Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Rumen Yotov <rumen_yotov@×××.bg>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] problems with bittorrent and bittornado
Date: Sun, 01 Aug 2004 12:52:18
Message-Id: 1091364729.21415.38.camel@mymach.qrypto.org
In Reply to: Re: [gentoo-hardened] problems with bittorrent and bittornado by pageexec@freemail.hu
1 Hi,
2 On нд, 2004-08-01 at 13:01, pageexec@××××××××.hu wrote:
3 > > > Used strace and it seems that PaX is the culpit, could somebody confirm
4 > > > this?
5 > >
6 > > Your understanding of the problem seems backwards. python is probably
7 > > the culpit and PaX is only making it obvious that something else has a
8 > > fundamental code flaw.
9 > > (It bugs me when I see people blame pax & grsec for faulty software)
10 >
11 > ok, after having looked at the strace, i see a few things only:
12 >
13 > 1. there's a sign of ld.so:make_stack_executable() failing, apparently
14 > because /usr/lib/libcrypto.so.0.9.7 is marked with an executable
15 > PT_GNU_STACK. i think that's a known false positive (PT_PAX_FLAGS
16 > doesn't have emutramp enabled here).
17 >
18 > 2. there's only one mmap request that creates (well, tries to ;-) a
19 > writable/executable mapping and that's right after mapping psyco.so.
20 > based on the package description ("[it] can massively speed up the
21 > execution of any Python code") i bet it does exactly that by generating
22 > code at runtime (the website confirms that it does JIT compilation),
23 > hence it will not work with non-executable pages. since this is a
24 > library you have to disable MPROTECT on the executable that uses it,
25 > in this case python.
26 >
27 > PS: rumen, i think you don't need to bother with those extra logs and
28 > straces i asked for in the previous mail, just disable MPROTECT
29 > on python and be done with it (i've tested it here).
30 >
31 >
32 > --
33 > gentoo-hardened@g.o mailing list
34 >
35 Did it, see previous mail-reply (disabled ALL ASLR on python).
36 Still no luck.
37 ...Later...
38 Some success after unmerging psyco, bittorrent starts and gives
39 following error:
40 [15:47:35] Problem connecting to tracker - <urlopen error (111,
41 'Connection refused')>
42 I'll look at it later, maybe firewall (shorewall-port) problem or too
43 many requests, don't know.
44 Thanks.
45 Rumen

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-hardened] problems with bittorrent and bittornado pageexec@××××××××.hu
Report Message
Find on MARC Find on Google Groups