paxctl wirdo: python segfaults when copied

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

paxctl wirdo: python segfaults when copied

Postby kolargol » Thu Feb 16, 2017 4:44 pm

Hi,

Since few days i am running on patch 4.9.9 (test) and today after server reboot i started to notice that python segfaults, example:
Code: Select all
grsec: From XX.XX.XX.XX: Segmentation fault occurred at            (nil) in /usr/bin/python2.7[bash:3388] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3241] uid/euid:0/0 gid/egid:0/0


running from bash:
Code: Select all
python
Segmentation fault


note that python was running fine on exactly same kernel for last few days. Any idea?
Last edited by kolargol on Sun Feb 19, 2017 2:14 pm, edited 1 time in total.
kolargol
 
Posts: 36
Joined: Thu Sep 23, 2004 5:19 am

Re: python started to segfault after reboot

Postby kolargol » Sun Feb 19, 2017 2:13 pm

ok I found more details about that, and here is weird behavior:

Code: Select all
root@xxx:~/gr# paxctl -v ./python2.7
PaX control v0.9
Copyright 2004,2005,2006,2007,2009,2010,2011,2012,2014 PaX Team <pageexec@freemail.hu>

file ./python2.7 does not have a PT_PAX_FLAGS program header, try conversion
root@xxx:~/gr# ./python2.7 -c 'print "PAX"'
PAX
root@xxx:~/gr# paxctl -cm python2.7
file python2.7 had a PT_GNU_STACK program header, converted
root@xxx:~/gr# paxctl -v ./python2.7
PaX control v0.9
Copyright 2004,2005,2006,2007,2009,2010,2011,2012,2014 PaX Team <pageexec@freemail.hu>

- PaX flags: -----m-x-e-- [./python2.7]
        MPROTECT is disabled
        RANDEXEC is disabled
        EMUTRAMP is disabled
root@xxx:~/gr# ./python2.7 -c 'print "PAX"'
PAX
root@xxx:~/gr# cp python2.7 /usr/bin/python2.7
root@xxx:~/gr# /usr/bin/python2.7 -c 'print "PAX"'
Segmentation fault
root@xxx:~/gr# paxctl -v /usr/bin/python2.7
PaX control v0.9
Copyright 2004,2005,2006,2007,2009,2010,2011,2012,2014 PaX Team <pageexec@freemail.hu>

- PaX flags: -----m-x-e-- [/usr/bin/python2.7]
        MPROTECT is disabled
        RANDEXEC is disabled
        EMUTRAMP is disabled


and in dmesg:
Code: Select all
grsec: From 10.0.100.104: Segmentation fault occurred at            (nil) in /usr/bin/python2.7[bash:4658] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:5931] uid/euid:0/0 gid/egid:0/0


kernel 4.9.10 with corresponding grsec patch. grsec have almost all options enabled.

When i enable EMUTRAP:
Code: Select all
- PaX flags: -------xE--- [/usr/bin/python2.7]
        RANDEXEC is disabled
        EMUTRAMP is enabled


python works, but with that error in dmesg
Code: Select all
grsec: From 10.0.100.104: denied RWX mmap of <anonymous mapping> by /usr/bin/python2.7[python:5260] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:5931] uid/euid:0/0 gid/egid:0/0


what is that problem when copying binary with "-cm" flags? I have no occur that before.
kolargol
 
Posts: 36
Joined: Thu Sep 23, 2004 5:19 am

Re: paxctl wirdo: python segfaults when copied

Postby PaX Team » Sun Feb 19, 2017 5:38 pm

do you have the xattr based PaX flag control mechanism enabled in the kernel and on your binaries? are there any xattr flags on the python binaries (both the original and the copy)? other than this, i can't think of a reason why a copy would behave differently.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: paxctl wirdo: python segfaults when copied

Postby kolargol » Mon Feb 20, 2017 5:07 am

i do not use any additional attributes (flags are clean) on that binary. I have also tried gdb but it SIGSEGV with no stack. strace gives some clue:

Code: Select all
strace /usr/bin/python2.7
execve("/usr/bin/python2.7", ["/usr/bin/python2.7"], [/* 12 vars */]) = -1 EINVAL (Invalid argument)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} ---
+++ killed by SIGSEGV +++
Segmentation fault


but i dont know what's that "Invalid argument" is and why only in that path...
kolargol
 
Posts: 36
Joined: Thu Sep 23, 2004 5:19 am


Return to grsecurity support