[grsec] grsecurity + skas UML patch for 2.6.14.5

Max CtRiX ctrix+grsec at navynet.it
Wed Jan 11 12:49:33 EST 2006 

Lubomir Host wrote:
> It is bootable with grsec turned on, but I'm not using this kernel on
> production servers yet.

Now, kernel compiles and boots.
it's a 2.6.14.6-cks-grsec-vs2-skas3-v8.2 (yes, a lot of patches) plus 
some other path'o'matic stuff.

without skas patch UML kernel works.
With skas, it starts but hangs as follows:



Checking for the skas3 patch in the host...found
Checking for /proc/mm...found
Checking for /dev/anon on the host...Not available (open failed with 
errno 2)
Linux version 2.4.25-1um (root at intserver) (gcc version 2.95.4 20011002 
(Debian prerelease)) #5 Sat Feb 28 20:59:59 CET 2004
On node 0 totalpages: 8192
zone(0): 8192 pages.
zone(1): 0 pages.
zone(2): 0 pages.
Kernel command line: ubd0=var/lib/uml/deb root=/dev/ubd0
Calibrating delay loop... 2195.45 BogoMIPS
[CUT]
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
EXT2-fs warning (device ubd(98,0)): ext2_read_super: mounting ext3 
filesystem as
  ext2

VFS: Mounted root (ext2 filesystem) readonly.
Mounted devfs on /dev

<>
HERE HANGS

-------------

The trace of the loop is the following (it's repeated in the output).

waitpid(5968, [{WIFSTOPPED(s) && WSTOPSIG(s) == SIGSEGV}], WUNTRACED) = 5968
ptrace(PTRACE_GETREGS, 5968, 0, 0xa032c278) = 0
ptrace(PTRACE_GETFPXREGS, 5968, 0, 0xa032c328) = 0
ptrace(0x34 /* PTRACE_??? */, 5968, 0, 0xa032fc90) = 0
rt_sigprocmask(SIG_UNBLOCK, [], [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM VTALRM IO], [ALRM VTALRM IO], 8) = 0
rt_sigprocmask(SIG_BLOCK, [], NULL, 8)  = 0
rt_sigprocmask(SIG_UNBLOCK, [], [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM VTALRM IO], [ALRM VTALRM IO], 8) = 0
rt_sigprocmask(SIG_BLOCK, [], NULL, 8)  = 0
rt_sigprocmask(SIG_UNBLOCK, [], [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [], [ALRM VTALRM IO], 8) = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [], [ALRM VTALRM IO], 8) = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM VTALRM IO], [ALRM VTALRM IO], 8) = 0
rt_sigprocmask(SIG_BLOCK, [], NULL, 8)  = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM PROF IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [], [ALRM VTALRM PROF IO], 8) = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [], [ALRM VTALRM PROF IO], 8) = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM VTALRM PROF IO], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM PROF IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM VTALRM PROF IO], NULL, 8) = 0
ptrace(PTRACE_SETREGS, 5968, 0, 0xa032c278) = 0
ptrace(PTRACE_SETFPXREGS, 5968, 0, 0xa032c328) = 0
ptrace(PTRACE_SYSCALL, 5968, 0, SIG_0)  = 0
--- SIGCHLD (Child exited) @ 0 (0) ---

#---- The part above looped infinitely...
#---- on a kill .-9, it goes on like:

waitpid(5968, [{WIFSTOPPED(s) && WSTOPSIG(s) == SIGSEGV}], WUNTRACED) = 5968
ptrace(PTRACE_GETREGS, 5968, 0, 0xa032c278) = 0
ptrace(PTRACE_GETFPXREGS, 5968, 0, 0xa032c328) = 0
ptrace(0x34 /* PTRACE_??? */, 5968, 0, 0xa032fc90) = 0
rt_sigprocmask(SIG_UNBLOCK, [], [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM VTALRM IO], [ALRM VTALRM IO], 8) = 0
rt_sigprocmask(SIG_BLOCK, [], NULL, 8)  = 0
rt_sigprocmask(SIG_UNBLOCK, [], [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM VTALRM IO], [ALRM VTALRM IO], 8) = 0
rt_sigprocmask(SIG_BLOCK, [], NULL, 8)  = 0
rt_sigprocmask(SIG_UNBLOCK, [], [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [], [ALRM VTALRM IO], 8) = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [], [ALRM VTALRM IO], 8) = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM VTALRM IO], [ALRM VTALRM IO], 8) = 0
rt_sigprocmask(SIG_BLOCK, [], NULL, 8)  = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM PROF IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [], [ALRM VTALRM PROF IO], 8) = 0
--- SIGTERM (Terminated) @ 0 (0) ---
--- SIGCHLD (Child exited) @ 0 (0) ---
rt_sigaction(SIGINT, {SIG_DFL}, {0xa000c168, [], 
SA_RESTORER|SA_NOMASK|SA_ONESHOT, 0xa0154448}, 8) = 0
rt_sigaction(SIGTERM, {SIG_DFL}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGHUP, {SIG_DFL}, {SIG_IGN}, 8) = 0
kill(5968, SIGKILL)                     = 0
waitpid(5968, NULL, 0)                  = 5968
kill(5973, SIGKILL)                     = 0
waitpid(5973, NULL, 0)                  = 5973
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM PROF IO], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [ALRM VTALRM PROF IO], 8) = 0
rt_sigprocmask(SIG_SETMASK, [IO], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, [ALRM VTALRM PROF IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM VTALRM PROF IO], NULL, 8) = 0
kill(5974, SIGKILL)                     = 0
waitpid(5974, NULL, 0)                  = 5974
open("/dev/null", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a 
directory)
open("/root/.uml/iUrFhx", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 13
fstat64(13, {st_mode=S_IFDIR|0770, st_size=4096, ...}) = 0
fcntl64(13, F_SETFD, FD_CLOEXEC)        = 0
rt_sigprocmask(SIG_UNBLOCK, [], [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, [ALRM VTALRM IO], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM VTALRM IO], [ALRM VTALRM IO], 8) = 0
rt_sigprocmask(SIG_BLOCK, [], NULL, 8)  = 0
getdents64(13, /* 4 entries */, 4096)   = 104
unlink("/root/.uml/iUrFhx/pid")         = 0
unlink("/root/.uml/iUrFhx/mconsole")    = 0
getdents64(13, /* 0 entries */, 4096)   = 0
rmdir("/root/.uml/iUrFhx")              = 0
munmap(0xb7fb4000, 4096)                = 0
exit_group(1)                           = ?


------------------

Any hints ?
To me it is something related to CONFIG_PAX_SEGMEXEC.

Max

More information about the grsecurity mailing list