1 |
> I've two servers running with hardened-sources and GRSecurity + PAX |
2 |
> enabled and anything went fine. Two other servers running |
3 |
> hardened-sources with SELinux and GRSecurity + PAX I always get PAX |
4 |
> errors when I want to install something through emerge. |
5 |
|
6 |
humm, how do selinux/grsec coexist at all? |
7 |
|
8 |
> PAX: bytes at PC: <invalid address>. |
9 |
> PAX: bytes at SP: 26c5598c 26c6ccd1 26c6c849 5af6b3b4 26c5597d 6f72702f |
10 |
> 6f6d2f63 73746e75 00000000 00000000 00000000 00000000 00000000 00000000 |
11 |
> 00000000 00000000 00000000 00000000 00000000 00000000 |
12 |
> PAX: execution attempt in: <NULL>, 00000000-00000000 00000000 |
13 |
|
14 |
that's a null function ptr dereference from the look of it, |
15 |
on the stack i can see /proc/mounts so probably that was the |
16 |
last thing chown wanted to access. you'll have to enable |
17 |
coredumping (ulimit -c unlimited), disable randomization |
18 |
on chown (chpax/paxctl -r) and analyze a coredump in gdb |
19 |
(at least we'll need a stack backtrace, 'bt'). |
20 |
|
21 |
> /usr/lib/portage/bin/ebuild.sh: line 1882: 24732 Killed |
22 |
> chown portage:portage "${T}/environment" >&/dev/null |
23 |
|
24 |
what are the PaX logs for these? same chown/NULL ptr stuff? |
25 |
|
26 |
-- |
27 |
gentoo-hardened@g.o mailing list |