| 1 |
Hmm... I've had a search of the forums. People have been having similar |
| 2 |
problems, but not the same as mine. Seems there's a problem with the |
| 3 |
Borland compiler (which I assume the binary was compiled with) and it |
| 4 |
putting code into the .data section. However I have played with chpax |
| 5 |
and paxctl (for paxctl I had to convert the binary, since it didn't have |
| 6 |
a pax header). It seems turning protections on/off made no difference, |
| 7 |
it still dies at the same point with the same error. I tried diff'ing |
| 8 |
the different strace outputs, the only thing that seemed to change were |
| 9 |
memory addresses (as I would expect with random memory layout). |
| 10 |
|
| 11 |
I'm new to this level of playing with binaries, so excuse me if anything |
| 12 |
above doesn't make sense. |
| 13 |
|
| 14 |
Shawn |
| 15 |
|
| 16 |
John Schember wrote: |
| 17 |
> You don't need to open a bug report for this. It is unique to your |
| 18 |
> setup. You are no doubt using PAX in your kernel. There are known issues |
| 19 |
> with Team Speak and PAX. Simply use the chpax utility on the app to |
| 20 |
> allow it some leeway. Searched http://forum.goteamspeak.com/ for PAX a |
| 21 |
> number of people have run into this problem and there are solutions. I'm |
| 22 |
> pointing you there because I can't comment on which is the best. |
| 23 |
> |
| 24 |
> John Schember |
| 25 |
> |
| 26 |
> |
| 27 |
> On Mon, 2007-01-08 at 11:17 +1030, Shawn Haggett wrote: |
| 28 |
>> I've recently tried to install teamspeak2-server-bin onto my hardened |
| 29 |
>> gentoo server. However everytime I attempt to start it, the process dies |
| 30 |
>> with a segfault. |
| 31 |
>> |
| 32 |
>> I thought I would post here first, to see if anyone has any ideas, |
| 33 |
>> before I go opening a bug. |
| 34 |
>> |
| 35 |
>> emerge --info output: |
| 36 |
>> |
| 37 |
>> Portage 2.1.1-r2 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5, |
| 38 |
>> 2.6.17-hardened-r1 i686) |
| 39 |
>> ================================================================= |
| 40 |
>> System uname: 2.6.17-hardened-r1 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz |
| 41 |
>> Gentoo Base System version 1.12.6 |
| 42 |
>> Last Sync: Sun, 07 Jan 2007 16:30:01 +0000 |
| 43 |
>> app-admin/eselect-compiler: [Not Present] |
| 44 |
>> dev-java/java-config: 1.3.7, 2.0.31 |
| 45 |
>> dev-lang/python: 2.4.3-r4 |
| 46 |
>> dev-python/pycrypto: 2.0.1-r5 |
| 47 |
>> dev-util/ccache: [Not Present] |
| 48 |
>> dev-util/confcache: [Not Present] |
| 49 |
>> sys-apps/sandbox: 1.2.17 |
| 50 |
>> sys-devel/autoconf: 2.13, 2.61 |
| 51 |
>> sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 |
| 52 |
>> sys-devel/binutils: 2.16.1-r3 |
| 53 |
>> sys-devel/gcc-config: 1.3.14 |
| 54 |
>> sys-devel/libtool: 1.5.22 |
| 55 |
>> virtual/os-headers: 2.6.17-r2 |
| 56 |
>> ACCEPT_KEYWORDS="x86" |
| 57 |
>> AUTOCLEAN="yes" |
| 58 |
>> CBUILD="i686-pc-linux-gnu" |
| 59 |
>> CFLAGS="-march=pentium4 -O2 -pipe" |
| 60 |
>> CHOST="i686-pc-linux-gnu" |
| 61 |
>> CONFIG_PROTECT="/etc /usr/share/X11/xkb /var/bind" |
| 62 |
>> CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf |
| 63 |
>> /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" |
| 64 |
>> CXXFLAGS="-march=pentium4 -O2 -pipe" |
| 65 |
>> DISTDIR="/usr/portage/distfiles" |
| 66 |
>> FEATURES="autoconfig distlocks fixpackages metadata-transfer |
| 67 |
>> parallel-fetch sandbox sfperms strict userpriv" |
| 68 |
>> GENTOO_MIRRORS="ftp://mirror.internode.on.net/pub/gentoo |
| 69 |
>> http://distfiles.gentoo.org |
| 70 |
>> http://www.ibiblio.org/pub/Linux/distributions/gentoo" |
| 71 |
>> MAKEOPTS="-j4" |
| 72 |
>> PKGDIR="/usr/portage/packages" |
| 73 |
>> PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times |
| 74 |
>> --compress --force --whole-file --delete --delete-after --stats |
| 75 |
>> --timeout=180 --exclude='/distfiles' --exclude='/local' |
| 76 |
>> --exclude='/packages'" |
| 77 |
>> PORTAGE_TMPDIR="/var/tmp" |
| 78 |
>> PORTDIR="/usr/portage" |
| 79 |
>> PORTDIR_OVERLAY="/usr/local/portage" |
| 80 |
>> SYNC="rsync://speedy.podgeweb.com/gentoo-portage" |
| 81 |
>> USE="X acpi alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw |
| 82 |
>> alsa_pcm_plugins_asym alsa_pcm_plugins_copy alsa_pcm_plugins_dmix |
| 83 |
>> alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop alsa_pcm_plugins_empty |
| 84 |
>> alsa_pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks |
| 85 |
>> alsa_pcm_plugins_iec958 alsa_pcm_plugins_ioplug alsa_pcm_plugins_ladspa |
| 86 |
>> alsa_pcm_plugins_lfloat alsa_pcm_plugins_linear alsa_pcm_plugins_meter |
| 87 |
>> alsa_pcm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null |
| 88 |
>> alsa_pcm_plugins_plug alsa_pcm_plugins_rate alsa_pcm_plugins_route |
| 89 |
>> alsa_pcm_plugins_share alsa_pcm_plugins_shm alsa_pcm_plugins_softvol |
| 90 |
>> apache2 async authdaemond authfile automount bash-completion berkdb |
| 91 |
>> big-tables bitmap-fonts bzip2 chroot cli courier crypt curl dba |
| 92 |
>> discard-path dlloader elibc_glibc enscript exif expat extraengine fam |
| 93 |
>> fix-connected-rt force-cgi-redirect ftp gd gdbm gif gmp hardened idn |
| 94 |
>> imap innodb input_devices_keyboard input_devices_mouse java jce jpeg |
| 95 |
>> kernel_linux lcms maildir mhash mime mmap mmx mpm-worker mysql mysqli |
| 96 |
>> nagios-dns nagios-ntp nagios-ssh ncurses nptl nptlonly offensive pam |
| 97 |
>> pcre pdf perl php pic png postfix python readline reflection samba sasl |
| 98 |
>> sensord session sockets spell spl sse sse2 ssl symlink sysfs syslog |
| 99 |
>> tcltk tcpd test tetex threads tiff tokenizer toolbar truetype |
| 100 |
>> userland_GNU userlocales vhosts vim-with-x x86 xinerama xml xorg xpm zip |
| 101 |
>> zlib" |
| 102 |
>> Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, |
| 103 |
>> LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS |
| 104 |
>> |
| 105 |
>> |
| 106 |
>> After checking the init script for teamspeak, I ran it with the |
| 107 |
>> following command line: |
| 108 |
>> strace -oteamspeak-trace.txt /opt/teamspeak2-server/server_linux \ |
| 109 |
>> -db=/var/lib/teamspeak2-server/server.dbs \ |
| 110 |
>> -ini=/var/lib/teamspeak2-server/server.ini \ |
| 111 |
>> -log=/var/log/teamspeak2-server/server.log \ |
| 112 |
>> -pid=/var/run/teamspeak2-server/server.pid \ |
| 113 |
>> -sql=/opt/teamspeak2-server/sql/ \ |
| 114 |
>> -tcpquerydocs=/opt/teamspeak2-server/tcpquerydocs \ |
| 115 |
>> -httpdocs=/opt/teamspeak2-server/http/ |
| 116 |
>> |
| 117 |
>> The trace file is attached. It's rather short. My guess is that the |
| 118 |
>> mmap2 call on the second to last line, which returns 0, is to blame. |
| 119 |
>> However if anyone can shed some light on why this is happening and how |
| 120 |
>> to work around it, that would be great. |
| 121 |
>> |
| 122 |
>> Shawn |
| 123 |
>> plain text document attachment (teamspeak-trace.txt) |
| 124 |
>> execve("/opt/teamspeak2-server/server_linux", ["/opt/teamspeak2-server/server_li"..., "-db=/var/lib/teamspeak2-server/s"..., "-ini=/var/lib/teamspeak2-server/"..., "-log=/var/log/teamspeak2-server/"..., "-pid=/var/run/teamspeak2-server/"..., "-sql=/opt/teamspeak2-server/sql/"..., "-tcpquerydocs=/opt/teamspeak2-se"..., "-httpdocs=/opt/teamspeak2-server"...], [/* 44 vars */]) = 0 |
| 125 |
>> uname({sys="Linux", node="speedy", ...}) = 0 |
| 126 |
>> brk(0) = 0x823783c |
| 127 |
>> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) |
| 128 |
>> open("/etc/ld.so.cache", O_RDONLY) = 3 |
| 129 |
>> fstat64(3, {st_mode=S_IFREG|0644, st_size=63665, ...}) = 0 |
| 130 |
>> mmap2(NULL, 63665, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4e63b000 |
| 131 |
>> close(3) = 0 |
| 132 |
>> open("/lib/libpthread.so.0", O_RDONLY) = 3 |
| 133 |
>> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\334H\0"..., 512) = 512 |
| 134 |
>> fstat64(3, {st_mode=S_IFREG|0755, st_size=104800, ...}) = 0 |
| 135 |
>> mmap2(NULL, 69848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4e629000 |
| 136 |
>> madvise(0x4e629000, 69848, MADV_SEQUENTIAL|0x1) = 0 |
| 137 |
>> mmap2(0x4e637000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd) = 0x4e637000 |
| 138 |
>> mmap2(0x4e639000, 4312, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4e639000 |
| 139 |
>> close(3) = 0 |
| 140 |
>> open("/lib/libdl.so.2", O_RDONLY) = 3 |
| 141 |
>> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\v\0"..., 512) = 512 |
| 142 |
>> fstat64(3, {st_mode=S_IFREG|0755, st_size=10512, ...}) = 0 |
| 143 |
>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4e628000 |
| 144 |
>> mmap2(NULL, 12332, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4e624000 |
| 145 |
>> madvise(0x4e624000, 12332, MADV_SEQUENTIAL|0x1) = 0 |
| 146 |
>> mmap2(0x4e626000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x4e626000 |
| 147 |
>> close(3) = 0 |
| 148 |
>> open("/lib/libc.so.6", O_RDONLY) = 3 |
| 149 |
>> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\326O\1"..., 512) = 512 |
| 150 |
>> fstat64(3, {st_mode=S_IFREG|0755, st_size=1220520, ...}) = 0 |
| 151 |
>> mmap2(NULL, 1150108, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4e50b000 |
| 152 |
>> madvise(0x4e50b000, 1150108, MADV_SEQUENTIAL|0x1) = 0 |
| 153 |
>> mmap2(0x4e61e000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x113) = 0x4e61e000 |
| 154 |
>> mmap2(0x4e622000, 7324, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4e622000 |
| 155 |
>> close(3) = 0 |
| 156 |
>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4e50a000 |
| 157 |
>> mprotect(0x4e61e000, 4096, PROT_READ) = 0 |
| 158 |
>> mprotect(0x4e626000, 4096, PROT_READ) = 0 |
| 159 |
>> mprotect(0x4e637000, 4096, PROT_READ) = 0 |
| 160 |
>> mprotect(0x4e661000, 4096, PROT_READ) = 0 |
| 161 |
>> set_thread_area({entry_number:-1 -> 6, base_addr:0x4e50a6b0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 |
| 162 |
>> munmap(0x4e63b000, 63665) = 0 |
| 163 |
>> set_tid_address(0x4e50a6f8) = 21183 |
| 164 |
>> rt_sigaction(SIGRTMIN, {0x4e62d424, [], SA_RESTORER|SA_SIGINFO, 0x4e634490}, NULL, 8) = 0 |
| 165 |
>> rt_sigaction(SIGRT_1, {0x4e62d498, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x4e634490}, NULL, 8) = 0 |
| 166 |
>> rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 |
| 167 |
>> getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0 |
| 168 |
>> _sysctl({{CTL_KERN, KERN_VERSION}, 2, 0x5c311f6c, 35, (nil), 0}) = 0 |
| 169 |
>> open("/dev/urandom", O_RDONLY) = 3 |
| 170 |
>> read(3, "\4\344\344\205", 4) = 4 |
| 171 |
>> close(3) = 0 |
| 172 |
>> futex(0x4e627028, FUTEX_WAKE, 2147483647) = 0 |
| 173 |
>> brk(0) = 0x823783c |
| 174 |
>> brk(0x825883c) = 0x825883c |
| 175 |
>> brk(0x8259000) = 0x8259000 |
| 176 |
>> open("/opt/teamspeak2-server/server_linux", O_RDONLY) = 3 |
| 177 |
>> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\f\0\2\0\3\0\1\0\0\0\0206\5"..., 512) = 512 |
| 178 |
>> fstat64(3, {st_mode=S_IFREG|0755, st_size=945552, ...}) = 0 |
| 179 |
>> close(3) = 0 |
| 180 |
>> open("/opt/teamspeak2-server/server_linux", O_RDONLY) = 3 |
| 181 |
>> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\f\0\2\0\3\0\1\0\0\0\0206\5"..., 512) = 512 |
| 182 |
>> fstat64(3, {st_mode=S_IFREG|0755, st_size=945552, ...}) = 0 |
| 183 |
>> close(3) = 0 |
| 184 |
>> futex(0x822f45c, FUTEX_WAKE, 2147483647) = 0 |
| 185 |
>> dup(1) = 3 |
| 186 |
>> fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR) |
| 187 |
>> fstat64(3, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 2), ...}) = 0 |
| 188 |
>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4e64a000 |
| 189 |
>> _llseek(3, 0, 0x5c311e58, SEEK_CUR) = -1 ESPIPE (Illegal seek) |
| 190 |
>> mmap2(NULL, 65535, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, 0, 0) = 0 |
| 191 |
>> readlink("/proc/self/exe", "/opt/teamspeak2-server/server_linux", 4096) = 35 |
| 192 |
>> --- SIGSEGV (Segmentation fault) @ 0 (0) --- |
| 193 |
>> +++ killed by SIGSEGV +++ |
| 194 |
> |
| 195 |
|
| 196 |
-- |
| 197 |
gentoo-hardened@g.o mailing list |
Archives