init and /dev/kmem problems on debian stable

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

init and /dev/kmem problems on debian stable

Postby Sleight of Mind » Wed Sep 24, 2003 10:11 am

I got a weird problem on a debian box. I'm using grsec on plenty of boxes but i've never seen this problem before. The box seems to boot as it is supposed to, but dmesg shows me:
Code: Select all
grsec: attempted write to /dev/kmem by (init:8) UID(0) EUID(0), parent (init:1) UID(0) EUID(0)
grsec: attempted write to /dev/kmem by (init:8) UID(0) EUID(0), parent (init:1) UID(0) EUID(0)
grsec: attempted write to /dev/kmem by (init:8) UID(0) EUID(0), parent (init:1) UID(0) EUID(0)


Then it continues with booting. It comes up as it is supposed to and i can login using ssh. But when i try to call init (ie. `init 6`) init malfunctions and doesn't do anything. dmesg shows me:
Code: Select all
grsec: From 10.0.0.5: attempted write to /dev/kmem by (init:225) UID(0) EUID(0), parent (init:224) UID(0) EUID(0)
grsec: From 10.0.0.5: attempted write to /dev/kmem by (init:225) UID(0) EUID(0), parent (init:224) UID(0) EUID(0)
grsec: From 10.0.0.5: attempted write to /dev/kmem by (init:225) UID(0) EUID(0), parent (init:224) UID(0) EUID(0)


And init outputs:
Code: Select all
# init 6
/dev/null
Init: idt=0xc02b6000, sct[]=0xc02b7554, kmalloc()=0xc019f1b4, gfp=0x1f0
Init: Allocating kernel-code memory...Done, 12677 bytes, base=0xfffffff2
Done, pid=267


Is it just the init binary that is broken or might there be some other problem around?
Sleight of Mind
 
Posts: 92
Joined: Tue Apr 08, 2003 10:41 am

Postby spender » Wed Sep 24, 2003 1:34 pm

Yea, looks like your init is just doing strange things. Do you have any idea why it wants to allocate kernel memory?

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby Sleight of Mind » Wed Sep 24, 2003 1:43 pm

It's just the init that comes with debian i guess, since i never replaced it. I've rebuild the kernel with 'deny writing to /dev/kmem' turned off and everything works fine. No idea what's causing this all tho.
Sleight of Mind
 
Posts: 92
Joined: Tue Apr 08, 2003 10:41 am

Postby hightower » Wed Sep 24, 2003 6:19 pm

Sleight of Mind wrote:It's just the init that comes with debian i guess, since i never replaced it. I've rebuild the kernel with 'deny writing to /dev/kmem' turned off and everything works fine. No idea what's causing this all tho.

funny. I also use Debian on ~500 boxen with grsec and never ever saw this message, only with XFree but that's normal. I really think your init binary is b0rked. Could you verify the md5sum?

ciao, Marc
hightower
 
Posts: 49
Joined: Wed Mar 06, 2002 11:36 am

Postby PaX Team » Wed Sep 24, 2003 9:12 pm

Sleight of Mind wrote:It's just the init that comes with debian i guess, since i never replaced it. I've rebuild the kernel with 'deny writing to /dev/kmem' turned off and everything works fine. No idea what's causing this all tho.
you probably got backdoored by SucKIT, better verify your system.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to grsecurity support