On a server I help administer, we have loads of shell accounts and have been running grsecurity in "full" mode for ages now (although we've yet to use the ACL stuff).
The other day we had our first grsecurity/PaX problem from a user who was running a binary compiled with some Kylix stuff
eeek:/home/amnesia# file hello
hello: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), not stripped
eeek:/home/amnesia# cat hello.dpr
uses
Classes;
begin
writeln('hello world')
end.
I'm not sure how the user is compiling the program yet - lack of communication at the moment.
Anyway, after a search for "kylix" on this forum I found the solution and used "chpax -s hello" to stop PaX from killing the execution. Here is what is logged in /var/log/syslog if segmentation based PAGE_EXEC is not disabled:
Jun 14 00:33:58 eeek kernel: PAX: From X.X.X.X: execution attempt in: /home/amnesia/hello, 0816d000-08171000 00024000
Jun 14 00:33:58 eeek kernel: PAX: From X.X.X.X: terminating task: /home/amnesia/hello(hello):14413, uid/euid: 0/0, PC: 0816f6c3, SP: 5e05d4a8
Jun 14 00:33:58 eeek kernel: PAX: bytes at PC: 83 44 24 04 dc e9 3f ec ed ff 83 44 24 04 dc e9 49 ec ed ff
Jun 14 00:33:58 eeek kernel: grsec: From X.X.X.X: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (hello:14413) UID(0) EUID(0), parent (bash:24717) UID(0) EUID(0)
Now, this is a problem in Borland Kylix isn't it? Can anyone shed any more information on this before I attempt to contact them with this to see if they can do anything about it in the future as to me it sounds like buggy software on their part?
Thank you for your time.