grsecurity forums


https://forums.grsecurity.net./

grlearn strange behavior: segfaults, denied accesses

https://forums.grsecurity.net./viewtopic.php?f=3&t=2846

Page 1 of 1

grlearn strange behavior: segfaults, denied accesses

PostPosted: Mon Oct 17, 2011 1:21 pm
by Undine
Hello.
After Oct 6 found that the grlearn tries to start and fails just after first rule reloading.
The strange behavior is simple:
After system boot when I do first reload of RBAC (/sbin/gradm -D; /sbin/gradm -E), grlearn tries to start and fails with log entries (they not appear at same time, for this subject):
grsec: (root:U:/sbin/grlearn) denied executable mmap of /lib64/ld-2.10.1.so by /sbin/grlearn[grlearn:2790] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: (root:U:/sbin/grlearn) Segmentation fault occurred at (nil) in /sbin/grlearn[grlearn:2790] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: (root:U:/sbin/grlearn) denied access to hidden file /lib64/ld-2.10.1.so by /sbin/grlearn[gradm:2535] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Usually it fails with this log:
grsec: (root:U:/sbin/grlearn) denied access to hidden file /lib64/ld-2.10.1.so by /sbin/grlearn[gradm:2535] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: (root:U:/sbin/grlearn) Segmentation fault occurred at (nil) in /sbin/grlearn[grlearn:2790] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Or just with first 'denied access...' without segfaulting.
This happens only once after first RBAC reloading (reenabling) and this error not appears until next reboot.
Learning mode of some subject does not triggers this.
kernel, gradm binaries were not changed or updated (2.6.32.41 and gradm2-201107211822)
I did not see this until Oct 6, binaries were installed on Sep 24. Kernel is older and was not changed. My policy bug?
root has 'uG' role modes.

Big thanks for support!

Re: grlearn strange behavior: segfaults, denied accesses

PostPosted: Tue Oct 18, 2011 7:58 pm
by spender
Are you trying to run grlearn yourself standalone? The RBAC system automatically adds a policy that won't allow /sbin/grlearn to start (/sbin/grlearn will be allowed to execute, but it has no permission to do anything). It should only be run by gradm itself and only when -L is specified on the commandline.

-Brad

Re: grlearn strange behavior: segfaults, denied accesses

PostPosted: Wed Oct 19, 2011 2:25 am
by Undine
spender wrote:Are you trying to run grlearn yourself standalone? The RBAC system automatically adds a policy that won't allow /sbin/grlearn to start (/sbin/grlearn will be allowed to execute, but it has no permission to do anything). It should only be run by gradm itself and only when -L is specified on the commandline.

-Brad

No, I never tried to run /sbin/grlearn myself.
gradm was not in learning mode on that moment (no -L on commandline).
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/