grsecurity forums

[cormander]

When I try to authenticate to a passwordless role:

Code: Select all

gradm -n bigo


I get this spat out on the console:

Code: Select all

BUG: unable to handle kernel NULL pointer dereference at virtual address 000000d0
printing eip: c0288427 *pdpt = 0000000002444001 *pde = 0000000000000000
Oops: 0000 [#1] SMP
Modules linked in:

Pid: 1646, comm: gradm Not tainted (2.6.24.3-grsec #2)
EIP: 0061:[<c0288427>] EFLAGS: 00010246 CPU: 0
EAX: 3d9bb1df EBX: 0ca00002 ECX: 00000000 EDX: 00000000
ESI: 000015dd EDI: 000015dd EBP: c6955f40 ESP: c6955ef4
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0069
Process gradm (pid: 1646, ti=c6954000 task=c6986d70 task.ti=c6954000)
Stack: 00000000 c7c15140 c0289234 c7c15140 c780a4b0 c780a4b0 c7c15140 c7c15140
       c780a4b0 c0289362 0ca00002 00000000 c6955f40 00000000 c6987310 c7fe5200
       c6a15240 c74abec8 c028c078 00000000 00000101 00000001 00000000 00000000
Call Trace:
 [<c0289234>] <0> [<c0289362>] <0> [<c028c078>] <0> [<c028b8d6>] <0> [<c017a5b7>] <0> [<c017ab52>] <0> [<c010808e>] <0> =======================
Code: 39 70 04 75 f1 39 58 08 75 ec 83 78 0c 00 78 e6 5b 5e c3 56 89 c6 69 c0 00 20 80 00 53 89 d3 c1 e2 09 01 d0 8d 14 33 31 d0 31 d2 <f7> b1 d0 00 00 00 8b 81 cc 00 00 00 8b 04 90 eb 03 8b 40 1c 85
EIP: [<c0288427>]  SS:ESP 0069:c6955ef4
---[ end trace 402210969fe88222 ]---


Machine freezes. I'm using:

gradm-2.1.11-200803132102

grsecurity-2.1.11-2.6.24.3-200803031942

I'm going to rebuild the kernel with the latest grsecurity patch on monday to see if I can reproduce this, but thought I'd let you know in the mean time, just in-case it isn't an issue related to the fact that I'm using a grsecurity patch that's almost two weeks old.

[spender]

I'll look into it.

update: I'm unable to reproduce your bug. Can You provide me with your policy and a proper OOPs report? I need one with symbols showing -- you'll have to disable the "symbol hiding" feature of grsecurity.

-Brad

[cormander]

Funny, I tried to duplicate this problem again this morning (from a fresh policy start) and couldn't. I had to go through my session logs to find the exact policy that caused the OOPs.

Half of it is an actual problem. When you specify a role with no subjects.. you just dive right into starting to specify permissions:

Code: Select all

role nosub sTNG
role_transitions admin
        /usr    rw


When you try to authenticate to the role, you get the OOPs.

The other half of it is me being stupid... forgetting to write the subject line for a role. I guess it's true when they say discovery is often by accident, right?

you'll have to disable the "symbol hiding" feature of grsecurity

You're right, ksymoops is giving me "No symbols available" all over the place... /proc/kallsyms isn't there, etc. Doesn't look like there is a sysctl option to disable this.... am going to have to recompile? I'm assuming you mean disable CONFIG_GRKERNSEC_HIDESYM

If you still can't duplicate it with this information I gave you about the absense of the subject, I'll take the time to recompile without the symbol hiding.

Not so much a high priority anymore, since the oops was generated by me being stupid, and I've fixed the previous policy so this doesn't happen anymore.

[spender]

That would explain why I couldn't reproduce the problem. I'll fix this in gradm shortly (no kernel changes are necessary); thanks for the report.

-Brad

[spender]

It's been fixed in the latest gradm. I've also fixed a bug related to the 'T' role mode for special roles and the lack of default object checking for subjects in special roles.

-Brad