Hi,
after patching linux-2.6.19.2, with grsecurity-2.1.10-2.6.19.2-200701222307.patch (on ubuntu 7.04 server 64 bit) I found a weird behaviour during the boot: I see a lot of fast segmentation fault but the boot goes on. After this fast segfaults the kernel seems to boot normally and the on screen log starts with
kinit name_to_dev_t(/dev/sda1)=sda1(8,1)
and goes on till the end. Well, after the boot all seems working well, but I can't point out the problems. I can't find useful infos in sys logs, except, maybe, for the following lines:
May 15 10:28:02 cruncher kernel: [ 94.125669] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2076] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.126496] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2081] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.128386] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2090] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.130824] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2099] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.133542] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2109] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.136307] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2122] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.137281] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2128] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.138173] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2131] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.139021] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2136] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.139874] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2143] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.140725] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[s
leep:2148] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
May 15 10:28:02 cruncher kernel: [ 94.141551] grsec: more alerts, logging disabled for 5 seconds
Any idea on what could it be and how to solve it?
Thanks in advance
Here my pax and grsec kernel config:
# Security options
#
#
# PaX
#
CONFIG_PAX=y
#
# PaX Control
#
CONFIG_PAX_SOFTMODE=y
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
#
# Non-executable pages
#
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_MPROTECT=y
CONFIG_PAX_NOELFRELOCS=y
#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
#
# Miscellaneous hardening features
#
CONFIG_PAX_MEMORY_SANITIZE=y
#
# Grsecurity
#
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
# CONFIG_GRKERNSEC_CUSTOM is not set
#
# Address Space Protection
#
CONFIG_GRKERNSEC_KMEM=y
# CONFIG_GRKERNSEC_IO is not set
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODSTOP=y
CONFIG_GRKERNSEC_HIDESYM=y
#
# Role Based Access Control Options
#
# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=1001
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
#
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
# CONFIG_GRKERNSEC_PROC_IPADDR is not set
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_SHM=y
CONFIG_GRKERNSEC_DMESG=y
# CONFIG_GRKERNSEC_TPE is not set
#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_SOCKET=y
# CONFIG_GRKERNSEC_SOCKET_ALL is not set
# CONFIG_GRKERNSEC_SOCKET_CLIENT is not set
# CONFIG_GRKERNSEC_SOCKET_SERVER is not set
#
# Sysctl support
#
# CONFIG_GRKERNSEC_SYSCTL is not set
#
# Logging Options
#
# CONFIG_GRKERNSEC_SYSCTL is not set
#
# Logging Options
#
CONFIG_GRKERNSEC_FLOODTIME=5
CONFIG_GRKERNSEC_FLOODBURST=10
CONFIG_KEYS=y
# CONFIG_KEYS_DEBUG_PROC_KEYS is not set
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_NETWORK_XFRM is not set
CONFIG_SECURITY_CAPABILITIES=y
# CONFIG_SECURITY_ROOTPLUG is not set
# CONFIG_SECURITY_SELINUX is not set
Invisible segmentation fault
3 posts
• Page 1 of 1
Invisible segmentation fault
by zarrelli » Tue May 15, 2007 4:39 am
- zarrelli
- Posts: 2
- Joined: Tue May 15, 2007 4:02 am
Re: Invisible segmentation fault
by PaX Team » Wed May 16, 2007 5:09 pm
do you have other logs (notably, from PaX) as well?zarrelli wrote:May 15 10:28:02 cruncher kernel: [ 94.125669] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /init[sleep:2076] uid/euid:0/0 gid/egid:0/0, parent /init[init:1] uid/euid:0/0 gid/egid:0/0
other than that, you'd have to enable coredumps that early and see why /init crashed. or maybe run it by hand if that reproduces the crash, then you can debug it easily. you can also try to eliminate kernel config options, starting with the PaX bits and see when the problem goes away.
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
Re: Invisible segmentation fault
by zarrelli » Fri May 18, 2007 7:17 am
do you have other logs (notably, from PaX) as well?
other than that, you'd have to enable coredumps that early and see why /init crashed. or maybe run it by hand if that reproduces the crash, then you can debug it easily. you can also try to eliminate kernel config options, starting with the PaX bits and see when the problem goes away.
I was trying to enable ulimit -c 50000 but I don't understand how to enable it permanently at boot time in ubuntu 7.04. Anyone knows how to set up at boot?
If I understand well it's the process "sleep" spawner by init which is crashing.
- zarrelli
- Posts: 2
- Joined: Tue May 15, 2007 4:02 am
3 posts
• Page 1 of 1