1 |
Hi! |
2 |
|
3 |
On Fri, Apr 03, 2009 at 12:43:26AM +0200, pageexec@××××××××.hu wrote: |
4 |
> hmm, i don't get it. are you saying that with MPROTECT enabled in the |
5 |
> kernel, bash fails to start when run as init, but works otherwise? |
6 |
> |
7 |
> hmm, so nothing stands out, and only pid=1 is ever affected? i've never seen |
8 |
> such a failure mode ;). |
9 |
|
10 |
Yep. Me too. I can try other application, but if both bash and runit-init |
11 |
affected I think there little sense in trying other. |
12 |
|
13 |
So, yeah, the question is, how to debug PaX while kernel starting process N1? |
14 |
Or how to prove process N1 has nothing with this bug? |
15 |
|
16 |
To resume, what we've now: |
17 |
|
18 |
Fact 1: previous kernel (2.6.27-hardened-r8) doesn't hangs |
19 |
Fact 2: kernel hang after "Freeing unused kernel memory:" |
20 |
* so I suppose it failed to start process N1 |
21 |
Fact 3: kernel compiled without MPROTECT doesn't hangs |
22 |
* so I suppose it's something related to PaX ... |
23 |
* or some very unique hardware issue |
24 |
Fact 4: kernel loaded with init=/bin/bash hangs in same way |
25 |
* so it's unlikely issue with runit-init |
26 |
Fact 5: paxctl -m for init command (/sbin/runit-init or /bin/bash) fix issue |
27 |
* so there workaround exists which doesn't lower overall server security |
28 |
Fact 6: /bin/bash works just fine without paxctl -m after boot |
29 |
* so it has nothing with usual PaX work |
30 |
Fact 7: this issue happens on one of several similar (if no equal) servers |
31 |
* buggy hardware or some conflict (there IRQ differences between servers)? |
32 |
|
33 |
I think best way to find out what happens - add debug prints into PaX code |
34 |
which executes while starting process N1. |
35 |
|
36 |
-- |
37 |
WBR, Alex. |