[grsec] Text Relocations

Samir Mishra sqmishra at o2.ie
Mon Dec 13 08:52:12 EST 2004 

Hope someone can enlighten me. I'm running Gentoo with the hardened gcc-3.4.3 
toolchain & 2.6.7-r10 kernel.

Recently, while testing grsecurity, I turned on audit_textrel using sysctl. I 
was surprised to see many standard executables showing up in the log, 
e.g., /bin/mv, because of "text relocation". I don't fully understand all of 
this, but I assume text relocations are "a bad thing". How do I go about 
getting rid of this, for example in /bin/mv. 

Some details in case it's helpful, --

amoeba # file /bin/mv
/bin/mv: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), stripped

amoeba # readelf -h /bin/mv
ELF Header:
  Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF32
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              DYN (Shared object file)
  Machine:                           Intel 80386
  Version:                           0x1
  Entry point address:               0x22a0
  Start of program headers:          52 (bytes into file)
  Start of section headers:          81556 (bytes into file)
  Flags:                             0x0
  Size of this header:               52 (bytes)
  Size of program headers:           32 (bytes)
  Number of program headers:         10
  Size of section headers:           40 (bytes)
  Number of section headers:         27
  Section header string table index: 26



I'm also getting a number of messages in the logs similar to this one below 
before the program dies. Any suggestion on how I can fix it?

amoeba # grep PAX /var/messages
Dec 13 17:34:04 amoeba PAX: execution attempt in: <anonymous mapping>, 
27cf9000-27d01000 27cf9000
Dec 13 17:34:04 amoeba PAX: terminating task: /usr/bin/mono(mono):6398, 
uid/euid: 0/0, PC: 27cf9050, SP: 5a70965c
Dec 13 17:34:04 amoeba PAX: bytes at PC: 55 8b ec 83 ec 20 8b 45 10 85 c0 74 
098b 45 10 c7 00 00 00
Dec 13 17:34:04 amoeba PAX: bytes at SP: 27d7826b 14709f90 5a709740 00000000 
27cf90d0 146f2b60 00000000 5a709740 14709f90 71cb5658 00000000 00000b18 
000055da 71cb5658 27eda9ac 27d781eb 27ed7bd8 146f2c10 28b33108 5a7096e8
Dec 13 17:34:04 amoeba grsec: attempted resource overstep by requesting 4096 
for RLIMIT_CORE against limit 0 by /usr/bin/mono[mono:6398] uid/euid:0/0 
gid/egid:0/0, parent /usr/bin/make[make:2101] uid/euid:0/0 gid/egid:0/0


Thanks in advance.

Samir.

More information about the grsecurity mailing list