| 1 |
Hi, |
| 2 |
|
| 3 |
first which rsbac version you are using. |
| 4 |
Appears this bug also when you try the rsbac-sources without pax? |
| 5 |
|
| 6 |
Jens |
| 7 |
|
| 8 |
Am 2013-07-15 03:07, schrieb Javier Juan Martínez Cabezón: |
| 9 |
> I send related PaX .config if you need it: |
| 10 |
> |
| 11 |
> # |
| 12 |
> # PaX |
| 13 |
> # |
| 14 |
> CONFIG_ARCH_TRACK_EXEC_LIMIT=y |
| 15 |
> CONFIG_PAX_PER_CPU_PGD=y |
| 16 |
> CONFIG_PAX=y |
| 17 |
> |
| 18 |
> # |
| 19 |
> # PaX Control |
| 20 |
> # |
| 21 |
> CONFIG_PAX_SOFTMODE=y |
| 22 |
> # CONFIG_PAX_EI_PAX is not set |
| 23 |
> CONFIG_PAX_PT_PAX_FLAGS=y |
| 24 |
> # CONFIG_PAX_XATTR_PAX_FLAGS is not set |
| 25 |
> # CONFIG_PAX_NO_ACL_FLAGS is not set |
| 26 |
> CONFIG_PAX_HAVE_ACL_FLAGS=y |
| 27 |
> # CONFIG_PAX_HOOK_ACL_FLAGS is not set |
| 28 |
> |
| 29 |
> # |
| 30 |
> # Non-executable pages |
| 31 |
> # |
| 32 |
> CONFIG_PAX_NOEXEC=y |
| 33 |
> CONFIG_PAX_PAGEEXEC=y |
| 34 |
> # CONFIG_PAX_SEGMEXEC is not set |
| 35 |
> CONFIG_PAX_EMUTRAMP=y |
| 36 |
> CONFIG_PAX_MPROTECT=y |
| 37 |
> # CONFIG_PAX_ELFRELOCS is not set |
| 38 |
> CONFIG_PAX_KERNEXEC=y |
| 39 |
> CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="" |
| 40 |
> |
| 41 |
> # |
| 42 |
> # Address Space Layout Randomization |
| 43 |
> # |
| 44 |
> CONFIG_PAX_ASLR=y |
| 45 |
> CONFIG_PAX_RANDKSTACK=y |
| 46 |
> CONFIG_PAX_RANDUSTACK=y |
| 47 |
> CONFIG_PAX_RANDMMAP=y |
| 48 |
> |
| 49 |
> # |
| 50 |
> # Miscellaneous hardening features |
| 51 |
> # |
| 52 |
> # CONFIG_PAX_MEMORY_SANITIZE is not set |
| 53 |
> # CONFIG_PAX_MEMORY_STACKLEAK is not set |
| 54 |
> # CONFIG_PAX_MEMORY_UDEREF is not set |
| 55 |
> CONFIG_PAX_REFCOUNT=y |
| 56 |
> # CONFIG_PAX_USERCOPY is not set |
| 57 |
> # CONFIG_PAX_CONSTIFY_PLUGIN is not set |
| 58 |
> # CONFIG_PAX_SIZE_OVERFLOW is not set |
| 59 |
> # CONFIG_KEYS is not set |
| 60 |
> CONFIG_SECURITY_DMESG_RESTRICT=y |
| 61 |
> # CONFIG_SECURITY is not set |
| 62 |
> # CONFIG_SECURITYFS is not set |
| 63 |
> CONFIG_DEFAULT_SECURITY_DAC=y |
| 64 |
> CONFIG_DEFAULT_SECURITY="" |
| 65 |
> CONFIG_XOR_BLOCKS=y |
| 66 |
> CONFIG_ASYNC_CORE=y |
| 67 |
> CONFIG_ASYNC_MEMCPY=y |
| 68 |
> CONFIG_ASYNC_XOR=y |
| 69 |
> CONFIG_ASYNC_PQ=y |
| 70 |
> CONFIG_ASYNC_RAID6_RECOV=y |
| 71 |
> CONFIG_CRYPTO=y |
| 72 |
> |
| 73 |
> # |
| 74 |
> |
| 75 |
> 2013/7/15 Javier Juan Martínez Cabezón <tazok.id0@×××××.com> |
| 76 |
> |
| 77 |
>> Hi all |
| 78 |
>> |
| 79 |
>> I'm with this several months and I still without knowing if it was |
| 80 |
>> mistake from me while patching PaX with rsbac at hand or is a |
| 81 |
>> kernel bug, or it's from VirtualBox (the behaviour is horrible, |
| 82 |
>> sorry): |
| 83 |
>> |
| 84 |
>> After the bug hits system guest gets unusable, hard reset is |
| 85 |
>> required, every command executed gets segfaulted from there. |
| 86 |
>> |
| 87 |
>> I can reproduce it easily, using backup_all (a shell script that |
| 88 |
>> makes the sec policy backup (as in this case)) or with ./configure |
| 89 |
>> when compiling (as emerge does something), so emerge usually does |
| 90 |
>> seg fault. The EIP is always at the same, strnlen+0x6/0x18 |
| 91 |
>> |
| 92 |
>> Jul 13 22:50:02 orion kernel: BUG: unable to handle kernel paging |
| 93 |
>> request at 00001033 |
| 94 |
>> Jul 13 22:50:02 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18 |
| 95 |
>> Jul 13 22:50:02 orion kernel: *pdpt = 000000000e965001 *pde = |
| 96 |
>> 0000000000000000 |
| 97 |
>> Jul 13 22:50:02 orion kernel: Oops: 0000 [#1] |
| 98 |
>> Jul 13 22:50:02 orion kernel: |
| 99 |
>> Jul 13 22:50:02 orion kernel: Pid: 4147, comm: bash Not tainted |
| 100 |
>> 3.4.0-rsbac #9 innotek GmbH VirtualBox |
| 101 |
>> Jul 13 22:50:02 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS: |
| 102 |
>> 00010217 CPU: 0 |
| 103 |
>> Jul 13 22:50:02 orion kernel: EIP is at strnlen+0x6/0x18 |
| 104 |
>> Jul 13 22:50:02 orion kernel: EAX: 00001033 EBX: ce9c0069 ECX: |
| 105 |
>> 00001033 EDX: 0000000e |
| 106 |
>> Jul 13 22:50:02 orion kernel: ESI: 00001033 EDI: ce9c0069 EBP: |
| 107 |
>> ce9c07f5 ESP: c66d3b38 |
| 108 |
>> Jul 13 22:50:02 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000 |
| 109 |
>> SS: 0068 |
| 110 |
>> Jul 13 22:50:02 orion kernel: CR0: 8005003b CR2: 00001033 CR3: |
| 111 |
>> 01415000 CR4: 000006f0 |
| 112 |
>> Jul 13 22:50:02 orion kernel: DR0: 00000000 DR1: 00000000 DR2: |
| 113 |
>> 00000000 DR3: 00000000 |
| 114 |
>> Jul 13 22:50:02 orion kernel: DR6: ffff0ff0 DR7: 00000400 |
| 115 |
>> Jul 13 22:50:02 orion kernel: Process bash (pid: 4147, ti=e738ee3c |
| 116 |
>> task=e738ebd0 task.ti=e738ee3c) |
| 117 |
>> Jul 13 22:50:02 orion kernel: Stack: |
| 118 |
>> Jul 13 22:50:02 orion kernel: 001a884b c66d3bb4 c66d3bb0 c66d3bb4 |
| 119 |
>> ce9c0069 ce9c0069 001a916e 000fff00 |
| 120 |
>> Jul 13 22:50:02 orion kernel: 000fffff 0000000f ce9c07f5 ce9c000b |
| 121 |
>> c1514bcb 000007ea ff0a0004 000fffff |
| 122 |
>> Jul 13 22:50:02 orion kernel: ce9c0000 c66d3bdc c66d3bac c66d3bdc |
| 123 |
>> 0004dfc6 c66d3ba8 e702a4c0 c66d3bdc |
| 124 |
>> Jul 13 22:50:02 orion kernel: Call Trace: |
| 125 |
>> Jul 13 22:50:02 orion kernel: [<001a884b>] ? |
| 126 |
>> string.isra.1+0x25/0x8c |
| 127 |
>> Jul 13 22:50:02 orion kernel: [<001a916e>] ? vsnprintf+0x139/0x257 |
| 128 |
>> Jul 13 22:50:02 orion kernel: [<000fff00>] ? bio_map_user+0x13/0x25 |
| 129 |
>> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9 |
| 130 |
>> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9 |
| 131 |
>> Jul 13 22:50:02 orion kernel: [<0004dfc6>] ? rsbac_printk+0x52/0x18e |
| 132 |
>> Jul 13 22:50:02 orion kernel: [<0007d3ee>] ? |
| 133 |
>> rsbac_adf_set_attr_cap+0x680/0x9a6 |
| 134 |
>> Jul 13 22:50:02 orion kernel: [<00038a00>] ? |
| 135 |
>> smp_apic_timer_interrupt+0x62/0x6a |
| 136 |
>> Jul 13 22:50:02 orion kernel: [<00407f91>] ? |
| 137 |
>> resume_userspace_sig+0x1b/0x2a |
| 138 |
>> Jul 13 22:50:02 orion kernel: [<0007148e>] ? |
| 139 |
>> rsbac_adf_set_attr+0x45f/0x12b3 |
| 140 |
>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
| 141 |
>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
| 142 |
>> Jul 13 22:50:02 orion kernel: [<000e85ec>] ? |
| 143 |
>> do_path_lookup+0x17/0x4a |
| 144 |
>> Jul 13 22:50:02 orion kernel: [<000e8963>] ? |
| 145 |
>> user_path_at_empty+0x4b/0x69 |
| 146 |
>> Jul 13 22:50:02 orion kernel: [<000e8963>] ? |
| 147 |
>> user_path_at_empty+0x4b/0x69 |
| 148 |
>> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389 |
| 149 |
>> Jul 13 22:50:02 orion kernel: [<0002cc9e>] ? |
| 150 |
>> free_thread_xstate+0x17/0x23 |
| 151 |
>> Jul 13 22:50:02 orion kernel: [<00110c60>] ? |
| 152 |
>> load_elf_binary+0xf05/0xfbf |
| 153 |
>> Jul 13 22:50:02 orion kernel: [<00110c60>] ? |
| 154 |
>> load_elf_binary+0xf05/0xfbf |
| 155 |
>> Jul 13 22:50:02 orion kernel: [<00030502>] ? |
| 156 |
>> x86_pmu_event_init+0x23c/0x2d1 |
| 157 |
>> Jul 13 22:50:02 orion kernel: [<000e2f53>] ? |
| 158 |
>> do_execve_common+0x363/0x45e |
| 159 |
>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
| 160 |
>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
| 161 |
>> Jul 13 22:50:02 orion kernel: [<000e85ec>] ? |
| 162 |
>> do_path_lookup+0x17/0x4a |
| 163 |
>> Jul 13 22:50:02 orion kernel: [<000e8963>] ? |
| 164 |
>> user_path_at_empty+0x4b/0x69 |
| 165 |
>> Jul 13 22:50:02 orion kernel: [<000e8963>] ? |
| 166 |
>> user_path_at_empty+0x4b/0x69 |
| 167 |
>> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389 |
| 168 |
>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
| 169 |
>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? |
| 170 |
>> do_adjtimex+0x2ab/0x550 |
| 171 |
>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
| 172 |
>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
| 173 |
>> Jul 13 22:50:02 orion kernel: [<000e85ec>] ? |
| 174 |
>> do_path_lookup+0x17/0x4a |
| 175 |
>> Jul 13 22:50:02 orion kernel: [<000e8963>] ? |
| 176 |
>> user_path_at_empty+0x4b/0x69 |
| 177 |
>> Jul 13 22:50:02 orion kernel: [<000e8963>] ? |
| 178 |
>> user_path_at_empty+0x4b/0x69 |
| 179 |
>> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
| 180 |
>> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? |
| 181 |
>> do_adjtimex+0x2ab/0x550 |
| 182 |
>> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389 |
| 183 |
>> Jul 13 22:50:02 orion kernel: [<000e626c>] ? getname_flags+0x1b/0xbf |
| 184 |
>> Jul 13 22:50:02 orion kernel: [<000e3057>] ? do_execve+0x9/0xb |
| 185 |
>> Jul 13 22:50:02 orion kernel: [<0002d0f1>] ? sys_execve+0x2c/0x50 |
| 186 |
>> Jul 13 22:50:02 orion kernel: [<004087f2>] ? ptregs_execve+0x12/0x20 |
| 187 |
>> Jul 13 22:50:02 orion kernel: [<00408009>] ? syscall_call+0x7/0xb |
| 188 |
>> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7 |
| 189 |
>> Jul 13 22:50:02 orion kernel: [<000290d5>] ? |
| 190 |
>> math_state_restore+0x96/0x96 |
| 191 |
>> Jul 13 22:50:02 orion kernel: [<00010206>] ? |
| 192 |
>> kvm_arch_vcpu_ioctl_run+0x79a/0xbdc |
| 193 |
>> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ? |
| 194 |
>> vmalloc_sync_all+0x1/0x1 |
| 195 |
>> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7 |
| 196 |
>> Jul 13 22:50:02 orion kernel: [<0040007b>] ? |
| 197 |
>> pcnet32_remove_one+0x22/0xe3 |
| 198 |
>> Jul 13 22:50:02 orion kernel: [<0001007b>] ? |
| 199 |
>> kvm_arch_vcpu_ioctl_run+0x60f/0xbdc |
| 200 |
>> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ? |
| 201 |
>> vmalloc_sync_all+0x1/0x1 |
| 202 |
>> Jul 13 22:50:02 orion kernel: [<00010287>] ? |
| 203 |
>> kvm_arch_vcpu_ioctl_run+0x81b/0xbdc |
| 204 |
>> Jul 13 22:50:02 orion kernel: Code: d0 f2 ae 74 05 bf 01 00 00 00 4f |
| 205 |
>> eb 02 31 ff 89 f8 5f c3 85 c9 57 89 c7 74 07 89 d0 f2 ae 75 01 4f 89 |
| 206 |
>> f8 5f c3 89 c1 89 c8 eb 06 <80> 38 00 74 07 40 4a 83 fa ff 75 f4 29 |
| 207 |
>> c8 c3 90 90 90 57 83 c9 |
| 208 |
>> Jul 13 22:50:02 orion kernel: EIP: [<001aa8e2>] strnlen+0x6/0x18 |
| 209 |
>> SS:ESP 0068:c66d3b38 |
| 210 |
>> Jul 13 22:50:02 orion kernel: CR2: 0000000000001033 |
| 211 |
>> Jul 13 22:50:02 orion kernel: ---[ end trace 4a7d8fa933a5d5dd ]--- |
| 212 |
>> |
| 213 |
>> Jul 13 22:59:01 orion kernel: BUG: unable to handle kernel paging |
| 214 |
>> request at 000010a1 |
| 215 |
>> Jul 13 22:59:01 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18 |
| 216 |
>> Jul 13 22:59:01 orion kernel: *pdpt = 000000000df00001 *pde = |
| 217 |
>> 0000000000000000 |
| 218 |
>> Jul 13 22:59:01 orion kernel: Oops: 0000 [#2] |
| 219 |
>> Jul 13 22:59:01 orion kernel: |
| 220 |
>> Jul 13 22:59:01 orion kernel: Pid: 4257, comm: bash Tainted: |
| 221 |
>> G D 3.4.0-rsbac #9 innotek GmbH VirtualBox |
| 222 |
>> Jul 13 22:59:01 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS: |
| 223 |
>> 00010217 CPU: 0 |
| 224 |
>> Jul 13 22:59:01 orion kernel: EIP is at strnlen+0x6/0x18 |
| 225 |
>> Jul 13 22:59:01 orion kernel: EAX: 000010a1 EBX: ce9c0869 ECX: |
| 226 |
>> 000010a1 EDX: 0000000e |
| 227 |
>> Jul 13 22:59:01 orion kernel: ESI: 000010a1 EDI: ce9c0869 EBP: |
| 228 |
>> ce9c0ff5 ESP: c66cfb48 |
| 229 |
>> Jul 13 22:59:01 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000 |
| 230 |
>> SS: 0068 |
| 231 |
>> Jul 13 22:59:01 orion kernel: CR0: 8005003b CR2: 000010a1 CR3: |
| 232 |
>> 01415000 CR4: 000006f0 |
| 233 |
>> Jul 13 22:59:01 orion kernel: DR0: 00000000 DR1: 00000000 DR2: |
| 234 |
>> 00000000 DR3: 00000000 |
| 235 |
>> Jul 13 22:59:01 orion kernel: DR6: ffff0ff0 DR7: 00000400 |
| 236 |
>> Jul 13 22:59:01 orion kernel: Process bash (pid: 4257, ti=e738ee3c |
| 237 |
>> task=e738ebd0 task.ti=e738ee3c) |
Archives