Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: pageexec@××××××××.hu
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init
Date: Thu, 02 Apr 2009 22:43:35
Message-Id: 49D53F8E.16661.386BDA57@pageexec.freemail.hu
In Reply to: Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init by Alex Efros
1 On 3 Apr 2009 at 1:22, Alex Efros wrote:
2 > On Thu, Apr 02, 2009 at 11:17:10PM +0200, pageexec@××××××××.hu wrote:
3 > > can you strace bash/etc to see what happens? probably we'll see what runs
4 >
5 > how do I can strace process N1?
6
7 you can enable and boot into softmode then turn it off and see what
8 you can reproduce then. that won't let you strace pid=1 but let's
9 you play with the rest while running an MPROTECT kernel.
10
11 > PaX doesn't kill bash if it executed not as process N1.
12
13 hmm, i don't get it. are you saying that with MPROTECT enabled in the
14 kernel, bash fails to start when run as init, but works otherwise?
15
16 > > against the MPROTECT restricions. my guess is either textrels or gnu_stack
17 > > (compare scanelf -lpqRte on your systems).
18 >
19 > it's same on all servers:
20
21 hmm, so nothing stands out, and only pid=1 is ever affected? i've never seen
22 such a failure mode ;).
23
24 > > btw, why are you using SEGMEXEC on your core2?
25 >
26 > Hmm. You think I should use PAGEEXEC instead? According to help in linux
27 > kernel SEGMEXEC looks more suitable for Core2Duo and Xeon E5310...
28 >
29 > In help for PAGEEXEC it doesn't recommended for P4 and there is nothing
30 > about newest processors, so I suppose PAGEEXEC may not be a good choice.
31
32 the help talks about exactly what is problematic, the P4 core. the core2
33 is different, and it also has hw non-exec support.
34
35 > After your question I've re-read help, and notice "i386 with hardware
36 > non-executable bit support" item at end of list with less usual archs like
37 > avr32, sparc, etc. If that was said about Core/Xeon too, then there
38 > probably little usability issue with that help. ;-)
39
40 i can't possibly list every cpuid that has NX support, up to you to determine
41 it ;). besides, you can always enable both non-exec features and the kernel
42 will choose the better one at runtime.

Replies

Subject Author
Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init Alex Efros <powerman@××××××××××××××××××.com>
Report Message
Find on MARC Find on Google Groups