grsecurity forums

[angeloio]

Dear all.

I just installed grsecurity-2.2.2-2.6.32.50-201112102010 patch on the respective vanilla linux-2.6.32.50 kernel on a Debian squeeze running on top of xen (vps server).
The iptables patch has not been applied.
I also installed a LAMP architecture on the bare system.

Info:
# dpkg -l | grep apache
ii apache2 2.2.16-6+squeeze4 Apache HTTP Server metapackage
ii apache2-doc 2.2.16-6+squeeze4 Apache HTTP Server documentation
ii apache2-mpm-prefork 2.2.16-6+squeeze4 Apache HTTP Server - traditional non-threaded model
ii apache2-suexec-custom 2.2.16-6+squeeze4 Configurable suexec program for Apache 2 mod_suexec
ii apache2-utils 2.2.16-6+squeeze4 utility programs for webservers
ii apache2.2-bin 2.2.16-6+squeeze4 Apache HTTP Server common binary files
ii apache2.2-common 2.2.16-6+squeeze4 Apache HTTP Server common files
ii libapache-ruby1.8 1.2.6-2 Ruby libraries for mod_ruby
ii libapache2-mod-fcgid 1:2.3.6-1 an alternative module compat with mod_fastcgi
ii libapache2-mod-php5 5.3.3-7+squeeze3 server-side, HTML-embedded scripting language (Apache 2 module)
ii libapache2-mod-ruby 1.2.6-2 Embedding Ruby in the Apache2 web server
ii libapache2-svn 1.6.12dfsg-6 Subversion server modules for Apache

No virtual host has been setup yet but just after installation dmesg reports:
[2317363.401721] grsec: Segmentation fault occurred at 0000002100004a6a in /usr/lib/apache2/mpm-prefork/apache2[apache2:19050] uid/euid:33/33 gid/egid:33/33, parent /usr/lib/apache2/mpm-prefork/apache2[apache2:13521] uid/euid:0/0 gid/egid:0/0
[2317363.405296] grsec: Segmentation fault occurred at 0000002100004a67 in /usr/lib/apache2/mpm-prefork/apache2[apache2:19047] uid/euid:33/33 gid/egid:33/33, parent /usr/lib/apache2/mpm-prefork/apache2[apache2:13521] uid/euid:0/0 gid/egid:0/0
[2317363.406159] grsec: Segmentation fault occurred at 0000002100004a69 in /usr/lib/apache2/mpm-prefork/apache2[apache2:19049] uid/euid:33/33 gid/egid:33/33, parent /usr/lib/apache2/mpm-prefork/apache2[apache2:13521] uid/euid:0/0 gid/egid:0/0
[2317363.410432] grsec: Segmentation fault occurred at 0000002100004a68 in /usr/lib/apache2/mpm-prefork/apache2[apache2:19048] uid/euid:33/33 gid/egid:33/33, parent /usr/lib/apache2/mpm-prefork/apache2[apache2:13521] uid/euid:0/0 gid/egid:0/0
[2317393.405429] grsec: Segmentation fault occurred at 0000002100004a6b in /usr/lib/apache2/mpm-prefork/apache2[apache2:19051] uid/euid:33/33 gid/egid:33/33, parent /usr/lib/apache2/mpm-prefork/apache2[apache2:13521] uid/euid:0/0 gid/egid:0/0
[2317424.409366] grsec: Segmentation fault occurred at 0000002100005023 in /usr/lib/apache2/mpm-prefork/apache2[apache2:20515] uid/euid:33/33 gid/egid:33/33, parent /usr/lib/apache2/mpm-prefork/apache2[apache2:13521] uid/euid:0/0 gid/egid:0/0

while the apache error log reports
[Thu Dec 22 15:03:41 2011] [notice] Apache/2.2.16 (Debian) configured -- resuming normal operations
[Thu Dec 22 15:04:35 2011] [notice] Graceful restart requested, doing restart
apache2: apr_sockaddr_info_get() failed for perseus.domainname.com
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[Thu Dec 22 15:04:35 2011] [notice] Apache/2.2.16 (Debian) configured -- resuming normal operations
[Thu Dec 22 15:04:48 2011] [notice] Graceful restart requested, doing restart
apache2: apr_sockaddr_info_get() failed for perseus.domainname.com
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[Thu Dec 22 15:04:48 2011] [notice] Apache/2.2.16 (Debian) mod_fcgid/2.3.6 configured -- resuming normal operations
[Thu Dec 22 15:05:18 2011] [notice] child pid 19047 exit signal Segmentation fault (11)
[Thu Dec 22 15:05:18 2011] [notice] child pid 19048 exit signal Segmentation fault (11)
[Thu Dec 22 15:05:18 2011] [notice] child pid 19049 exit signal Segmentation fault (11)
[Thu Dec 22 15:05:18 2011] [notice] child pid 19050 exit signal Segmentation fault (11)
[Thu Dec 22 15:05:49 2011] [notice] Graceful restart requested, doing restart
apache2: apr_sockaddr_info_get() failed for perseus.domainname.com
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[Thu Dec 22 15:06:49 2011] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze3 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) configured -- resuming normal operations
[Thu Dec 22 15:06:49 2011] [notice] child pid 19051 exit signal Segmentation fault (11)
[Thu Dec 22 15:07:19 2011] [notice] child pid 20515 exit signal Segmentation fault (11)

Any ideas ?

Many thanks for your time and help
If you need any more information please tell me so and I will post it immediately

[PaX Team]

you should post your .config (at least the grsec/pax parts) and also try to get a coredump for one of these crashes and see which code segfaulted exactly. if you need help with the latter you should come on irc for faster communication, but probably next week due to the holidays.