grsecurity forums

[In Flames]

Hello,

i habe patched my kernel with the grsec security patch.
I have 3 Mohaa Spearhead, but they crash often since i habe patched my 2.6.10 Kernel.

The processes get status 11 and hang up.

First Server

Feb 21 17:50:40 debian kernel: grsec: From 80.184.55.XXX: signal 11 sent to /srv/mohrifle/spearhead_lnxded[spearhead_lnxde:30648] uid/euid:1000/1000 gid/egid:100/100, parent /bin/bash[sh:8779] uid/euid:1000/1000 gid/egid:100/100

Secend and third server

Feb 21 22:07:20 debian kernel: grsec: From 80.184.55.XXX: signal 11 sent to /srv/mohaa/spearhead_lnxded[spearhead_lnxde:19271] uid/euid:1000/1000 gid/egid:100/100, parent /srv/mlds.sh[mlds.sh:7551] uid/euid:1000/1000 gid/egid:100/100

Feb 21 22:09:44 debian kernel: grsec: From 80.184.55.XXX: signal 11 sent to /srv/mohrifle/spearhead_lnxded[spearhead_lnxde:23418] uid/euid:1000/1000 gid/egid:100/100, parent /bin/bash[sh:8779] uid/euid:1000/1000 gid/egid:100/100

I hope you can help me, thank you very much

Greetings from Germany

[glaeken]

try turning PAX features off for this process in ACL
or try chpax utility

[In Flames]

Thank you.

That I already considered myself but the grsec patch is than useless??


Thanks

[glaeken]

No, probably only some of the PAX features are in conflict with this game server. You can play around with them to know exactly which part of PAX makes it unusable. Instead you can use RBAC system to "guard" this gameserver. As I suppose it doesn't need i.e. access to /etc/shadow nor /proc neither other system-critical places (/bin etc.)

[In Flames]

The chpax patch doesent help

[spender]

If there are no other grsec logs associated with this, I don't think it is related to grsec. Grsec is not sending the signal, it is merely logging what the system was doing anyways. I would need an strace of the process to determine what the culprit is.

-Brad

[PaX Team]

That I already considered myself but the grsec patch is than useless??

indeed, disabling PaX features should be your last resort only, as that solves the symptoms, not the problem (unless the problem is actual runtime code generation, but i take it that this server doesn't want to do that per se, you would have gotten a PaX kill message for that). imho, this is some application bug triggered by one of the hardening options in grsec (including PaX, but i think it can at most be randomization, not the non-exec pages). you can tell better if you can get a coredump and analyze it a bit. i posted the procedure here and/or the mailing list some time ago, if you have the time/knowledge (or can ask someone else) to do it, give it a try, you may well be uncovering some important bug in there. we can also help if you can give us shell access or at least the coredump, contact me or spender in private then (note that the coredump contains all writable process memory, including potentially sensitive info, you don't want to put it on a public webserver .