grsecurity forums

Skip to content

grlearn strange behavior: segfaults, denied accesses

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

grlearn strange behavior: segfaults, denied accesses

Postby Undine » Mon Oct 17, 2011 1:21 pm

Hello.
After Oct 6 found that the grlearn tries to start and fails just after first rule reloading.
The strange behavior is simple:
After system boot when I do first reload of RBAC (/sbin/gradm -D; /sbin/gradm -E), grlearn tries to start and fails with log entries (they not appear at same time, for this subject):
grsec: (root:U:/sbin/grlearn) denied executable mmap of /lib64/ld-2.10.1.so by /sbin/grlearn[grlearn:2790] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: (root:U:/sbin/grlearn) Segmentation fault occurred at (nil) in /sbin/grlearn[grlearn:2790] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: (root:U:/sbin/grlearn) denied access to hidden file /lib64/ld-2.10.1.so by /sbin/grlearn[gradm:2535] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Usually it fails with this log:
grsec: (root:U:/sbin/grlearn) denied access to hidden file /lib64/ld-2.10.1.so by /sbin/grlearn[gradm:2535] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: (root:U:/sbin/grlearn) Segmentation fault occurred at (nil) in /sbin/grlearn[grlearn:2790] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Or just with first 'denied access...' without segfaulting.
This happens only once after first RBAC reloading (reenabling) and this error not appears until next reboot.
Learning mode of some subject does not triggers this.
kernel, gradm binaries were not changed or updated (2.6.32.41 and gradm2-201107211822)
I did not see this until Oct 6, binaries were installed on Sep 24. Kernel is older and was not changed. My policy bug?
root has 'uG' role modes.

Big thanks for support!
Undine
 
Posts: 46
Joined: Thu Sep 08, 2011 7:08 am
Top

Re: grlearn strange behavior: segfaults, denied accesses

Postby spender » Tue Oct 18, 2011 7:58 pm

Are you trying to run grlearn yourself standalone? The RBAC system automatically adds a policy that won't allow /sbin/grlearn to start (/sbin/grlearn will be allowed to execute, but it has no permission to do anything). It should only be run by gradm itself and only when -L is specified on the commandline.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top

Re: grlearn strange behavior: segfaults, denied accesses

Postby Undine » Wed Oct 19, 2011 2:25 am

spender wrote:Are you trying to run grlearn yourself standalone? The RBAC system automatically adds a policy that won't allow /sbin/grlearn to start (/sbin/grlearn will be allowed to execute, but it has no permission to do anything). It should only be run by gradm itself and only when -L is specified on the commandline.

-Brad

No, I never tried to run /sbin/grlearn myself.
gradm was not in learning mode on that moment (no -L on commandline).
Undine
 
Posts: 46
Joined: Thu Sep 08, 2011 7:08 am
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group