grsecurity forums

[DMZ]

Redhat have pushed out their glibc-2.3.2-4.80 update with a fix for the RPC XDR buffer overflow. I have been using a kernel based around grsec-1.9.7d, however after updating glibc, I can no longer boot into the grsec kernel - PaX gives a stream of VMMALLOC errors. Recompiling had no effect.

Is it time to start the long arduous task of merging patches for a new kernel with grsec-1.9.9e, or is there something else going on here? It would be nice to know before I go to all that effort to find that it still won't work .

[PaX Team]

Is it time to start the long arduous task of merging patches for a new kernel with grsec-1.9.9e?

indeed, it is, you're using an old version that had known bugs, especially in the vma mirroring code which was quite new back then but has been stable since last December.

[DMZ]

Is it time to start the long arduous task of merging patches for a new kernel with grsec-1.9.9e?

indeed, it is, you're using an old version that had known bugs, especially in the vma mirroring code which was quite new back then but has been stable since last December.

Thanks - that makes a lot of sense. Had I said VMMIRROR it might have made even more sense initially, unfortunately I wasn't in a position to write down any details... hooray for inaccurate reporting. Looks like the updated glibc has exposed an old bug.

I now have a problem with the 2.4.20 kernel with grsec-1.9.9e - mouseclicks don't seem to be registering, perhaps only one click in twenty, this is from mousedev and usb-uhci. Similarly sometimes keyboard entry seems delayed or sluggish. No obvious or even unobvious errors in any of the logs.

I've narrowed it down to about 4 grsecurity settings (not the obvious kmem or privileged I/O), some compiled in rather than those with a /proc interface. Since these weren't present in grsec-1.9.7d it's a good bet it's one of these, since the kernel itself is virtually identical (I was running 1.9.7d on 2.4.20rc3).

[spender]

I've had that problem too, but I'm not quite sure it's related to grsec, because I've had the same problem on a clean 2.4.20 kernel. On my system, sometimes switching terminals in X causes my text to not be entered until I also move the mouse. Clicking on things sometimes doesn't work until I move the mouse. I have no idea what could be causing it. I've disabled the "protect outside processes" chroot feature, and I don't see the problem right now. Try that and see if it makes a difference for you. If it does, I'll look more into the problem.

-Brad

[spender]

Ok, I've debugged it, and I think I've found the problem. Check out include/linux/grinternal.h and grsecurity/grsec_chroot.c from CVS.

-Brad

[DMZ]

Ok, I've debugged it, and I think I've found the problem. Check out include/linux/grinternal.h and grsecurity/grsec_chroot.c from CVS.

-Brad

That was fast - I hadn't even posted today to say that I narrowed it down yesterday to protect outside processes, and you've already fixed it. You're a god, Brad - I'll grab the diffs for the changes and add them to my rpm patch list. I may even let you know if it fixed it for me too at some distant, vague point in the future...

[DMZ]

Yup... it's fine enabled now, looks like you got it.