Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: "Javier Juan Martínez Cabezón" <tazok.id0@×××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] Re: probably bug in rsbac_sources
Date: Sun, 28 Jul 2013 23:31:29
Message-Id: CAD98N_HG365qEoK3869Zhn4nrmd1io2WpKX8Zs1t_8jdX3mzSw@mail.gmail.com
In Reply to: Re: [gentoo-hardened] Re: probably bug in rsbac_sources by Jens Kasten
1 It's not PaX related, I've disable PaX and recompiled completly and stills
2 segfault when emerge does the .configure of xz package (it happened to me
3 too when enabling some flags in .configure of samhain, I have disable too
4 ACPI completly too and stills segfaulting.
5
6 I changed VirtualBox with KVM and segfaults in both.
7
8 I
9
10 2013/7/16 Jens Kasten <jens@××××××××××.de>
11
12 > Hi,
13 >
14 > first which rsbac version you are using.
15 > Appears this bug also when you try the rsbac-sources without pax?
16 >
17 > Jens
18 >
19 > Am 2013-07-15 03:07, schrieb Javier Juan Martínez Cabezón:
20 >
21 > I send related PaX .config if you need it:
22 >>
23 >> #
24 >> # PaX
25 >> #
26 >> CONFIG_ARCH_TRACK_EXEC_LIMIT=y
27 >> CONFIG_PAX_PER_CPU_PGD=y
28 >> CONFIG_PAX=y
29 >>
30 >> #
31 >> # PaX Control
32 >> #
33 >> CONFIG_PAX_SOFTMODE=y
34 >> # CONFIG_PAX_EI_PAX is not set
35 >> CONFIG_PAX_PT_PAX_FLAGS=y
36 >> # CONFIG_PAX_XATTR_PAX_FLAGS is not set
37 >> # CONFIG_PAX_NO_ACL_FLAGS is not set
38 >> CONFIG_PAX_HAVE_ACL_FLAGS=y
39 >> # CONFIG_PAX_HOOK_ACL_FLAGS is not set
40 >>
41 >> #
42 >> # Non-executable pages
43 >> #
44 >> CONFIG_PAX_NOEXEC=y
45 >> CONFIG_PAX_PAGEEXEC=y
46 >> # CONFIG_PAX_SEGMEXEC is not set
47 >> CONFIG_PAX_EMUTRAMP=y
48 >> CONFIG_PAX_MPROTECT=y
49 >> # CONFIG_PAX_ELFRELOCS is not set
50 >> CONFIG_PAX_KERNEXEC=y
51 >> CONFIG_PAX_KERNEXEC_PLUGIN_**METHOD=""
52 >>
53 >> #
54 >> # Address Space Layout Randomization
55 >> #
56 >> CONFIG_PAX_ASLR=y
57 >> CONFIG_PAX_RANDKSTACK=y
58 >> CONFIG_PAX_RANDUSTACK=y
59 >> CONFIG_PAX_RANDMMAP=y
60 >>
61 >> #
62 >> # Miscellaneous hardening features
63 >> #
64 >> # CONFIG_PAX_MEMORY_SANITIZE is not set
65 >> # CONFIG_PAX_MEMORY_STACKLEAK is not set
66 >> # CONFIG_PAX_MEMORY_UDEREF is not set
67 >> CONFIG_PAX_REFCOUNT=y
68 >> # CONFIG_PAX_USERCOPY is not set
69 >> # CONFIG_PAX_CONSTIFY_PLUGIN is not set
70 >> # CONFIG_PAX_SIZE_OVERFLOW is not set
71 >> # CONFIG_KEYS is not set
72 >> CONFIG_SECURITY_DMESG_**RESTRICT=y
73 >> # CONFIG_SECURITY is not set
74 >> # CONFIG_SECURITYFS is not set
75 >> CONFIG_DEFAULT_SECURITY_DAC=y
76 >> CONFIG_DEFAULT_SECURITY=""
77 >> CONFIG_XOR_BLOCKS=y
78 >> CONFIG_ASYNC_CORE=y
79 >> CONFIG_ASYNC_MEMCPY=y
80 >> CONFIG_ASYNC_XOR=y
81 >> CONFIG_ASYNC_PQ=y
82 >> CONFIG_ASYNC_RAID6_RECOV=y
83 >> CONFIG_CRYPTO=y
84 >>
85 >> #
86 >>
87 >> 2013/7/15 Javier Juan Martínez Cabezón <tazok.id0@×××××.com>
88 >>
89 >> Hi all
90 >>>
91 >>> I'm with this several months and I still without knowing if it was
92 >>> mistake from me while patching PaX with rsbac at hand or is a
93 >>> kernel bug, or it's from VirtualBox (the behaviour is horrible,
94 >>> sorry):
95 >>>
96 >>> After the bug hits system guest gets unusable, hard reset is
97 >>> required, every command executed gets segfaulted from there.
98 >>>
99 >>> I can reproduce it easily, using backup_all (a shell script that
100 >>> makes the sec policy backup (as in this case)) or with ./configure
101 >>> when compiling (as emerge does something), so emerge usually does
102 >>> seg fault. The EIP is always at the same, strnlen+0x6/0x18
103 >>>
104 >>> Jul 13 22:50:02 orion kernel: BUG: unable to handle kernel paging
105 >>> request at 00001033
106 >>> Jul 13 22:50:02 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18
107 >>> Jul 13 22:50:02 orion kernel: *pdpt = 000000000e965001 *pde =
108 >>> 0000000000000000
109 >>> Jul 13 22:50:02 orion kernel: Oops: 0000 [#1]
110 >>> Jul 13 22:50:02 orion kernel:
111 >>> Jul 13 22:50:02 orion kernel: Pid: 4147, comm: bash Not tainted
112 >>> 3.4.0-rsbac #9 innotek GmbH VirtualBox
113 >>> Jul 13 22:50:02 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS:
114 >>> 00010217 CPU: 0
115 >>> Jul 13 22:50:02 orion kernel: EIP is at strnlen+0x6/0x18
116 >>> Jul 13 22:50:02 orion kernel: EAX: 00001033 EBX: ce9c0069 ECX:
117 >>> 00001033 EDX: 0000000e
118 >>> Jul 13 22:50:02 orion kernel: ESI: 00001033 EDI: ce9c0069 EBP:
119 >>> ce9c07f5 ESP: c66d3b38
120 >>> Jul 13 22:50:02 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000
121 >>> SS: 0068
122 >>> Jul 13 22:50:02 orion kernel: CR0: 8005003b CR2: 00001033 CR3:
123 >>> 01415000 CR4: 000006f0
124 >>> Jul 13 22:50:02 orion kernel: DR0: 00000000 DR1: 00000000 DR2:
125 >>> 00000000 DR3: 00000000
126 >>> Jul 13 22:50:02 orion kernel: DR6: ffff0ff0 DR7: 00000400
127 >>> Jul 13 22:50:02 orion kernel: Process bash (pid: 4147, ti=e738ee3c
128 >>> task=e738ebd0 task.ti=e738ee3c)
129 >>> Jul 13 22:50:02 orion kernel: Stack:
130 >>> Jul 13 22:50:02 orion kernel: 001a884b c66d3bb4 c66d3bb0 c66d3bb4
131 >>> ce9c0069 ce9c0069 001a916e 000fff00
132 >>> Jul 13 22:50:02 orion kernel: 000fffff 0000000f ce9c07f5 ce9c000b
133 >>> c1514bcb 000007ea ff0a0004 000fffff
134 >>> Jul 13 22:50:02 orion kernel: ce9c0000 c66d3bdc c66d3bac c66d3bdc
135 >>> 0004dfc6 c66d3ba8 e702a4c0 c66d3bdc
136 >>> Jul 13 22:50:02 orion kernel: Call Trace:
137 >>> Jul 13 22:50:02 orion kernel: [<001a884b>] ?
138 >>> string.isra.1+0x25/0x8c
139 >>> Jul 13 22:50:02 orion kernel: [<001a916e>] ? vsnprintf+0x139/0x257
140 >>> Jul 13 22:50:02 orion kernel: [<000fff00>] ? bio_map_user+0x13/0x25
141 >>> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9
142 >>> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9
143 >>> Jul 13 22:50:02 orion kernel: [<0004dfc6>] ? rsbac_printk+0x52/0x18e
144 >>> Jul 13 22:50:02 orion kernel: [<0007d3ee>] ?
145 >>> rsbac_adf_set_attr_cap+0x680/**0x9a6
146 >>> Jul 13 22:50:02 orion kernel: [<00038a00>] ?
147 >>> smp_apic_timer_interrupt+0x62/**0x6a
148 >>> Jul 13 22:50:02 orion kernel: [<00407f91>] ?
149 >>> resume_userspace_sig+0x1b/0x2a
150 >>> Jul 13 22:50:02 orion kernel: [<0007148e>] ?
151 >>> rsbac_adf_set_attr+0x45f/**0x12b3
152 >>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
153 >>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
154 >>> Jul 13 22:50:02 orion kernel: [<000e85ec>] ?
155 >>> do_path_lookup+0x17/0x4a
156 >>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?
157 >>> user_path_at_empty+0x4b/0x69
158 >>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?
159 >>> user_path_at_empty+0x4b/0x69
160 >>> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389
161 >>> Jul 13 22:50:02 orion kernel: [<0002cc9e>] ?
162 >>> free_thread_xstate+0x17/0x23
163 >>> Jul 13 22:50:02 orion kernel: [<00110c60>] ?
164 >>> load_elf_binary+0xf05/0xfbf
165 >>> Jul 13 22:50:02 orion kernel: [<00110c60>] ?
166 >>> load_elf_binary+0xf05/0xfbf
167 >>> Jul 13 22:50:02 orion kernel: [<00030502>] ?
168 >>> x86_pmu_event_init+0x23c/0x2d1
169 >>> Jul 13 22:50:02 orion kernel: [<000e2f53>] ?
170 >>> do_execve_common+0x363/0x45e
171 >>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
172 >>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
173 >>> Jul 13 22:50:02 orion kernel: [<000e85ec>] ?
174 >>> do_path_lookup+0x17/0x4a
175 >>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?
176 >>> user_path_at_empty+0x4b/0x69
177 >>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?
178 >>> user_path_at_empty+0x4b/0x69
179 >>> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389
180 >>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
181 >>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ?
182 >>> do_adjtimex+0x2ab/0x550
183 >>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
184 >>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550
185 >>> Jul 13 22:50:02 orion kernel: [<000e85ec>] ?
186 >>> do_path_lookup+0x17/0x4a
187 >>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?
188 >>> user_path_at_empty+0x4b/0x69
189 >>> Jul 13 22:50:02 orion kernel: [<000e8963>] ?
190 >>> user_path_at_empty+0x4b/0x69
191 >>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000
192 >>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ?
193 >>> do_adjtimex+0x2ab/0x550
194 >>> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389
195 >>> Jul 13 22:50:02 orion kernel: [<000e626c>] ? getname_flags+0x1b/0xbf
196 >>> Jul 13 22:50:02 orion kernel: [<000e3057>] ? do_execve+0x9/0xb
197 >>> Jul 13 22:50:02 orion kernel: [<0002d0f1>] ? sys_execve+0x2c/0x50
198 >>> Jul 13 22:50:02 orion kernel: [<004087f2>] ? ptregs_execve+0x12/0x20
199 >>> Jul 13 22:50:02 orion kernel: [<00408009>] ? syscall_call+0x7/0xb
200 >>> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7
201 >>> Jul 13 22:50:02 orion kernel: [<000290d5>] ?
202 >>> math_state_restore+0x96/0x96
203 >>> Jul 13 22:50:02 orion kernel: [<00010206>] ?
204 >>> kvm_arch_vcpu_ioctl_run+0x79a/**0xbdc
205 >>> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ?
206 >>> vmalloc_sync_all+0x1/0x1
207 >>> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7
208 >>> Jul 13 22:50:02 orion kernel: [<0040007b>] ?
209 >>> pcnet32_remove_one+0x22/0xe3
210 >>> Jul 13 22:50:02 orion kernel: [<0001007b>] ?
211 >>> kvm_arch_vcpu_ioctl_run+0x60f/**0xbdc
212 >>> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ?
213 >>> vmalloc_sync_all+0x1/0x1
214 >>> Jul 13 22:50:02 orion kernel: [<00010287>] ?
215 >>> kvm_arch_vcpu_ioctl_run+0x81b/**0xbdc
216 >>> Jul 13 22:50:02 orion kernel: Code: d0 f2 ae 74 05 bf 01 00 00 00 4f
217 >>> eb 02 31 ff 89 f8 5f c3 85 c9 57 89 c7 74 07 89 d0 f2 ae 75 01 4f 89
218 >>> f8 5f c3 89 c1 89 c8 eb 06 <80> 38 00 74 07 40 4a 83 fa ff 75 f4 29
219 >>> c8 c3 90 90 90 57 83 c9
220 >>> Jul 13 22:50:02 orion kernel: EIP: [<001aa8e2>] strnlen+0x6/0x18
221 >>> SS:ESP 0068:c66d3b38
222 >>> Jul 13 22:50:02 orion kernel: CR2: 0000000000001033
223 >>> Jul 13 22:50:02 orion kernel: ---[ end trace 4a7d8fa933a5d5dd ]---
224 >>>
225 >>> Jul 13 22:59:01 orion kernel: BUG: unable to handle kernel paging
226 >>> request at 000010a1
227 >>> Jul 13 22:59:01 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18
228 >>> Jul 13 22:59:01 orion kernel: *pdpt = 000000000df00001 *pde =
229 >>> 0000000000000000
230 >>> Jul 13 22:59:01 orion kernel: Oops: 0000 [#2]
231 >>> Jul 13 22:59:01 orion kernel:
232 >>> Jul 13 22:59:01 orion kernel: Pid: 4257, comm: bash Tainted:
233 >>> G D 3.4.0-rsbac #9 innotek GmbH VirtualBox
234 >>> Jul 13 22:59:01 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS:
235 >>> 00010217 CPU: 0
236 >>> Jul 13 22:59:01 orion kernel: EIP is at strnlen+0x6/0x18
237 >>> Jul 13 22:59:01 orion kernel: EAX: 000010a1 EBX: ce9c0869 ECX:
238 >>> 000010a1 EDX: 0000000e
239 >>> Jul 13 22:59:01 orion kernel: ESI: 000010a1 EDI: ce9c0869 EBP:
240 >>> ce9c0ff5 ESP: c66cfb48
241 >>> Jul 13 22:59:01 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000
242 >>> SS: 0068
243 >>> Jul 13 22:59:01 orion kernel: CR0: 8005003b CR2: 000010a1 CR3:
244 >>> 01415000 CR4: 000006f0
245 >>> Jul 13 22:59:01 orion kernel: DR0: 00000000 DR1: 00000000 DR2:
246 >>> 00000000 DR3: 00000000
247 >>> Jul 13 22:59:01 orion kernel: DR6: ffff0ff0 DR7: 00000400
248 >>> Jul 13 22:59:01 orion kernel: Process bash (pid: 4257, ti=e738ee3c
249 >>> task=e738ebd0 task.ti=e738ee3c)
250 >>>
251 >>
252 >
Report Message
Find on MARC Find on Google Groups