grsecurity forums

Redhat have pushed out their glibc-2.3.2-4.80 update with a fix for the RPC XDR buffer overflow. I have been using a kernel based around grsec-1.9.7d, however after updating glibc, I can no longer boot into the grsec kernel - PaX gives a stream of VMMALLOC errors. Recompiling had no effect.

Is it time to start the long arduous task of merging patches for a new kernel with grsec-1.9.9e, or is there something else going on here? It would be nice to know before I go to all that effort to find that it still won't work .

DMZ wrote:Is it time to start the long arduous task of merging patches for a new kernel with grsec-1.9.9e?

indeed, it is, you're using an old version that had known bugs, especially in the vma mirroring code which was quite new back then but has been stable since last December.

PaX Team wrote:

DMZ wrote:Is it time to start the long arduous task of merging patches for a new kernel with grsec-1.9.9e?

indeed, it is, you're using an old version that had known bugs, especially in the vma mirroring code which was quite new back then but has been stable since last December.

Thanks - that makes a lot of sense. Had I said VMMIRROR it might have made even more sense initially, unfortunately I wasn't in a position to write down any details... hooray for inaccurate reporting. Looks like the updated glibc has exposed an old bug.

I now have a problem with the 2.4.20 kernel with grsec-1.9.9e - mouseclicks don't seem to be registering, perhaps only one click in twenty, this is from mousedev and usb-uhci. Similarly sometimes keyboard entry seems delayed or sluggish. No obvious or even unobvious errors in any of the logs.

I've narrowed it down to about 4 grsecurity settings (not the obvious kmem or privileged I/O), some compiled in rather than those with a /proc interface. Since these weren't present in grsec-1.9.7d it's a good bet it's one of these, since the kernel itself is virtually identical (I was running 1.9.7d on 2.4.20rc3).

I've had that problem too, but I'm not quite sure it's related to grsec, because I've had the same problem on a clean 2.4.20 kernel. On my system, sometimes switching terminals in X causes my text to not be entered until I also move the mouse. Clicking on things sometimes doesn't work until I move the mouse. I have no idea what could be causing it. I've disabled the "protect outside processes" chroot feature, and I don't see the problem right now. Try that and see if it makes a difference for you. If it does, I'll look more into the problem.

-Brad

Ok, I've debugged it, and I think I've found the problem. Check out include/linux/grinternal.h and grsecurity/grsec_chroot.c from CVS.

-Brad

spender wrote:Ok, I've debugged it, and I think I've found the problem. Check out include/linux/grinternal.h and grsecurity/grsec_chroot.c from CVS.

-Brad

That was fast - I hadn't even posted today to say that I narrowed it down yesterday to protect outside processes, and you've already fixed it. You're a god, Brad - I'll grab the diffs for the changes and add them to my rpm patch list. I may even let you know if it fixed it for me too at some distant, vague point in the future...

Yup... it's fine enabled now, looks like you got it.