hi @ grsec_forum...
i have a strange behaviour on ssh connections to our server (which is probably hacked)...
on systems without pax/grsecurity:
when a ssh connection times out...
i do a "kill -11 $ssh_pid" on the local connecting machine
local ssh process creates "segmentation fault"...
suspicious... someone tries to exploit my machine i think...
the strange thing is:
i have an apple ibook with gentoo linux hardened (kernel 2.6.18) +pax+ssp
the same behaviour as mentioned above !?!
ssh exits with segmentation fault and pax_log/grsec_log doesnt mention anything...
checked the pax flags on ssh client binary -> everything ok...
recompiled newest open_ssh client -> same thing...
how can i check that pax/ssp works correctly?
should i try to debug ssh with gdb to see where the attacker tries to crash ssh?
if i compile a system with "-O3" compiler flag, is there still a possibility to debug things?
hopefully someone can help...
greetz,
claus prüfer