| 1 |
Hello, |
| 2 |
|
| 3 |
> > I've been experiencing really strange behaviours with the 2 latest |
| 4 |
> > hardened kernels (2.6.14-r6 and r7) on 2 different machines that are |
| 5 |
> > both used as OpenVPN concentrators. |
| 6 |
> > 2.6.14-r5 is working fine on these machines. |
| 7 |
> |
| 8 |
> looking at the diff between r5 and r6 i only see grsec related |
| 9 |
> changes, so that could be the culprit. would it be possible to |
| 10 |
> try the latest grsec patch alone (it's in grsecurity.net/~spender )? |
| 11 |
|
| 12 |
I compile gentoo-sources-2.6.14-r7 and added |
| 13 |
grsecurity-2.1.9-2.6.14.7-200602141849.patch |
| 14 |
I couldn't make that kernel crash... |
| 15 |
I'll try this afternoon to add various other patches from the |
| 16 |
hardened-patches-2.6.14-7.extras.tar.bz2 series to see which one is |
| 17 |
responsible. |
| 18 |
I also tried to compile hardened-2.6.16-r4 but the make process failed with |
| 19 |
|
| 20 |
LD arch/i386/lib/built-in.o |
| 21 |
CC arch/i386/lib/bitops.o |
| 22 |
AS arch/i386/lib/checksum.o |
| 23 |
CC arch/i386/lib/delay.o |
| 24 |
AS arch/i386/lib/getuser.o |
| 25 |
CC arch/i386/lib/memcpy.o |
| 26 |
AS arch/i386/lib/putuser.o |
| 27 |
CC arch/i386/lib/strstr.o |
| 28 |
CC arch/i386/lib/usercopy.o |
| 29 |
AR arch/i386/lib/lib.a |
| 30 |
GEN .version |
| 31 |
CHK include/linux/compile.h |
| 32 |
UPD include/linux/compile.h |
| 33 |
CC init/version.o |
| 34 |
LD init/built-in.o |
| 35 |
LD .tmp_vmlinux1 |
| 36 |
arch/i386/kernel/vmlinux.lds:1681 cannot move location counter |
| 37 |
backwards (from 0 00000000102e388 to 000000000102e387) |
| 38 |
make: *** [.tmp_vmlinux1] Error 1 |
| 39 |
|
| 40 |
|
| 41 |
> > The phenomenon is the following. When I connect to the openvpn |
| 42 |
> > server from remote with openvpn, a connection is established (from |
| 43 |
> > the view of the client) but in the same moment the server crashes. |
| 44 |
> > |
| 45 |
> > This is what I managed to capture with netconsole: |
| 46 |
> |
| 47 |
> is this the full oops report? also posting your kernel .config |
| 48 |
> and corresponding System.map would be useful (probably not to |
| 49 |
> the list as they are quite big). |
| 50 |
|
| 51 |
Yes, this is everything I get. |
| 52 |
|
| 53 |
|
| 54 |
You can find the .config file at |
| 55 |
http://schwicky.net/linux/download/config |
| 56 |
and the system.map at |
| 57 |
http://schwicky.net/linux/download/System.map-2.6.14-hardened-r7 |
| 58 |
|
| 59 |
Regards. |
| 60 |
Jean-Pierre |
| 61 |
|
| 62 |
|
| 63 |
-- |
| 64 |
Powered by Linux From Scratch - http://schwicky.net/ |
| 65 |
PGP Key ID: 0xEE6F49B4 - AIM/Jabber: Schwicky - ICQ: 4690141 |
| 66 |
|
| 67 |
Nothing is impossible... Everything is relative! |
| 68 |
-- |
| 69 |
gentoo-hardened@g.o mailing list |
Archives