Gentoo Archives: gentoo-hardened

From: "Tóth Attila" <atoth@××××××××××.hu>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] systemd-229 segfault triggers bruteforce prevention
Date: Wed, 01 Jun 2016 22:49:20
Message-Id: 6394c2eaa0e382fa0fe3b21884762fa8.squirrel@atoth.sote.hu
In Reply to: [gentoo-hardened] systemd-229 segfault triggers bruteforce prevention by "Tóth Attila"
1 I've just had an unsuccessful attempt to upgrade to systemd-230-r1. It
2 segfaults and slows the system down. The symptoms are better compared to
3 -229, but still significant.
4
5 https://forums.grsecurity.net/viewtopic.php?f=3&t=4485
6
7 Some relevant log entries:
8 grsec: denied resource overstep by requesting 8392704 for RLIMIT_STACK
9 against limit 8388608 for /usr/lib64/systemd/systemd[systemd:2735]
10 uid/euid:0/0 gid/egid:0/0, parent /usr/lib64/systemd/systemd[systemd:1]
11 uid/euid:0/0 gid/egid:0/0
12 systemd[2735]: segfault at 39f8d01cf00 ip 00000368d4caa2e4 sp
13 0000039f8d01cf00 error 6 in libc-2.23.so[368d4c62000+19a000]
14 grsec: Segmentation fault occurred at 0000039f8d01cf00 in
15 /usr/lib64/systemd/systemd[systemd:2735] uid/euid:0/0 gid/egid:0/0, parent
16 /usr/lib64/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
17 grsec: bruteforce prevention initiated for the next 30 minutes or until
18 service restarted, stalling each fork 30 seconds. Please investigate the
19 crash report for /usr/lib64/systemd/systemd[systemd:2735] uid/euid:0/0
20 gid/egid:0/0, parent /usr/lib64/systemd/systemd[systemd:1] uid/euid:0/0
21 gid/egid:0/0
22
23 systemd-coredump[2747]: Process 2735 (systemd) of user 0 dumped core.
24
25 Stack trace of thread
26 2735:
27 #0 0x00000368d4caa2e4
28 _IO_vfprintf
29 (libc.so.6)
30 #1 0x00000368d4d5e852
31 __vsnprintf_chk
32 (libc.so.6)
33 #2 0x00000368d4d5e7a4
34 __snprintf_chk
35 (libc.so.6)
36 #3 0x00000000df8db344
37 n/a (systemd)
38 #4 0x00000000df8db9aa
39 n/a (systemd)
40 #5 0x00000000df8da72f
41 n/a (systemd)
42 #6 0x00000000df8db314
43 n/a (systemd)
44 #7 0x00000000df8db9aa
45 n/a (systemd)
46 #8 0x00000000df8da72f
47 n/a (systemd)
48 #9 0x00000000df8db314
49 n/a (systemd)
50 #10 0x00000000df8db9aa
51 n/a (systemd)
52 #11 0x00000000df8da72f
53 n/a (systemd)
54 #12 0x00000000df8db314
55 n/a (systemd)
56 #13 0x00000000df8db9aa
57 n/a (systemd)
58 #14 0x00000000df8da72f
59 n/a (systemd)
60 #15 0x00000000df8db314
61 n/a (systemd)
62 #16 0x00000000df8db9aa
63 n/a (systemd)
64 #17 0x00000000df8da72f
65 n/a (systemd)
66 #18 0x00000000df8db314
67 n/a (systemd)
68 #19 0x00000000df8db9aa
69 n/a (systemd)
70 #20 0x00000000df8da72f
71 n/a (systemd)
72 #21 0x00000000df8db314
73 n/a (systemd)
74 #22 0x00000000df8db9aa
75 n/a (systemd)
76 #23 0x00000000df8da72f
77 n/a (systemd)
78 #24 0x00000000df8db314
79 n/a (systemd)
80 #25 0x00000000df8db9aa
81 n/a (systemd)
82 #26 0x00000000df8da72f
83 n/a (systemd)
84 #27 0x00000000df8db314
85 n/a (systemd)
86 #28 0x00000000df8db9aa
87 n/a (systemd)
88 #29 0x00000000df8da72f
89 n/a (systemd)
90 #30 0x00000000df8db314
91 n/a (systemd)
92 #31 0x00000000df8db9aa
93 n/a (systemd)
94 #32 0x00000000df8da72f
95 n/a (systemd)
96 #33 0x00000000df8db314
97 n/a (systemd)
98 #34 0x00000000df8db9aa
99 n/a (systemd)
100 #35 0x00000000df8da72f
101 n/a (systemd)
102 #36 0x00000000df8db314
103 n/a (systemd)
104 #37 0x00000000df8db9aa
105 n/a (systemd)
106 #38 0x00000000df8da72f
107 n/a (systemd)
108 #39 0x00000000df8db314
109 n/a (systemd)
110 #40 0x00000000df8db9aa
111 n/a (systemd)
112 #41 0x00000000df8da72f
113 n/a (systemd)
114 #42 0x00000000df8db314
115 n/a (systemd)
116 #43 0x00000000df8db9aa
117 n/a (systemd)
118 #44 0x00000000df8da72f
119 n/a (systemd)
120 #45 0x00000000df8db314
121 n/a (systemd)
122 #46 0x00000000df8db9aa
123 n/a (systemd)
124 #47 0x00000000df8da72f
125 n/a (systemd)
126 #48 0x00000000df8db314
127 n/a (systemd)
128 #49 0x00000000df8db9aa
129 n/a (systemd)
130 #50 0x00000000df8da72f
131 n/a (systemd)
132 #51 0x00000000df8db314
133 n/a (systemd)
134 #52 0x00000000df8db9aa
135 n/a (systemd)
136 #53 0x00000000df8da72f
137 n/a (systemd)
138 #54 0x00000000df8db314
139 n/a (systemd)
140 #55 0x00000000df8db9aa
141 n/a (systemd)
142 #56 0x00000000df8da72f
143 n/a (systemd)
144 #57 0x00000000df8db314
145 n/a (systemd)
146 #58 0x00000000df8db9aa
147 n/a (systemd)
148 #59 0x00000000df8da72f
149 n/a (systemd)
150 #60 0x00000000df8db314
151 n/a (systemd)
152 #61 0x00000000df8db9aa
153 n/a (systemd)
154 #62 0x00000000df8da72f
155 n/a (systemd)
156 #63 0x00000000df8db314
157 n/a (systemd)
158 systemd-logind[897]: Failed to abandon session scope: Connection timed out
159
160
161 Any of you have problems with the latest versions of systemd as well? Any
162 ideas?
163
164 Thanks:
165 Dw.
166 --
167 dr Tóth Attila, Radiológus, 06-20-825-8057
168 Attila Toth MD, Radiologist, +36-20-825-8057
169
170 2016.Március 10.(Cs) 01:53 időpontban "Tóth Attila" ezt írta:
171 > After upgrading to systemd-229 it segfaults early during boot triggering
172 > bruteforce prevention, which renders the system annoyingly slow.
173 >
174 > grsec: Segmentation fault occurred at 000003e45975efd0 in
175 > /usr/lib64/systemd/systemd[systemd:1135]
176 > grsec: bruteforce prevention initiated for the next 30 minutes or until
177 > service restarted, stalling each fork 30 seconds. Please investigate the
178 > crash report for /usr/lib64/systemd/systemd[systemd:1135]
179 >
180 > Avoid it or be aware that might happen: Dw.
181 > --
182 > dr Tóth Attila, Radiológus, 06-20-825-8057
183 > Attila Toth MD, Radiologist, +36-20-825-8057
184 >
185 >
186 >
187 >

Replies

Subject Author
Re: [gentoo-hardened] systemd-229 segfault triggers bruteforce prevention "René Rhéaume" <rene.rheaume@×××××.com>
Re: [gentoo-hardened] systemd-229 segfault triggers bruteforce prevention "Max R.D. Parmer" <maxp@××××××××.is>