i always get segmention fault with wget.
here is the strace resoult of it.
http://www.dhcp.nu/wget.txt
i compiled kernel 2.4.20 with grsec. grsec is on high mode.
any idea what to do?
grsec (high) and wget
7 posts
• Page 1 of 1
grsec (high) and wget
by manta » Wed Apr 09, 2003 10:21 am
- manta
- Posts: 5
- Joined: Wed Apr 09, 2003 10:17 am
Re: grsec (high) and wget
by PaX Team » Wed Apr 09, 2003 1:10 pm
1. what version of grsec?manta wrote:i always get segmention fault with wget.
2. what version of wget? (the strace output is weird a bit, for example my wget 1.8.2 doesn't call semop/semget/ipc_subcall, maybe you could put the wget binary on the web too?)
3. try to disable PaX features with chpax and see if anything helps.
4. ultimately, you can try to debug it with gdb and see what happens exactly (for now it looks like an application bug).
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
by manta » Wed Apr 09, 2003 3:14 pm
its the latest version of grsec.
and 1.8.2 of wget.
i have tried to recompile wget, but doesn't help.
seems like its something to do with the random feutures of grsec that crashes wget.
and pax, well..
i thought that was for X?
i only use console.
and 1.8.2 of wget.
i have tried to recompile wget, but doesn't help.
seems like its something to do with the random feutures of grsec that crashes wget.
and pax, well..
i thought that was for X?
i only use console.
- manta
- Posts: 5
- Joined: Wed Apr 09, 2003 10:17 am
by manta » Wed Apr 09, 2003 3:25 pm
this is my setup of grsec. can you see anything here that can cause wget to crash?
Address Space Protection:
[*] Enforce non-executable pages
[*] Disable privileged I/O
[*] Remove addresses from /proc/pid/maps
[*] Hide kernel symbols
ACL options:
[*] Hide kernel processes
Filesystem Protections:
[*] Proc restrictions
[*] Restrict to user only
[*] Additional restrictions
[*] Linking restrictions
[*] FIFO restrictions
Kernel Auditing:
[*] Exec logging
[*] Resource logging
Executable Protections:
[*] Dmesg(8) restriction
[*] Randomized PIDs
Network Protections:
[*] Larger entropy pools
[*] Truly random TCP ISN selection
[*] Randomized IP IDs
[*] Randomized TCP source ports
[*] Randomized RPC XIDs
[*] Altered Ping IDs
Sysctl support:
[*] Sysctl support
Address Space Protection:
[*] Enforce non-executable pages
[*] Disable privileged I/O
[*] Remove addresses from /proc/pid/maps
[*] Hide kernel symbols
ACL options:
[*] Hide kernel processes
Filesystem Protections:
[*] Proc restrictions
[*] Restrict to user only
[*] Additional restrictions
[*] Linking restrictions
[*] FIFO restrictions
Kernel Auditing:
[*] Exec logging
[*] Resource logging
Executable Protections:
[*] Dmesg(8) restriction
[*] Randomized PIDs
Network Protections:
[*] Larger entropy pools
[*] Truly random TCP ISN selection
[*] Randomized IP IDs
[*] Randomized TCP source ports
[*] Randomized RPC XIDs
[*] Altered Ping IDs
Sysctl support:
[*] Sysctl support
- manta
- Posts: 5
- Joined: Wed Apr 09, 2003 10:17 am
by PaX Team » Wed Apr 09, 2003 4:45 pm
can you put it on the web?manta wrote:and 1.8.2 of wget. i have tried to recompile wget, but doesn't help.
try 'chpax -r' then and see if it works. btw, chpax is for controlling PaX features for any app that needs it, the XFree86 server is just one example (and there's actually a solution that makes it run with all of PaX active on it, but i digress).seems like its something to do with the random feutures of grsec that crashes wget.
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
7 posts
• Page 1 of 1