1 |
On 6 Mar 2009 at 17:13, Alex Efros wrote: |
2 |
|
3 |
> Two questions: |
4 |
> 1) Is "2.6.28.7 and PaX alone" mean hardened-sources-2.6.28 with |
5 |
> everything except PaX switched off, or vanilla-sources-2.6.28.7 manually |
6 |
> patched with latests PaX? |
7 |
|
8 |
it's always the latter ;), i need to make sure it's a PaX problem. |
9 |
|
10 |
> 2) I'm perl programmer, not C. So I need more detailed instructions (list |
11 |
> of commands to run) how to "get coredumps and analyze them for the usual |
12 |
> things". Probably this info already available somewhere, so url to this |
13 |
> doc will be enough. |
14 |
|
15 |
i mentioned them quite a few times on the list and bugzilla and the grsec forums, |
16 |
here it is again. first, the coredump: you enable coredumps in your shell |
17 |
(ulimit -c unlimited) then run your program that crashes. this will produce |
18 |
a coredump file that you load into gdb and then issue the following gdb commands: |
19 |
|
20 |
bt |
21 |
x/8i $pc |
22 |
x/8x $sp |
23 |
info reg |
24 |
|
25 |
> As for strace - did that, it helps me detect .so libraries (Ioncube and |
26 |
> ZendOptimizer) because of which apache was killed. |
27 |
|
28 |
on a second thought, i'd need the strace output regardless of the gdb analysis, |
29 |
just to see how text relocations went as that's where the problem is probably. |