1 |
Hi! |
2 |
|
3 |
Also, I've just compared runit-init & bash binaries on both servers. |
4 |
Here results from server with this issue: |
5 |
|
6 |
# for i in /bin/bash /sbin/runit-init; do ls -l $i; md5sum $i; paxctl -v $i; done |
7 |
-rwxr-xr-x 1 root root 858476 2009-04-01 23:44 /bin/bash |
8 |
1f217dcd279f9105ecb0ffd8b5e1d19d /bin/bash |
9 |
PaX control v0.5 |
10 |
Copyright 2004,2005,2006,2007 PaX Team <pageexec@××××××××.hu> |
11 |
|
12 |
- PaX flags: -------x-e-- [/bin/bash] |
13 |
RANDEXEC is disabled |
14 |
EMUTRAMP is disabled |
15 |
-rwxr-xr-x 1 root root 13616 2009-04-02 15:16 /sbin/runit-init |
16 |
c0aee39d040096e05fc95fd4bcfaf34f /sbin/runit-init |
17 |
PaX control v0.5 |
18 |
Copyright 2004,2005,2006,2007 PaX Team <pageexec@××××××××.hu> |
19 |
|
20 |
- PaX flags: -----m-x-e-- [/sbin/runit-init] |
21 |
MPROTECT is disabled |
22 |
RANDEXEC is disabled |
23 |
EMUTRAMP is disabled |
24 |
|
25 |
Here from server without this issue: |
26 |
|
27 |
# for i in /bin/bash /sbin/runit-init; do ls -l $i; md5sum $i; paxctl -v $i; done |
28 |
-rwxr-xr-x 1 root root 858476 2009-04-01 23:38 /bin/bash |
29 |
1f217dcd279f9105ecb0ffd8b5e1d19d /bin/bash |
30 |
PaX control v0.5 |
31 |
Copyright 2004,2005,2006,2007 PaX Team <pageexec@××××××××.hu> |
32 |
|
33 |
- PaX flags: -------x-e-- [/bin/bash] |
34 |
RANDEXEC is disabled |
35 |
EMUTRAMP is disabled |
36 |
-rwxr-xr-x 1 root root 13616 2009-04-02 00:37 /sbin/runit-init |
37 |
8e6da3a1849d1d2830896d9caeff03e5 /sbin/runit-init |
38 |
PaX control v0.5 |
39 |
Copyright 2004,2005,2006,2007 PaX Team <pageexec@××××××××.hu> |
40 |
|
41 |
- PaX flags: -------x-e-- [/sbin/runit-init] |
42 |
RANDEXEC is disabled |
43 |
EMUTRAMP is disabled |
44 |
|
45 |
As you see, bash is *same* on both servers, but on first server failed to |
46 |
boot with init=/bin/bash unless I do paxctl -m /bin/bash. |
47 |
|
48 |
I've no idea why runit-init differ, but it's ease to test - I've copied |
49 |
runit-init from second server to first, and tried to boot it using that |
50 |
runit-init (without marking it with paxctl -m): |
51 |
|
52 |
# ls -l /sbin/runit-init* |
53 |
-rwxr-xr-x 1 root root 13616 2009-04-02 15:16 /sbin/runit-init |
54 |
-rwxr-xr-x 1 root root 13616 2009-04-02 16:25 /sbin/runit-init2 |
55 |
# md5sum /sbin/runit-init* |
56 |
c0aee39d040096e05fc95fd4bcfaf34f /sbin/runit-init |
57 |
8e6da3a1849d1d2830896d9caeff03e5 /sbin/runit-init2 |
58 |
|
59 |
And... yeah, it doesn't boot with init=/sbin/runit-init2, as expected. |
60 |
|
61 |
Only possible difference between servers which I can't see may be in hardware. |
62 |
But: |
63 |
- server should be same, at least we buy them both as "HP ProLiant DL140 G3" |
64 |
and they both has same BIOS version "1.14 08/13/07" so I suppose they |
65 |
should be same unless some hardware is broken |
66 |
- previous kernel sys-kernel/hardened-sources-2.6.27-r8 works ok on both |
67 |
servers with same kernel configuration (CONFIG_PAX_MPROTECT enabled, |
68 |
paxctl -m doesn't applied to runit-init) |
69 |
|
70 |
So, this issue in some way related to PaX changes between 2.6.27-r8 and |
71 |
2.6.28-r7. |
72 |
|
73 |
-- |
74 |
WBR, Alex. |