[grsec] pid randomization problem - process won't execute and will
return zero value
michal maly
2maly at pauli.fmph.uniba.sk
Mon Aug 15 16:46:27 EDT 2005
Hello,
on systems with pid randomization enabled (CONFIG_GRKERNSEC_RANDPID=y),
following will happen (example):
$ time until /bin/false; do :; done
real 0m5.336s
user 0m1.583s
sys 0m3.308s
I used /bin/false to avoid shell builtin false.
This occurs, when pid number for a new process is chosen
(gr_random_pid() in grsec_rand.c) and this pid is the same as pid of the
former process. The new process will not be executed and will return a
'true' value (0). This will happen with probability of 1/pid_max (==
1/32768).
In logs you can see:
grsec: exec of /bin/false (/bin/false ) by /bin/bash[bash:25666]
uid/euid:1000/1000 gid/egid:100/100, parent /bin/bash[bash:5549]
uid/euid:1000/1000 gid/egid:100/100
grsec: exec of /bin/false (/bin/false ) by /bin/bash[bash:25666]
uid/euid:1000/1000 gid/egid:100/100, parent /bin/bash[bash:5549]
uid/euid:1000/1000 gid/egid:100/100
Both falses got 25666 and the latter ended with true.
It can break some shell scripts and/or long running active systems.
I tested it on kernels 2.6.11.12-grsec and 2.6.7-grsec.
Michal Maly
More information about the grsecurity
mailing list