Kernel booting problem

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Kernel booting problem

Postby Al » Thu Jun 26, 2003 9:46 am

Hi,

I am a beginner in the Linux security, that is why I want to give my excuses for this, may a be foolish, question.

I patched the linux kernel 2.4.21 by grsecurity-1.9.10 patch and configuried kernel with the maximal security level in grsecurity kernel option. After the compiling and installing monolithic kernel on my computer, it starts reboot at the kernel booting process automaticly. I have found that the reason was the kernel boot parameters (nousb nomodules).

Please answer if it is normal for this case and if I have to edit my rc.sysinit script to remove the modues and usb devices initialisation, or there is another way to do it.

P.S. Where can I get som manuals about GRSecurity patch ?

Sencerely yours Al
Al
 
Posts: 5
Joined: Thu Jun 26, 2003 3:34 am

Re: Kernel booting problem

Postby PaX Team » Fri Jun 27, 2003 5:34 am

Al wrote:Please answer if it is normal for this case and if I have to edit my rc.sysinit script to remove the modues and usb devices initialisation, or there is another way to do it.
in theory neither should be necessary, the kernel config doesn't allow you to set up an inconsistent kernel (this mainly concerns KERNEXEC and module support). speaking of KERNEXEC, can you tell me whether you have it enabled or not (the 'high' grsec option enables it automatically if you have module support disabled)? if it's enabled, it would be helpful if you could describe in more detail what happens during the failed boot (e.g., what are the last messages printed on the console, does PaX report a kernel non-exec violation, etc).
P.S. Where can I get some manuals about GRSecurity patch ?
it depends on which part you're interested in. the kernel configuration help describes all options you can enable/disable in the kernel itself, the grsec website has documentation on the ACL system and the PaX website has docs about PaX features.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Thanks for reply

Postby Al » Tue Jul 01, 2003 6:06 am

Hi

First of all I would like to thank you for your reply!

As for the chosen grsec options of the kernel it was "high".
The last message on the console during the failed boot was: "Uncompressing Linux kernel ...... ok Kernel booting".
After that computer waited for a minute and then rebooted.

Sencerely yours Al
Al
 
Posts: 5
Joined: Thu Jun 26, 2003 3:34 am

Re: Thanks for reply

Postby PaX Team » Tue Jul 01, 2003 1:40 pm

Al wrote:The last message on the console during the failed boot was: "Uncompressing Linux kernel ...... ok Kernel booting".
After that computer waited for a minute and then rebooted.
ok, this looks like some KERNEXEC related problem. can you give me the following info: your ld (linker) version, 'readelf -e vmlinux' output (vmlinux is the uncompressed image)?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby Al » Wed Jul 02, 2003 6:20 am

Hi

Thanks again for your help!

I havn't exactly undestood what did you mean about linker Id. So I think this is what you need:
- OS version RH Linux 8.0;
- ld version 2.2.93;
- gcc version 3.2;
- glibc version 2.2.93.

To the command 'readelf -e vmlinux' output was:
Unable to seek to e18efc89 for section headers
Not an ELF file - it has the wrong magic bytes at the start.

Sencerely yours Al
Al
 
Posts: 5
Joined: Thu Jun 26, 2003 3:34 am

Postby PaX Team » Wed Jul 02, 2003 7:53 am

Al wrote:I havn't exactly undestood what did you mean about linker Id.
i meant the GNU linker (ld) version: ld -v.
To the command 'readelf -e vmlinux' output was:
Unable to seek to e18efc89 for section headers
Not an ELF file - it has the wrong magic bytes at the start.
hmm, looks like your kernel image is royally screwed up, no wonder it doesn't boot. i think your ld is of an old version, you should be using at least v2.13. if that's already the case, then we have a bigger mystery here, i'd like to take a look at your kernel image if you can make it available for download.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby Al » Mon Jul 07, 2003 11:16 am

Hi,

My GNU linker version is 2.13.90.0.2 20020802.

May be we have some missunderstuding. In may case computer is booting only if I boot it without any parameters. But when I try to boot it with some parameters, it starts rebooting automatically.

I can send you my vmlinuz file by e-mail only. It will be consists of 2 attached filez in RAR archive.

Sencerely yours Al.
Al
 
Posts: 5
Joined: Thu Jun 26, 2003 3:34 am

Postby PaX Team » Mon Jul 07, 2003 5:36 pm

Al wrote:May be we have some missunderstuding. In may case computer is booting only if I boot it without any parameters. But when I try to boot it with some parameters, it starts rebooting automatically.
ok, i indeed didn't understand it then, this is a problem i've never heard of before. you can try to email your kernel but it may bounce, in that case contact me privately.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby Al » Wed Jul 09, 2003 12:23 pm

Hi,

It is Al. Please give me your e-mail address by privet message system of this forum, where I can send e-mail with attached kernel.

P.S. I had sent you PM with my current e-mail address. Did you receive it?

Sencerely yours Al.
Al
 
Posts: 5
Joined: Thu Jun 26, 2003 3:34 am

Postby PaX Team » Wed Jul 09, 2003 7:07 pm

Al wrote:P.S. I had sent you PM with my current e-mail address. Did you receive it?
yes, i got your mail and answered the same day, looks like you didn't get it (i sent it again now, just in case). i'll also send it here through the board.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to grsecurity support