grsecurity forums

[Marcin]

Hello!
I've generated policy using "full lears" system. I've done cat learnpolicy >>/etc/grsec/policy . When i wanted to check them with gradm -C i've got segfault:

# gradm -C
Segmentation fault

in dmesg appears:

[78991.970784] gradm[15562]: segfault at 3000000397 ip 00000305682e5c44 sp 0000039aa89cf0d0 error 4 in libc-2.12.2.so[305682a0000+162000]
[78991.970784] grsec: From 62.121.xxx.xxx: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /sbin/gradm[gradm:15562] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:47435] uid/euid:0/0 gid/egid:0/0

I've got installed gradm-2.2.2.201106072007 , kernel 2.6.39-hardened-r7 (ased on 2.6.39.3 + genpatches-2.6.39-5 + grsecurity-2.2.2-2.6.39.3-201107161559).
Is it something what i'm able to fix (in configuration) or is it something for upstream?
Regards.

[spender]

Could you send me the policy file so I can reproduce the crash? BTW appending to /etc/grsec/policy won't do what you want if you generated a full learning policy, since you'd be appending a full policy to an existing complete policy. It won't load.

-Brad

[Marcin]

I've sended policy via email. I'm expecting troubles when i append policies and i wanted check what should i fix:) And honestly, i'm absolute beginner with writing rules for grsec, this is start point to start learning.

[spender]

Hi Marcin,

The error has been fixed in the version of gradm in CVS (I've also just uploaded a new gradm tarball). If you want to fix it in your own copy, in gradm.y, find the line with "Duplicate variable" and change the $1 on that line to $2. The error it should have printed out regarded the duplicate variable present in your policy (from appending the full learning log).

Thanks for your report,
-Brad

[Marcin]

Thanks for fix!