grsecurity forums

Skip to content

strange problem with 2.4.19 grsec 1.9.6

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

strange problem with 2.4.19 grsec 1.9.6

Postby maroi » Fri Sep 06, 2002 3:29 pm

slack 8.1
kernel 2.4.19 + grsec 1.9.6
patching and other thing was fine
but on a first reboot on a new kernel
it stops on "freeing unused kernel memory.."
it waits,waits.... and nothing happens
I didn`t wait for longer than a minute.
my grsec options :
CONFIG_GRKERNSEC_PAX=y
CONFIG_GRKERNSEC_PAX_MPROTECT=y CONFIG_GRKERNSEC_PAX_RANDMMAP=y CONFIG_GRKERNSEC_PAX_RANDEXEC=y CONFIG_GRKERNSEC_KMEM=y
CONFIG_GRKERNSEC_KSYMS=y
CONFIG_GR_MAXTRIES=3
CONFIG_GR_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=10
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_RANDPID=y
CONFIG_GRKERNSEC_RANDID=y
CONFIG_GRKERNSEC_RANDSRC=y
CONFIG_GRKERNSEC_RANDRPC=y
CONFIG_GRKERNSEC_RANDBIND=y
CONFIG_GRKERNSEC_RANDPING=y
CONFIG_GRKERNSEC_FLOODTIME=30 CONFIG_GRKERNSEC_FLOODBURST=4

these are my options I`ve set , the rest of then are disabled
What`s wrong ?
maroi
 
Posts: 4
Joined: Fri Sep 06, 2002 3:27 pm
Top

Re: strange problem with 2.4.19 grsec 1.9.6

Postby PaX Team » Fri Sep 06, 2002 7:09 pm

maroi wrote:slack 8.1

what gcc version did you use? it's known that 2.96.something at least miscompiles the PaX code in mm.h (static inline with ifdefs). what definitely works is 2.95.3 and 3.2, i don't know the others. so could first give one of these versions a try?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top

Re

Postby maroi » Fri Sep 06, 2002 8:12 pm

And the worst thing of it is that the version of gcc is 2.95.3.
Now I really don`t know what to do :-?
My second chance could be disabling pax, but I are there any other ways ?
maroi
 
Posts: 4
Joined: Fri Sep 06, 2002 3:27 pm
Top

Postby spender » Sat Sep 07, 2002 11:20 am

have you tried using the newest cvs version of grsecurity yet?

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top

Postby maroi » Sat Sep 07, 2002 2:49 pm

spender wrote:have you tried using the newest cvs version of grsecurity yet?

No , I didn`t
but is it safe ?
coz some of the cvs versions could be unstable, am I right ?
maroi
 
Posts: 4
Joined: Fri Sep 06, 2002 3:27 pm
Top

Postby spender » Sat Sep 07, 2002 2:54 pm

if they are, it's only for a couple minutes. I do things a bit differently than other projects...the current CVS will always work, as it's the one I'm always running. If I do any major changes I make them locally, and then commit when working chunks are completed.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top

Postby maroi » Sat Sep 07, 2002 3:52 pm

ok fine.
so use the latest development version of grsecurity
or the latest cvs ?
and how I can get that latest cvs version (I never used cvs before)
maroi
 
Posts: 4
Joined: Fri Sep 06, 2002 3:27 pm
Top

Postby spender » Sat Sep 07, 2002 3:56 pm

instructions on how to generate a patch from the current cvs version is available on http://grsecurity.net/cvs.php
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group