[grsec] Upgraded to 2.1.3 got the following oops.

Rocky Olsen rocky at mindphone.org
Tue Mar 15 20:41:23 EST 2005 

Also, grsec is now logging the following deny when i gradm authenticate.
Mar 15 18:40:01 xmission.xmission.com kernel: grsec: From 199.104.120.47:
(root:U:/sbin/gradm) denied access to hidden file /etc/ld.so.cache by
/sbin/gradm[gradm:12917] uid/euid:0/0 gid/egid:0/0, parent
/bin/bash[bash:15607] uid/euid:0/0 gid/egid:0/0 




On Mon, Mar 14, 2005 at 03:55:20PM -0700, Rocky Olsen wrote:
> Upgraded from 2.4.28-2.0.3 to 2.4.29-2.1.3 and had the following oops.
> 
> Also wondering if a new patch for 2.6.11.3 will be released, apply 2.1.3 to
> it caused some modules to not compile.
> 
> 
> -- 
> ______________________________________________________________________
> 
> 
> what's with today, today?
> 
> Email:	rocky at mindphone.org
> PGP:	http://rocky.mindphone.org/rocky_mindphone.org.gpg

> ksymoops 2.4.5 on i686 2.4.29-grsec.  Options used
>      -V (default)
>      -k /proc/ksyms (default)
>      -l /proc/modules (default)
>      -o /lib/modules/2.4.29-grsec/ (default)
>      -m /boot/System.map-2.4.29-grsec (default)
> 
> Warning: You did not tell me where to find symbol information.  I will
> assume that the log matches the kernel and modules that are running
> right now and I'll use the default options above for symbol resolution.
> If the current kernel and/or modules do not match the log, you can get
> more accurate output by telling me the kernel version and where to find
> map, modules, ksyms etc.  ksymoops -h explains the options.
> 
> Error (regular_file): read_ksyms stat /proc/ksyms failed
> No modules in ksyms, skipping objects
> No ksyms, skipping lsmod
> Mar 13 14:38:44 xmission kernel: cpu: 0, clocks: 1002300, slice: 334100
> Mar 13 14:38:44 xmission kernel: cpu: 1, clocks: 1002300, slice: 334100
> Mar 14 06:29:57 xmission kernel: Unable to handle kernel paging request at virtual address e70e8348
> Mar 14 06:29:57 xmission kernel: c0172906
> Mar 14 06:29:57 xmission kernel: *pgd = 0000000000000000
> Mar 14 06:29:57 xmission kernel: Oops: 0002
> Mar 14 06:29:57 xmission kernel: CPU:    1
> Mar 14 06:29:57 xmission kernel: EIP:    0010:[free_block+94/228]    Not tainted
> Mar 14 06:29:57 xmission kernel: EFLAGS: 00010046
> Mar 14 06:29:57 xmission kernel: eax: 01cdc8cc   ebx: ffff006c   ecx: dfd76000   edx: 00000020
> Mar 14 06:29:57 xmission kernel: esi: c158b4a0   edi: 00000034   ebp: c159b728   esp: c15bfedc
> Mar 14 06:29:57 xmission kernel: ds: 0018   es: 0018   ss: 0018
> Mar 14 06:29:57 xmission kernel: Process kswapd (pid: 5, stackpage=c15bf000)
> Mar 14 06:29:57 xmission kernel: Stack: c159b400 dfd76e20 00000286 00001a78 df24f7c0 c158b4a8 c158b4b0 0000173e 
> Mar 14 06:29:57 xmission kernel:        c0172c9b c158b4a0 c159b600 0000007e dfd76e20 df263560 c15bff68 dfd76e20 
> Mar 14 06:29:57 xmission kernel:        c0182ce8 c158b4a0 dfd76e20 df263560 c0192050 dfd76e20 df263568 c01920be 
> Mar 14 06:29:57 xmission kernel: Call Trace:    [kmem_cache_free+83/128] [cdput+68/73] [clear_inode+256/284] [dispose_list+82/196] [prune_icache+189/224]
> Mar 14 06:29:57 xmission kernel: Code: 89 5c 81 18 89 41 14 8b 41 10 8d 50 ff 89 51 10 83 f8 01 75 
> Using defaults from ksymoops -t elf32-i386 -a i386
> 
> 
> >>eax; 01cdc8cc Before first symbol
> >>ebx; ffff006c <END_OF_CODE+3fbb2468/????>
> >>ecx; dfd76000 <END_OF_CODE+1f9383fc/????>
> >>esi; c158b4a0 <END_OF_CODE+114d89c/????>
> >>ebp; c159b728 <END_OF_CODE+115db24/????>
> >>esp; c15bfedc <END_OF_CODE+11822d8/????>
> 
> Code;  00000000 Before first symbol
> 00000000 <_EIP>:
> Code;  00000000 Before first symbol
>    0:   89 5c 81 18               mov    %ebx,0x18(%ecx,%eax,4)
> Code;  00000004 Before first symbol
>    4:   89 41 14                  mov    %eax,0x14(%ecx)
> Code;  00000007 Before first symbol
>    7:   8b 41 10                  mov    0x10(%ecx),%eax
> Code;  0000000a Before first symbol
>    a:   8d 50 ff                  lea    0xffffffff(%eax),%edx
> Code;  0000000d Before first symbol
>    d:   89 51 10                  mov    %edx,0x10(%ecx)
> Code;  00000010 Before first symbol
>   10:   83 f8 01                  cmp    $0x1,%eax
> Code;  00000013 Before first symbol
>   13:   75 00                     jne    15 <_EIP+0x15> 00000015 Before first symbol
> 
> Mar 14 06:39:19 xmission kernel: cpu: 0, clocks: 1002320, slice: 334106
> Mar 14 06:39:19 xmission kernel: cpu: 1, clocks: 1002320, slice: 334106
> Mar 14 09:28:07 xmission kernel: Unable to handle kernel paging request at virtual address 6b726171
> Mar 14 09:28:07 xmission kernel: c0172843
> Mar 14 09:28:07 xmission kernel: *pgd = 0000000000000000
> Mar 14 09:28:07 xmission kernel: Oops: 0002
> Mar 14 09:28:07 xmission kernel: CPU:    1
> Mar 14 09:28:07 xmission kernel: EIP:    0010:[kmem_cache_alloc_batch+119/220]    Not tainted
> Mar 14 09:28:07 xmission kernel: EFLAGS: 00010046
> Mar 14 09:28:07 xmission kernel: eax: c158b4a8   ebx: df00736f   ecx: dfd75000   edx: 6b72616d
> Mar 14 09:28:07 xmission kernel: esi: c158b4a0   edi: 0000000d   ebp: c159b400   esp: d3fe7e48
> Mar 14 09:28:07 xmission kernel: ds: 0018   es: 0018   ss: 0018
> Mar 14 09:28:07 xmission kernel: Process in.telnetd (pid: 25360, stackpage=d3fe7000)
> Mar 14 09:28:07 xmission kernel: Stack: c158b514 c158b4a0 c03cdae8 00000246 c158b4a8 c01729fc c158b4a0 c159b400 
> Mar 14 09:28:07 xmission kernel:        000001f0 d919d5c0 00000000 c03cdae8 00000088 c0182c20 c158b4a0 000001f0 
> Mar 14 09:28:07 xmission kernel:        d919d5c0 c15b7f80 00000029 00008829 00008829 00008829 c017c99c 00008829 
> Mar 14 09:28:07 xmission kernel: Call Trace:    [kmem_cache_alloc+112/312] [cdget+116/248] [init_special_inode+68/175] [devpts_pty_new+191/228] [tty_open+364/896]
> Mar 14 09:28:07 xmission kernel: Code: 89 42 04 89 10 c7 01 00 00 00 00 c7 41 04 00 00 00 00 8b 06 
> 
> 
> >>eax; c158b4a8 <END_OF_CODE+114d8a4/????>
> >>ebx; df00736f <END_OF_CODE+1ebc976b/????>
> >>ecx; dfd75000 <END_OF_CODE+1f9373fc/????>
> >>edx; 6b72616d Before first symbol
> >>esi; c158b4a0 <END_OF_CODE+114d89c/????>
> >>ebp; c159b400 <END_OF_CODE+115d7fc/????>
> >>esp; d3fe7e48 <END_OF_CODE+13baa244/????>
> 
> Code;  00000000 Before first symbol
> 00000000 <_EIP>:
> Code;  00000000 Before first symbol
>    0:   89 42 04                  mov    %eax,0x4(%edx)
> Code;  00000003 Before first symbol
>    3:   89 10                     mov    %edx,(%eax)
> Code;  00000005 Before first symbol
>    5:   c7 01 00 00 00 00         movl   $0x0,(%ecx)
> Code;  0000000b Before first symbol
>    b:   c7 41 04 00 00 00 00      movl   $0x0,0x4(%ecx)
> Code;  00000012 Before first symbol
>   12:   8b 06                     mov    (%esi),%eax
> 
> Mar 14 09:36:21 xmission kernel: cpu: 0, clocks: 1002171, slice: 334057
> Mar 14 09:36:21 xmission kernel: cpu: 1, clocks: 1002171, slice: 334057
> 
> 1 warning and 1 error issued.  Results may not be reliable.




> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity


-- 
______________________________________________________________________


what's with today, today?

Email:	rocky at mindphone.org
PGP:	http://rocky.mindphone.org/rocky_mindphone.org.gpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050315/28074758/attachment-0001.pgp

More information about the grsecurity mailing list