| 1 |
Hi! |
| 2 |
|
| 3 |
Also, I've just compared runit-init & bash binaries on both servers. |
| 4 |
Here results from server with this issue: |
| 5 |
|
| 6 |
# for i in /bin/bash /sbin/runit-init; do ls -l $i; md5sum $i; paxctl -v $i; done |
| 7 |
-rwxr-xr-x 1 root root 858476 2009-04-01 23:44 /bin/bash |
| 8 |
1f217dcd279f9105ecb0ffd8b5e1d19d /bin/bash |
| 9 |
PaX control v0.5 |
| 10 |
Copyright 2004,2005,2006,2007 PaX Team <pageexec@××××××××.hu> |
| 11 |
|
| 12 |
- PaX flags: -------x-e-- [/bin/bash] |
| 13 |
RANDEXEC is disabled |
| 14 |
EMUTRAMP is disabled |
| 15 |
-rwxr-xr-x 1 root root 13616 2009-04-02 15:16 /sbin/runit-init |
| 16 |
c0aee39d040096e05fc95fd4bcfaf34f /sbin/runit-init |
| 17 |
PaX control v0.5 |
| 18 |
Copyright 2004,2005,2006,2007 PaX Team <pageexec@××××××××.hu> |
| 19 |
|
| 20 |
- PaX flags: -----m-x-e-- [/sbin/runit-init] |
| 21 |
MPROTECT is disabled |
| 22 |
RANDEXEC is disabled |
| 23 |
EMUTRAMP is disabled |
| 24 |
|
| 25 |
Here from server without this issue: |
| 26 |
|
| 27 |
# for i in /bin/bash /sbin/runit-init; do ls -l $i; md5sum $i; paxctl -v $i; done |
| 28 |
-rwxr-xr-x 1 root root 858476 2009-04-01 23:38 /bin/bash |
| 29 |
1f217dcd279f9105ecb0ffd8b5e1d19d /bin/bash |
| 30 |
PaX control v0.5 |
| 31 |
Copyright 2004,2005,2006,2007 PaX Team <pageexec@××××××××.hu> |
| 32 |
|
| 33 |
- PaX flags: -------x-e-- [/bin/bash] |
| 34 |
RANDEXEC is disabled |
| 35 |
EMUTRAMP is disabled |
| 36 |
-rwxr-xr-x 1 root root 13616 2009-04-02 00:37 /sbin/runit-init |
| 37 |
8e6da3a1849d1d2830896d9caeff03e5 /sbin/runit-init |
| 38 |
PaX control v0.5 |
| 39 |
Copyright 2004,2005,2006,2007 PaX Team <pageexec@××××××××.hu> |
| 40 |
|
| 41 |
- PaX flags: -------x-e-- [/sbin/runit-init] |
| 42 |
RANDEXEC is disabled |
| 43 |
EMUTRAMP is disabled |
| 44 |
|
| 45 |
As you see, bash is *same* on both servers, but on first server failed to |
| 46 |
boot with init=/bin/bash unless I do paxctl -m /bin/bash. |
| 47 |
|
| 48 |
I've no idea why runit-init differ, but it's ease to test - I've copied |
| 49 |
runit-init from second server to first, and tried to boot it using that |
| 50 |
runit-init (without marking it with paxctl -m): |
| 51 |
|
| 52 |
# ls -l /sbin/runit-init* |
| 53 |
-rwxr-xr-x 1 root root 13616 2009-04-02 15:16 /sbin/runit-init |
| 54 |
-rwxr-xr-x 1 root root 13616 2009-04-02 16:25 /sbin/runit-init2 |
| 55 |
# md5sum /sbin/runit-init* |
| 56 |
c0aee39d040096e05fc95fd4bcfaf34f /sbin/runit-init |
| 57 |
8e6da3a1849d1d2830896d9caeff03e5 /sbin/runit-init2 |
| 58 |
|
| 59 |
And... yeah, it doesn't boot with init=/sbin/runit-init2, as expected. |
| 60 |
|
| 61 |
Only possible difference between servers which I can't see may be in hardware. |
| 62 |
But: |
| 63 |
- server should be same, at least we buy them both as "HP ProLiant DL140 G3" |
| 64 |
and they both has same BIOS version "1.14 08/13/07" so I suppose they |
| 65 |
should be same unless some hardware is broken |
| 66 |
- previous kernel sys-kernel/hardened-sources-2.6.27-r8 works ok on both |
| 67 |
servers with same kernel configuration (CONFIG_PAX_MPROTECT enabled, |
| 68 |
paxctl -m doesn't applied to runit-init) |
| 69 |
|
| 70 |
So, this issue in some way related to PaX changes between 2.6.27-r8 and |
| 71 |
2.6.28-r7. |
| 72 |
|
| 73 |
-- |
| 74 |
WBR, Alex. |
Archives