| 1 |
> I've two servers running with hardened-sources and GRSecurity + PAX |
| 2 |
> enabled and anything went fine. Two other servers running |
| 3 |
> hardened-sources with SELinux and GRSecurity + PAX I always get PAX |
| 4 |
> errors when I want to install something through emerge. |
| 5 |
|
| 6 |
humm, how do selinux/grsec coexist at all? |
| 7 |
|
| 8 |
> PAX: bytes at PC: <invalid address>. |
| 9 |
> PAX: bytes at SP: 26c5598c 26c6ccd1 26c6c849 5af6b3b4 26c5597d 6f72702f |
| 10 |
> 6f6d2f63 73746e75 00000000 00000000 00000000 00000000 00000000 00000000 |
| 11 |
> 00000000 00000000 00000000 00000000 00000000 00000000 |
| 12 |
> PAX: execution attempt in: <NULL>, 00000000-00000000 00000000 |
| 13 |
|
| 14 |
that's a null function ptr dereference from the look of it, |
| 15 |
on the stack i can see /proc/mounts so probably that was the |
| 16 |
last thing chown wanted to access. you'll have to enable |
| 17 |
coredumping (ulimit -c unlimited), disable randomization |
| 18 |
on chown (chpax/paxctl -r) and analyze a coredump in gdb |
| 19 |
(at least we'll need a stack backtrace, 'bt'). |
| 20 |
|
| 21 |
> /usr/lib/portage/bin/ebuild.sh: line 1882: 24732 Killed |
| 22 |
> chown portage:portage "${T}/environment" >&/dev/null |
| 23 |
|
| 24 |
what are the PaX logs for these? same chown/NULL ptr stuff? |
| 25 |
|
| 26 |
-- |
| 27 |
gentoo-hardened@g.o mailing list |
Archives