grsecurity forums


https://forums.grsecurity.net./

init and /dev/kmem problems on debian stable

https://forums.grsecurity.net./viewtopic.php?f=3&t=562

Page 1 of 1

init and /dev/kmem problems on debian stable

PostPosted: Wed Sep 24, 2003 10:11 am
by Sleight of Mind
I got a weird problem on a debian box. I'm using grsec on plenty of boxes but i've never seen this problem before. The box seems to boot as it is supposed to, but dmesg shows me:
Code: Select all
grsec: attempted write to /dev/kmem by (init:8) UID(0) EUID(0), parent (init:1) UID(0) EUID(0)
grsec: attempted write to /dev/kmem by (init:8) UID(0) EUID(0), parent (init:1) UID(0) EUID(0)
grsec: attempted write to /dev/kmem by (init:8) UID(0) EUID(0), parent (init:1) UID(0) EUID(0)


Then it continues with booting. It comes up as it is supposed to and i can login using ssh. But when i try to call init (ie. `init 6`) init malfunctions and doesn't do anything. dmesg shows me:
Code: Select all
grsec: From 10.0.0.5: attempted write to /dev/kmem by (init:225) UID(0) EUID(0), parent (init:224) UID(0) EUID(0)
grsec: From 10.0.0.5: attempted write to /dev/kmem by (init:225) UID(0) EUID(0), parent (init:224) UID(0) EUID(0)
grsec: From 10.0.0.5: attempted write to /dev/kmem by (init:225) UID(0) EUID(0), parent (init:224) UID(0) EUID(0)


And init outputs:
Code: Select all
# init 6
/dev/null
Init: idt=0xc02b6000, sct[]=0xc02b7554, kmalloc()=0xc019f1b4, gfp=0x1f0
Init: Allocating kernel-code memory...Done, 12677 bytes, base=0xfffffff2
Done, pid=267


Is it just the init binary that is broken or might there be some other problem around?

PostPosted: Wed Sep 24, 2003 1:34 pm
by spender
Yea, looks like your init is just doing strange things. Do you have any idea why it wants to allocate kernel memory?

-Brad

PostPosted: Wed Sep 24, 2003 1:43 pm
by Sleight of Mind
It's just the init that comes with debian i guess, since i never replaced it. I've rebuild the kernel with 'deny writing to /dev/kmem' turned off and everything works fine. No idea what's causing this all tho.

PostPosted: Wed Sep 24, 2003 6:19 pm
by hightower
Sleight of Mind wrote:It's just the init that comes with debian i guess, since i never replaced it. I've rebuild the kernel with 'deny writing to /dev/kmem' turned off and everything works fine. No idea what's causing this all tho.

funny. I also use Debian on ~500 boxen with grsec and never ever saw this message, only with XFree but that's normal. I really think your init binary is b0rked. Could you verify the md5sum?

ciao, Marc

PostPosted: Wed Sep 24, 2003 9:12 pm
by PaX Team
Sleight of Mind wrote:It's just the init that comes with debian i guess, since i never replaced it. I've rebuild the kernel with 'deny writing to /dev/kmem' turned off and everything works fine. No idea what's causing this all tho.
you probably got backdoored by SucKIT, better verify your system.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/