[grsec] ndiswrapper failing to load
pageexec at freemail.hu
pageexec at freemail.hu
Mon Sep 18 09:06:53 EDT 2006
On 18 Sep 2006 at 12:20, Peter Mazinger wrote:
> Sep 18 10:48:07 ucgt eax: 0003f200 ebx: df64d3e0 ecx: 00000000 edx: e0c1468c
> Sep 18 10:48:07 ucgt <002b1294> <002b16ff>
> Sep 18 10:48:07 ucgt Code: 00 00 83 3a 02 74 0d 41 83 c0 38 83 c2 38 39 f1 72 f0 eb 59 8b 90 50 01 00 00 8d 73 1c 89 53 0c 8b 80 58 01 00 00 89 43 10 56 53 <ff> d2 85 c0 74 3c 50 68 f9 01 00 00 68 40 21 6c c0 68 df 37 6c
> Sep 18 10:48:07 ucgt EIP: [<002b1059>] SS:ESP 0068:dc23be5c
> Is this a bug
bug/feature... depends on who you ask ;-). the faulting insn is
a 'call edx' and edx points outside the __KERNEL_CS region so i
guess it's ndiswrapper that loaded the windows driver into the
normal kmalloc/vmalloc area which happens to be non-executable.
this can't be fixed in PaX, ndiswrapper must be patched to be a
good citizen and use vmalloc_exec at least. but that'll probably
fail with the windows drivers as their code/data sections can't
be easily separated (unlike native linux/ELF kernel drivers) so
if the whole windows driver is loaded into the executable area,
it will die on the first write attempt to its own data section
(actually, without further patching, ndiswrapper would die on
processing the relocations in the windows driver).
More information about the grsecurity
mailing list