1 |
> |
2 |
> |
3 |
>>Sinds my latest update I need to add execmod permissions for every |
4 |
>>executable binary other wise it says: |
5 |
>>error while loading shared libraries: cannot restore segment prot after |
6 |
>>reloc: Permission denied |
7 |
>> |
8 |
>> |
9 |
> |
10 |
>strace will tell you on which mapping you got the mprotect failure, |
11 |
>that's the culprit library. |
12 |
> |
13 |
> |
14 |
Tanks, but in enforcing it craches at the first line. Not at mprotect. |
15 |
strace ping |
16 |
execve("/bin/ping", ["ping"], [/* 33 vars */]) = 0 |
17 |
+++ killed by SIGKILL +++ |
18 |
|
19 |
Without enforcing ping works just fine: |
20 |
|
21 |
strace ping |
22 |
execve("/bin/ping", ["ping"], [/* 33 vars */]) = 0 |
23 |
uname({sys="Linux", node="terra", ...}) = 0 |
24 |
brk(0) = 0x8001e320 |
25 |
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or |
26 |
directory) |
27 |
open("/etc/ld.so.cache", O_RDONLY) = 3 |
28 |
fstat64(3, {st_mode=S_IFREG|0644, st_size=17816, ...}) = 0 |
29 |
mmap2(NULL, 17816, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f6c000 |
30 |
close(3) = 0 |
31 |
open("/lib/libresolv.so.2", O_RDONLY) = 3 |
32 |
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@&\0\000"..., |
33 |
512) = 512 |
34 |
fstat64(3, {st_mode=S_IFREG|0755, st_size=68620, ...}) = 0 |
35 |
mmap2(NULL, 79860, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) |
36 |
= 0xb7f58000 |
37 |
mmap2(0xb7f68000, 8192, PROT_READ|PROT_WRITE, |
38 |
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf) = 0xb7f68000 |
39 |
mmap2(0xb7f6a000, 6132, PROT_READ|PROT_WRITE, |
40 |
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f6a000 |
41 |
close(3) = 0 |
42 |
open("/lib/libc.so.6", O_RDONLY) = 3 |
43 |
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220T\1"..., |
44 |
512) = 512 |
45 |
fstat64(3, {st_mode=S_IFREG|0755, st_size=1245200, ...}) = 0 |
46 |
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, |
47 |
0) = 0xb7f57000 |
48 |
mmap2(NULL, 1174740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, |
49 |
0) = 0xb7e38000 |
50 |
mmap2(0xb7f51000, 16384, PROT_READ|PROT_WRITE, |
51 |
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x119) = 0xb7f51000 |
52 |
mmap2(0xb7f55000, 7380, PROT_READ|PROT_WRITE, |
53 |
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f55000 |
54 |
close(3) = 0 |
55 |
mprotect(0xb7f51000, 4096, PROT_READ) = 0 |
56 |
mprotect(0x80000000, 40960, PROT_READ|PROT_WRITE) = 0 |
57 |
mprotect(0x80000000, 40960, PROT_READ|PROT_EXEC) = 0 |
58 |
mprotect(0x8000a000, 4096, PROT_READ) = 0 |
59 |
mprotect(0xb7f87000, 4096, PROT_READ) = 0 |
60 |
munmap(0xb7f6c000, 17816) = 0 |
61 |
open("/dev/urandom", O_RDONLY) = 3 |
62 |
read(3, "\312@M\273", 4) = 4 |
63 |
close(3) = 0 |
64 |
socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = 3 |
65 |
getuid32() = 0 |
66 |
setuid32(0) = 0 |
67 |
write(2, "Usage: ping [-LRUbdfnqrvVaA] [-c"..., 262Usage: ping |
68 |
[-LRUbdfnqrvVaA] [-c count] [-i interval] [-w deadline] |
69 |
[-p pattern] [-s packetsize] [-t ttl] [-I interface or address] |
70 |
[-M mtu discovery hint] [-S sndbuf] |
71 |
[ -T timestamp option ] [ -Q tos ] [hop1 ...] destination |
72 |
) = 262 |
73 |
exit_group(2) = ? |
74 |
|
75 |
|
76 |
-- |
77 |
gentoo-hardened@g.o mailing list |