MySQL 4.1.3 - segmentation fault
Posted: Wed Jul 07, 2004 11:36 am
I'm working on deploying grsecurity on a few systems right now but ran into a problem with MySQL. Let me list my software and versions and other relevant information.
Kernel version - 2.4.22 (2.4.23 and above seems to have problems with RHEL3 on Dell Poweredge 2650 servers, depmod -A locks system)
MySQL version - 4.1.3 (I'm aware that it's alpha but according to the politics here where I work, I 'must' use it) I have the same problem with 4.0.20 besides.
Grsecurity version - 2.0-rc3
Okay, now I'll explain the problem. MySQL will run fine when it's compiled without SSL, which means I also didn't have to enable dynamic libraries, which I'm guessing is the problem here. After compiling with SSL (need it for replication) it segfaults every time. I'll include the libraries it was built with.
librt.so.1 => /lib/tls/librt.so.1 (0x40022000)
libdl.so.2 => /lib/libdl.so.2 (0x40036000)
libssl.so.4 => /lib/libssl.so.4 (0x40039000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0x4006e000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0x4015f000)
libz.so.1 => /usr/lib/libz.so.1 (0x4016f000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x4017e000)
libnsl.so.1 => /lib/libnsl.so.1 (0x401ab000)
libm.so.6 => /lib/tls/libm.so.6 (0x401c0000)
libc.so.6 => /lib/tls/libc.so.6 (0x401e2000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x40319000)
libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x4032c000)
libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x4038b000)
libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x4038d000)
libresolv.so.2 => /lib/libresolv.so.2 (0x4039d000)
To attempt disabling all PaX options, I did a chpax -pemrxs /usr/sbin/mysqld, but I still have the same problem. When doing an strace, this is what I get...
mmap2(NULL, 8392704, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x42488000
mprotect(0x42488000, 4096, PROT_NONE) = 0
clone(child_stack=0x42c88b08, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID|CLONE_DETACHED, parent_tidptr=0x42c88bf8, {entry_number:0, base_addr:0x42c88bb0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}, child_tidptr=0x42c88bf8) = 2435
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Lastly, I'll include the relevant parts of the kernel .config. I'm new to using grsecurity, so I'm sorry if I've overlooked something obvious.
# Grsecurity
#
CONFIG_GRKERNSEC=y
CONFIG_CRYPTO=y
CONFIG_CRYPTO_SHA256=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MID is not set
# CONFIG_GRKERNSEC_HI is not set
CONFIG_GRKERNSEC_CUSTOM=y
#
# Address Space Protection
#
CONFIG_GRKERNSEC_PAX_NOEXEC=y
CONFIG_GRKERNSEC_PAX_PAGEEXEC=y
CONFIG_GRKERNSEC_PAX_SEGMEXEC=y
# CONFIG_GRKERNSEC_PAX_EMUTRAMP is not set
# CONFIG_GRKERNSEC_PAX_MPROTECT is not set
CONFIG_GRKERNSEC_PAX_ASLR=y
CONFIG_GRKERNSEC_PAX_RANDUSTACK=y
CONFIG_GRKERNSEC_PAX_RANDMMAP=y
CONFIG_GRKERNSEC_PAX_RANDEXEC=y
# CONFIG_GRKERNSEC_KMEM is not set
CONFIG_GRKERNSEC_IO=y
CONFIG_RTC=y
# CONFIG_GRKERNSEC_PROC_MEMMAP is not set
# CONFIG_GRKERNSEC_HIDESYM is not set
#
# Role Based Access Control Options
#
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=10
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
# CONFIG_GRKERNSEC_CHROOT_CHDIR is not set
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
# CONFIG_GRKERNSEC_CHROOT_UNIX is not set
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
#
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
# CONFIG_GRKERNSEC_PROC_IPADDR is not set
#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_RANDPID=y
# CONFIG_GRKERNSEC_TPE is not set
#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_RANDISN=y
CONFIG_GRKERNSEC_RANDID=y
CONFIG_GRKERNSEC_RANDSRC=y
CONFIG_GRKERNSEC_RANDRPC=y
# CONFIG_GRKERNSEC_SOCKET is not set
#
# Sysctl support
#
CONFIG_GRKERNSEC_SYSCTL=y
#
# Logging options
#
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4
EDIT: It runs fine on a vanilla kernel by the way.
Kernel version - 2.4.22 (2.4.23 and above seems to have problems with RHEL3 on Dell Poweredge 2650 servers, depmod -A locks system)
MySQL version - 4.1.3 (I'm aware that it's alpha but according to the politics here where I work, I 'must' use it) I have the same problem with 4.0.20 besides.
Grsecurity version - 2.0-rc3
Okay, now I'll explain the problem. MySQL will run fine when it's compiled without SSL, which means I also didn't have to enable dynamic libraries, which I'm guessing is the problem here. After compiling with SSL (need it for replication) it segfaults every time. I'll include the libraries it was built with.
librt.so.1 => /lib/tls/librt.so.1 (0x40022000)
libdl.so.2 => /lib/libdl.so.2 (0x40036000)
libssl.so.4 => /lib/libssl.so.4 (0x40039000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0x4006e000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0x4015f000)
libz.so.1 => /usr/lib/libz.so.1 (0x4016f000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x4017e000)
libnsl.so.1 => /lib/libnsl.so.1 (0x401ab000)
libm.so.6 => /lib/tls/libm.so.6 (0x401c0000)
libc.so.6 => /lib/tls/libc.so.6 (0x401e2000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x40319000)
libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x4032c000)
libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x4038b000)
libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x4038d000)
libresolv.so.2 => /lib/libresolv.so.2 (0x4039d000)
To attempt disabling all PaX options, I did a chpax -pemrxs /usr/sbin/mysqld, but I still have the same problem. When doing an strace, this is what I get...
mmap2(NULL, 8392704, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x42488000
mprotect(0x42488000, 4096, PROT_NONE) = 0
clone(child_stack=0x42c88b08, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID|CLONE_DETACHED, parent_tidptr=0x42c88bf8, {entry_number:0, base_addr:0x42c88bb0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}, child_tidptr=0x42c88bf8) = 2435
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Lastly, I'll include the relevant parts of the kernel .config. I'm new to using grsecurity, so I'm sorry if I've overlooked something obvious.
# Grsecurity
#
CONFIG_GRKERNSEC=y
CONFIG_CRYPTO=y
CONFIG_CRYPTO_SHA256=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MID is not set
# CONFIG_GRKERNSEC_HI is not set
CONFIG_GRKERNSEC_CUSTOM=y
#
# Address Space Protection
#
CONFIG_GRKERNSEC_PAX_NOEXEC=y
CONFIG_GRKERNSEC_PAX_PAGEEXEC=y
CONFIG_GRKERNSEC_PAX_SEGMEXEC=y
# CONFIG_GRKERNSEC_PAX_EMUTRAMP is not set
# CONFIG_GRKERNSEC_PAX_MPROTECT is not set
CONFIG_GRKERNSEC_PAX_ASLR=y
CONFIG_GRKERNSEC_PAX_RANDUSTACK=y
CONFIG_GRKERNSEC_PAX_RANDMMAP=y
CONFIG_GRKERNSEC_PAX_RANDEXEC=y
# CONFIG_GRKERNSEC_KMEM is not set
CONFIG_GRKERNSEC_IO=y
CONFIG_RTC=y
# CONFIG_GRKERNSEC_PROC_MEMMAP is not set
# CONFIG_GRKERNSEC_HIDESYM is not set
#
# Role Based Access Control Options
#
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=10
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
# CONFIG_GRKERNSEC_CHROOT_CHDIR is not set
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
# CONFIG_GRKERNSEC_CHROOT_UNIX is not set
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
#
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
# CONFIG_GRKERNSEC_PROC_IPADDR is not set
#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_RANDPID=y
# CONFIG_GRKERNSEC_TPE is not set
#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_RANDISN=y
CONFIG_GRKERNSEC_RANDID=y
CONFIG_GRKERNSEC_RANDSRC=y
CONFIG_GRKERNSEC_RANDRPC=y
# CONFIG_GRKERNSEC_SOCKET is not set
#
# Sysctl support
#
CONFIG_GRKERNSEC_SYSCTL=y
#
# Logging options
#
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4
EDIT: It runs fine on a vanilla kernel by the way.