2.4.26+grsec loads and reboot immediately

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

2.4.26+grsec loads and reboot immediately

Postby christophe » Sun May 02, 2004 5:18 am

This system (old Pentium 75 MHz, 24 Mb RAM) works well with 2.4.25+grsecurity or the pure 2.4.26. This is a pure 100% Debian woody, except for the grsec package (1.19 or 2.0, same problem) and the kernel (from kernel.org, as requested by the package maintener).

Applying grsec on a 2.4.26 makes the system unusable : the kernel loads, shows some informations (last one seen : 'Calibrating...', although I can't say if something else appears, it reboots too quickly) and reboots spontaneously. If you know some way to have more logs, tell me...

I've tried to disable totally Grsec, to build everything again from a clean source, I've purged and reinstalled the grsec package, buid it on another (Sarge) box as a last resort, without any change.

The .config is there :
http://www.courtois.cc/perso/config-2.4.26+grsec2
(the grsec part is not important ; as already said it fails even deactivated). This is a the .config of my 2.4.25+grsec with make oldconfig.

Thanks for any help!
christophe
 
Posts: 2
Joined: Sun May 02, 2004 5:00 am

Re: 2.4.26+grsec loads and reboot immediately

Postby PaX Team » Sun May 02, 2004 4:13 pm

christophe wrote:Applying grsec on a 2.4.26 makes the system unusable : the kernel loads, shows some informations (last one seen : 'Calibrating...', although I can't say if something else appears, it reboots too quickly) and reboots spontaneously. If you know some way to have more logs, tell me...
what does 'grep idt_table System.map' say (on both the working and the failing kernels)? also, can you try the latest PaX patch alone to see if it works at all?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby christophe » Wed May 05, 2004 3:57 pm

Kernel 2.4.26 with patch from Grsec2 Debian package :

/boot/System.map-2.4.26+grsec2
c01200a0 B idt_table

With the recent pax version as suggested by Lazslo :
/boot/System.map-2.4.26+pax
c02e7000 R
(this one boots and seems to works fine)

Vanilla kernel:
/boot/System.map-2.4.26.v
c02f4000 D idt_table
christophe
 
Posts: 2
Joined: Sun May 02, 2004 5:00 am

Postby PaX Team » Wed May 05, 2004 4:41 pm

christophe wrote:/boot/System.map-2.4.26+grsec2
c01200a0 B idt_table
yes, that's a known problem, although the updated grsec patch (from 18th april, not the one from 17th) should have fixed it, alternatively you can just use the cvs version.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to grsecurity support