Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Mivz <mivz@×××××××××××××.net>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] SELinux:after latest update every binary needs the execmod permission to execute
Date: Thu, 13 Apr 2006 12:47:23
Message-Id: 443E4823.6060109@alpha.spugium.net
In Reply to: Re: [gentoo-hardened] SELinux:after latest update every binary needs the execmod permission to execute by pageexec@freemail.hu
1 >
2 >
3 >>Sinds my latest update I need to add execmod permissions for every
4 >>executable binary other wise it says:
5 >>error while loading shared libraries: cannot restore segment prot after
6 >>reloc: Permission denied
7 >>
8 >>
9 >
10 >strace will tell you on which mapping you got the mprotect failure,
11 >that's the culprit library.
12 >
13 >
14 Tanks, but in enforcing it craches at the first line. Not at mprotect.
15 strace ping
16 execve("/bin/ping", ["ping"], [/* 33 vars */]) = 0
17 +++ killed by SIGKILL +++
18
19 Without enforcing ping works just fine:
20
21 strace ping
22 execve("/bin/ping", ["ping"], [/* 33 vars */]) = 0
23 uname({sys="Linux", node="terra", ...}) = 0
24 brk(0) = 0x8001e320
25 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
26 directory)
27 open("/etc/ld.so.cache", O_RDONLY) = 3
28 fstat64(3, {st_mode=S_IFREG|0644, st_size=17816, ...}) = 0
29 mmap2(NULL, 17816, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f6c000
30 close(3) = 0
31 open("/lib/libresolv.so.2", O_RDONLY) = 3
32 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@&\0\000"...,
33 512) = 512
34 fstat64(3, {st_mode=S_IFREG|0755, st_size=68620, ...}) = 0
35 mmap2(NULL, 79860, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
36 = 0xb7f58000
37 mmap2(0xb7f68000, 8192, PROT_READ|PROT_WRITE,
38 MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf) = 0xb7f68000
39 mmap2(0xb7f6a000, 6132, PROT_READ|PROT_WRITE,
40 MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f6a000
41 close(3) = 0
42 open("/lib/libc.so.6", O_RDONLY) = 3
43 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220T\1"...,
44 512) = 512
45 fstat64(3, {st_mode=S_IFREG|0755, st_size=1245200, ...}) = 0
46 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
47 0) = 0xb7f57000
48 mmap2(NULL, 1174740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
49 0) = 0xb7e38000
50 mmap2(0xb7f51000, 16384, PROT_READ|PROT_WRITE,
51 MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x119) = 0xb7f51000
52 mmap2(0xb7f55000, 7380, PROT_READ|PROT_WRITE,
53 MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f55000
54 close(3) = 0
55 mprotect(0xb7f51000, 4096, PROT_READ) = 0
56 mprotect(0x80000000, 40960, PROT_READ|PROT_WRITE) = 0
57 mprotect(0x80000000, 40960, PROT_READ|PROT_EXEC) = 0
58 mprotect(0x8000a000, 4096, PROT_READ) = 0
59 mprotect(0xb7f87000, 4096, PROT_READ) = 0
60 munmap(0xb7f6c000, 17816) = 0
61 open("/dev/urandom", O_RDONLY) = 3
62 read(3, "\312@M\273", 4) = 4
63 close(3) = 0
64 socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = 3
65 getuid32() = 0
66 setuid32(0) = 0
67 write(2, "Usage: ping [-LRUbdfnqrvVaA] [-c"..., 262Usage: ping
68 [-LRUbdfnqrvVaA] [-c count] [-i interval] [-w deadline]
69 [-p pattern] [-s packetsize] [-t ttl] [-I interface or address]
70 [-M mtu discovery hint] [-S sndbuf]
71 [ -T timestamp option ] [ -Q tos ] [hop1 ...] destination
72 ) = 262
73 exit_group(2) = ?
74
75
76 --
77 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] SELinux:after latest update every binary needs the execmod permission to execute pageexec@××××××××.hu
Report Message
Find on MARC Find on Google Groups