| 1 |
On 6 Mar 2009 at 17:13, Alex Efros wrote: |
| 2 |
|
| 3 |
> Two questions: |
| 4 |
> 1) Is "2.6.28.7 and PaX alone" mean hardened-sources-2.6.28 with |
| 5 |
> everything except PaX switched off, or vanilla-sources-2.6.28.7 manually |
| 6 |
> patched with latests PaX? |
| 7 |
|
| 8 |
it's always the latter ;), i need to make sure it's a PaX problem. |
| 9 |
|
| 10 |
> 2) I'm perl programmer, not C. So I need more detailed instructions (list |
| 11 |
> of commands to run) how to "get coredumps and analyze them for the usual |
| 12 |
> things". Probably this info already available somewhere, so url to this |
| 13 |
> doc will be enough. |
| 14 |
|
| 15 |
i mentioned them quite a few times on the list and bugzilla and the grsec forums, |
| 16 |
here it is again. first, the coredump: you enable coredumps in your shell |
| 17 |
(ulimit -c unlimited) then run your program that crashes. this will produce |
| 18 |
a coredump file that you load into gdb and then issue the following gdb commands: |
| 19 |
|
| 20 |
bt |
| 21 |
x/8i $pc |
| 22 |
x/8x $sp |
| 23 |
info reg |
| 24 |
|
| 25 |
> As for strace - did that, it helps me detect .so libraries (Ioncube and |
| 26 |
> ZendOptimizer) because of which apache was killed. |
| 27 |
|
| 28 |
on a second thought, i'd need the strace output regardless of the gdb analysis, |
| 29 |
just to see how text relocations went as that's where the problem is probably. |
Archives