grsecurity forums

[Stephane]

I confirm that it doesn't change when desactivating CONFIG_GRKERNSEC_SYSFS_RESTRICT

[PaX Team]

ok, a few more things to try still:

1. grsec patched in but with everything disabled
2. PaX alone patched in with your originally enabled features
3. PaX alone patched in but with everything disabled

this will hopefully tell us whether the problem is in PaX or some of the backported patches in grsec.

[Stephane]

Ok I'm compiling the grsec patched kernel with everything disabled

[Stephane]

Ok so just patching with security options -> grsecurity unselected and I have the same problem ...
Can you point me to the "single" PaX patch please ?

I'm pretty sure that the problem is coming from "routing through the namespace "...

[PaX Team]

they're in my directory as usual: https://grsecurity.net/~paxguy1/

[Stephane]

Ok thank you... it's compiling.

[Stephane]

Ok it seems to come from the PaX patch.

#
# Security options
#

#
# PaX
#
CONFIG_TASK_SIZE_MAX_SHIFT=47
# CONFIG_PAX is not set

#
# Miscellaneous hardening features
#
# CONFIG_PAX_MEMORY_SANITIZE is not set
# CONFIG_PAX_MEMORY_STACKLEAK is not set
# CONFIG_PAX_MEMORY_STRUCTLEAK is not set
# CONFIG_PAX_MEMORY_UDEREF is not set
# CONFIG_PAX_REFCOUNT is not set
# CONFIG_PAX_USERCOPY is not set
# CONFIG_PAX_SIZE_OVERFLOW is not set
# CONFIG_PAX_LATENT_ENTROPY is not set
CONFIG_KEYS=y
CONFIG_PERSISTENT_KEYRINGS=y
CONFIG_BIG_KEYS=y
CONFIG_TRUSTED_KEYS=y
CONFIG_ENCRYPTED_KEYS=y
# CONFIG_KEYS_DEBUG_PROC_KEYS is not set
# CONFIG_SECURITY_DMESG_RESTRICT is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y

Code: Select all

adminomc@vmb:~$ iperf -s -i 1
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[  4] local 192.168.1.5 port 5001 connected with 192.168.0.5 port 54055
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0- 1.0 sec  5.66 KBytes  46.3 Kbits/sec
[  4]  1.0- 2.0 sec  9.90 KBytes  81.1 Kbits/sec
[  4]  2.0- 3.0 sec  7.07 KBytes  57.9 Kbits/sec
[  4]  3.0- 4.0 sec  7.07 KBytes  57.9 Kbits/sec
[  4]  4.0- 5.0 sec  11.3 KBytes  92.7 Kbits/sec
[  4]  5.0- 6.0 sec  9.90 KBytes  81.1 Kbits/sec
[  4]  6.0- 7.0 sec  7.07 KBytes  57.9 Kbits/sec
[  4]  7.0- 8.0 sec  8.48 KBytes  69.5 Kbits/sec
[  4]  8.0- 9.0 sec  5.66 KBytes  46.3 Kbits/sec
[  4]  9.0-10.0 sec  7.07 KBytes  57.9 Kbits/sec
[  4] 10.0-11.0 sec  8.48 KBytes  69.5 Kbits/sec
[  4] 11.0-12.0 sec  12.7 KBytes   104 Kbits/sec
[  4] 12.0-13.0 sec  8.48 KBytes  69.5 Kbits/sec
[  4] 13.0-14.0 sec  7.07 KBytes  57.9 Kbits/sec
[  4] 14.0-15.0 sec  12.7 KBytes   104 Kbits/sec
[  4] 15.0-16.0 sec  7.07 KBytes  57.9 Kbits/sec
[  4] 16.0-17.0 sec  63.6 KBytes   521 Kbits/sec
[  4] 17.0-18.0 sec  46.7 KBytes   382 Kbits/sec
[  4]  0.0-18.3 sec   256 KBytes   115 Kbits/sec


Code: Select all

[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 1.0 sec   128 KBytes  1.05 Mbits/sec
[  3]  1.0- 2.0 sec  0.00 Bytes  0.00 bits/sec
[  3]  2.0- 3.0 sec  0.00 Bytes  0.00 bits/sec
[  3]  3.0- 4.0 sec  0.00 Bytes  0.00 bits/sec
[  3]  4.0- 5.0 sec  0.00 Bytes  0.00 bits/sec
[  3]  5.0- 6.0 sec  0.00 Bytes  0.00 bits/sec
[  3]  6.0- 7.0 sec   128 KBytes  1.05 Mbits/sec
[  3]  7.0- 8.0 sec  0.00 Bytes  0.00 bits/sec
[  3]  8.0- 9.0 sec  0.00 Bytes  0.00 bits/sec
[  3]  9.0-10.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 10.0-11.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 11.0-12.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 12.0-13.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 13.0-14.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 14.0-15.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 15.0-16.0 sec   128 KBytes  1.05 Mbits/sec
[  3] 16.0-17.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 17.0-18.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 18.0-19.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 19.0-20.0 sec   128 KBytes  1.05 Mbits/sec
[  3] 20.0-21.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 21.0-22.0 sec   128 KBytes  1.05 Mbits/sec
[  3] 22.0-23.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 23.0-24.0 sec   128 KBytes  1.05 Mbits/sec
[  3] 24.0-25.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 25.0-26.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 26.0-27.0 sec   128 KBytes  1.05 Mbits/sec
[  3] 27.0-28.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 28.0-29.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 29.0-30.0 sec   128 KBytes  1.05 Mbits/sec
[  3] 30.0-31.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 31.0-32.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 32.0-33.0 sec   128 KBytes  1.05 Mbits/sec
[  3] 33.0-34.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 34.0-35.0 sec   128 KBytes  1.05 Mbits/sec
[  3] 35.0-36.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 36.0-37.0 sec   128 KBytes  1.05 Mbits/sec
[  3] 37.0-38.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 38.0-39.0 sec   128 KBytes  1.05 Mbits/sec
[  3] 39.0-40.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 40.0-41.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 41.0-42.0 sec   128 KBytes  1.05 Mbits/sec
[  3] 42.0-43.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 43.0-44.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 44.0-45.0 sec   128 KBytes  1.05 Mbits/sec
[  3] 45.0-46.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 46.0-47.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 47.0-48.0 sec   128 KBytes  1.05 Mbits/sec
[  3] 48.0-49.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 49.0-50.0 sec  0.00 Bytes  0.00 bits/sec
[  3] 50.0-51.0 sec  0.00 Bytes  0.00 bits/sec


[Stephane]

Wait CONFIG_CGROUP_NET_PRIO is desactivated in my config ! I do not know why... I'm compiling a new kernel again with CONFIG_CGROUP_NET_PRIO=y to see. If it's ok shame on me

[Stephane]

It doesn't come from PaX ... I've rebuilt my kernel without any patch and the same problem occured.
Sorry for disturbing and thank you for your help.