1 |
Hi, |
2 |
On нд, 2004-08-01 at 13:01, pageexec@××××××××.hu wrote: |
3 |
> > > Used strace and it seems that PaX is the culpit, could somebody confirm |
4 |
> > > this? |
5 |
> > |
6 |
> > Your understanding of the problem seems backwards. python is probably |
7 |
> > the culpit and PaX is only making it obvious that something else has a |
8 |
> > fundamental code flaw. |
9 |
> > (It bugs me when I see people blame pax & grsec for faulty software) |
10 |
> |
11 |
> ok, after having looked at the strace, i see a few things only: |
12 |
> |
13 |
> 1. there's a sign of ld.so:make_stack_executable() failing, apparently |
14 |
> because /usr/lib/libcrypto.so.0.9.7 is marked with an executable |
15 |
> PT_GNU_STACK. i think that's a known false positive (PT_PAX_FLAGS |
16 |
> doesn't have emutramp enabled here). |
17 |
> |
18 |
> 2. there's only one mmap request that creates (well, tries to ;-) a |
19 |
> writable/executable mapping and that's right after mapping psyco.so. |
20 |
> based on the package description ("[it] can massively speed up the |
21 |
> execution of any Python code") i bet it does exactly that by generating |
22 |
> code at runtime (the website confirms that it does JIT compilation), |
23 |
> hence it will not work with non-executable pages. since this is a |
24 |
> library you have to disable MPROTECT on the executable that uses it, |
25 |
> in this case python. |
26 |
> |
27 |
> PS: rumen, i think you don't need to bother with those extra logs and |
28 |
> straces i asked for in the previous mail, just disable MPROTECT |
29 |
> on python and be done with it (i've tested it here). |
30 |
> |
31 |
> |
32 |
> -- |
33 |
> gentoo-hardened@g.o mailing list |
34 |
> |
35 |
Did it, see previous mail-reply (disabled ALL ASLR on python). |
36 |
Still no luck. |
37 |
...Later... |
38 |
Some success after unmerging psyco, bittorrent starts and gives |
39 |
following error: |
40 |
[15:47:35] Problem connecting to tracker - <urlopen error (111, |
41 |
'Connection refused')> |
42 |
I'll look at it later, maybe firewall (shorewall-port) problem or too |
43 |
many requests, don't know. |
44 |
Thanks. |
45 |
Rumen |