| 1 |
Hi! |
| 2 |
|
| 3 |
On Fri, Apr 03, 2009 at 12:43:26AM +0200, pageexec@××××××××.hu wrote: |
| 4 |
> hmm, i don't get it. are you saying that with MPROTECT enabled in the |
| 5 |
> kernel, bash fails to start when run as init, but works otherwise? |
| 6 |
> |
| 7 |
> hmm, so nothing stands out, and only pid=1 is ever affected? i've never seen |
| 8 |
> such a failure mode ;). |
| 9 |
|
| 10 |
Yep. Me too. I can try other application, but if both bash and runit-init |
| 11 |
affected I think there little sense in trying other. |
| 12 |
|
| 13 |
So, yeah, the question is, how to debug PaX while kernel starting process N1? |
| 14 |
Or how to prove process N1 has nothing with this bug? |
| 15 |
|
| 16 |
To resume, what we've now: |
| 17 |
|
| 18 |
Fact 1: previous kernel (2.6.27-hardened-r8) doesn't hangs |
| 19 |
Fact 2: kernel hang after "Freeing unused kernel memory:" |
| 20 |
* so I suppose it failed to start process N1 |
| 21 |
Fact 3: kernel compiled without MPROTECT doesn't hangs |
| 22 |
* so I suppose it's something related to PaX ... |
| 23 |
* or some very unique hardware issue |
| 24 |
Fact 4: kernel loaded with init=/bin/bash hangs in same way |
| 25 |
* so it's unlikely issue with runit-init |
| 26 |
Fact 5: paxctl -m for init command (/sbin/runit-init or /bin/bash) fix issue |
| 27 |
* so there workaround exists which doesn't lower overall server security |
| 28 |
Fact 6: /bin/bash works just fine without paxctl -m after boot |
| 29 |
* so it has nothing with usual PaX work |
| 30 |
Fact 7: this issue happens on one of several similar (if no equal) servers |
| 31 |
* buggy hardware or some conflict (there IRQ differences between servers)? |
| 32 |
|
| 33 |
I think best way to find out what happens - add debug prints into PaX code |
| 34 |
which executes while starting process N1. |
| 35 |
|
| 36 |
-- |
| 37 |
WBR, Alex. |
Archives