Page 1 of 1

Strange crash of mosh-server under PaX

PostPosted: Sat Apr 30, 2016 10:54 am
by mva
Hi there!
I'm trying to use mosh on Grsec+PaX-powered host, but every time I trying to strat mosh server I got following in dmesg:
Apr 30 17:46:00 vh kernel: PAX: From 127.0.0.6: execution attempt in: (null), 00000000-00000000 00000000
Apr 30 17:46:00 vh kernel: PAX: terminating task: /usr/bin/mosh-server(mosh-server):656854, uid/euid: 1000/1000, PC: (nil), SP: 000003bb94cb66b8
Apr 30 17:46:00 vh kernel: PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Apr 30 17:46:00 vh kernel: PAX: bytes at SP-8: 0000000000000001 00000355e46a766d 00000065f0ffc410 0000000600000005 000003bb94cb6770 00000065f0ffc410 000003bb94cb7050 00000065f0828b7c 000003bb94cb6780 0000000600000000 0000000000000000
Apr 30 17:46:00 vh kernel: grsec: From 127.0.0.6: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/bin/mosh-server[mosh-server:656854] uid/euid:1000/1000 gid/egid:1000/1000, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0


I've already tried to paxmark binary to enable PAGEEXEC, EMUTRAMP, RANDMMAP, SEGMEXEC and even disable MPROTECT, but still same crashes. Can you help me to understand, what's happening and how to fix this?

Re: Strange crash of mosh-server under PaX

PostPosted: Sat Apr 30, 2016 6:05 pm
by PaX Team
this looks like a null fptr dereference, not caused by PaX per se but rather some other restrictions coupled with incomplete error checking. try to strace the binary and see what it does before dying, perhaps you'll spot what restrictions it ran into.