 11:41:57 dev-null kernel: grsec: From 127.0.0.1: attempted resource overstep by requesting 3203072 for RLIMIT_AS against limit 2429216 by (pine:6012) UID(1017) EUID(1017), parent (secure:5994) UID(1017) EUID(1017)
Jan 21 11:41:57 dev-null kernel: grsec: From 127.0.0.1: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (pine:6012) UID(1017) EUID(1017), parent (secure:5994) UID(1017) EUID(1017)
what did i miss?
and how do i get all this to work?
thanks.
Val Polyakov