grsecurity forums


https://forums.grsecurity.net./

grsec (high) and wget

https://forums.grsecurity.net./viewtopic.php?f=3&t=377

Page 1 of 1

grsec (high) and wget

PostPosted: Wed Apr 09, 2003 10:21 am
by manta
i always get segmention fault with wget.

here is the strace resoult of it.
http://www.dhcp.nu/wget.txt

i compiled kernel 2.4.20 with grsec. grsec is on high mode.

any idea what to do?

Re: grsec (high) and wget

PostPosted: Wed Apr 09, 2003 1:10 pm
by PaX Team
manta wrote:i always get segmention fault with wget.
1. what version of grsec?
2. what version of wget? (the strace output is weird a bit, for example my wget 1.8.2 doesn't call semop/semget/ipc_subcall, maybe you could put the wget binary on the web too?)
3. try to disable PaX features with chpax and see if anything helps.
4. ultimately, you can try to debug it with gdb and see what happens exactly (for now it looks like an application bug).

PostPosted: Wed Apr 09, 2003 3:14 pm
by manta
its the latest version of grsec.
and 1.8.2 of wget.
i have tried to recompile wget, but doesn't help.
seems like its something to do with the random feutures of grsec that crashes wget.

and pax, well..
i thought that was for X?
i only use console.

PostPosted: Wed Apr 09, 2003 3:25 pm
by manta
this is my setup of grsec. can you see anything here that can cause wget to crash?

Address Space Protection:
[*] Enforce non-executable pages
[*] Disable privileged I/O
[*] Remove addresses from /proc/pid/maps
[*] Hide kernel symbols

ACL options:
[*] Hide kernel processes

Filesystem Protections:
[*] Proc restrictions
[*] Restrict to user only
[*] Additional restrictions
[*] Linking restrictions
[*] FIFO restrictions

Kernel Auditing:
[*] Exec logging
[*] Resource logging

Executable Protections:
[*] Dmesg(8) restriction
[*] Randomized PIDs

Network Protections:
[*] Larger entropy pools
[*] Truly random TCP ISN selection
[*] Randomized IP IDs
[*] Randomized TCP source ports
[*] Randomized RPC XIDs
[*] Altered Ping IDs

Sysctl support:
[*] Sysctl support

PostPosted: Wed Apr 09, 2003 4:45 pm
by PaX Team
manta wrote:and 1.8.2 of wget. i have tried to recompile wget, but doesn't help.
can you put it on the web?
seems like its something to do with the random feutures of grsec that crashes wget.
try 'chpax -r' then and see if it works. btw, chpax is for controlling PaX features for any app that needs it, the XFree86 server is just one example (and there's actually a solution that makes it run with all of PaX active on it, but i digress).

PostPosted: Wed Apr 09, 2003 6:50 pm
by manta
well. belive it or not
the wget file under /usr/local/bin segfaults.
the wget file under /usr/bin doesn't.
i just copied it to /usr/local/bin, and everything works fine.
but this version of wget is 1.7.

weird

PostPosted: Thu Apr 10, 2003 10:52 am
by manta
well.
as a last update, i recently installed wget 1.8, and everything works fine.
guess it was something to do with 1.8.1 and 1.8.2. none of them worked.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/