grsecurity forums

Skip to content

glibc upgrade problem 2.4.19 1.9.6

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

glibc upgrade problem 2.4.19 1.9.6

Postby jlaurmi » Thu Aug 15, 2002 3:05 am

Hi

I have problems upgrading glibc in my redhat 7.2 box. Rpm can't run postinstall script cleanly because glibc_post_upgrade always dies with the following error.

Code: Select all
<1>Unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
c026e0e0
*pde = 00000000
Oops: 0000
CPU:    0
EIP:    0010:[<c026e0e0>]    Not tainted
EFLAGS: 00010202
eax: 00000001   ebx: c58e26e0   ecx: 00000000   edx: 00000000
esi: c081be54   edi: fffffff3   ebp: c0ef1000   esp: c081be24
ds: 0018   es: 0018   ss: 0018
Process glibc_post_upgr (pid: 30379, stackpage=c081b000)
Stack: 00000000 00000000 00000000 ffffffff 00000000 c58e26e0 c081be54 fffffff3
       c0ef1000 c013b415 00000000 c0ef1000 464c457f 00010101 00000000 00000000
       00030002 00000001 080480e0 00000034 0006c580 00000000 00200034 00280003
Call Trace:    [<c013b415>] [<c013c3bf>] [<c01074a0>] [<c0108823>]

Code: 8b 32 85 f6 0f 84 80 01 00 00 b9 00 e0 ff ff 21 e1 c7 44 24

This happened with two glibc versions.

I have the following grsec options enabled

altered_pings 1
chroot_caps 1
chroot_deny_chdir 1
chroot_deny_chmod 1
chroot_deny_chroot 1
chroot_deny_fchdir 1
chroot_deny_mknod 1
chroot_deny_mount 1
chroot_deny_pivot 1
chroot_findtask 1
chroot_restrict_nice 1
dmesg 1
execve_limiting 1
fifo_restrictions 1
forkfail_logging 1
linking_restrictions 1
rand_bind 1
rand_ip_ids 1
rand_pids 1
rand_tcp_src_ports 1
signal_logging 1
jlaurmi
 
Posts: 9
Joined: Fri Jun 28, 2002 7:46 am
Top

more information

Postby jlaurmi » Thu Aug 15, 2002 3:35 am

And here is the same error run through ksymoops

Code: Select all
<1>Unable to handle kernel NULL pointer dereference at virtual address 00000000
c026e0e0
*pde = 00000000
Oops: 0000
CPU:    0
EIP:    0010:[<c026e0e0>]    Not tainted
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010202
eax: 00000001   ebx: c58e26e0   ecx: 00000000   edx: 00000000
esi: c081be54   edi: fffffff3   ebp: c0ef1000   esp: c081be24
ds: 0018   es: 0018   ss: 0018
Process glibc_post_upgr (pid: 30379, stackpage=c081b000)
Stack: 00000000 00000000 00000000 ffffffff 00000000 c58e26e0 c081be54 fffffff3
       c0ef1000 c013b415 00000000 c0ef1000 464c457f 00010101 00000000 00000000
       00030002 00000001 080480e0 00000034 0006c580 00000000 00200034 00280003
Call Trace:    [<c013b415>] [<c013c3bf>] [<c01074a0>] [<c0108823>]
Code: 8b 32 85 f6 0f 84 80 01 00 00 b9 00 e0 ff ff 21 e1 c7 44 24

>>EIP; c026e0e0 <gr_acl_bad_env+20/1c0>   <=====
Trace; c013b415 <do_execve+625/6e0>
Trace; c013c3bf <getname+5f/a0>
Trace; c01074a0 <sys_execve+30/60>
Trace; c0108823 <system_call+33/40>
Code;  c026e0e0 <gr_acl_bad_env+20/1c0>
00000000 <_EIP>:
Code;  c026e0e0 <gr_acl_bad_env+20/1c0>   <=====
   0:   8b 32                     mov    (%edx),%esi   <=====
Code;  c026e0e2 <gr_acl_bad_env+22/1c0>
   2:   85 f6                     test   %esi,%esi
Code;  c026e0e4 <gr_acl_bad_env+24/1c0>
   4:   0f 84 80 01 00 00         je     18a <_EIP+0x18a> c026e26a <gr_acl_bad_env+1aa/1c0>
Code;  c026e0ea <gr_acl_bad_env+2a/1c0>
   a:   b9 00 e0 ff ff            mov    $0xffffe000,%ecx
Code;  c026e0ef <gr_acl_bad_env+2f/1c0>
   f:   21 e1                     and    %esp,%ecx
Code;  c026e0f1 <gr_acl_bad_env+31/1c0>
  11:   c7 44 24 00 00 00 00      movl   $0x0,0x0(%esp,1)
Code;  c026e0f8 <gr_acl_bad_env+38/1c0>
  18:   00
jlaurmi
 
Posts: 9
Joined: Fri Jun 28, 2002 7:46 am
Top

Re: more information

Postby PaX Team » Thu Aug 15, 2002 6:07 am

jlaurmi wrote:And here is the same error run through ksymoops

this is a simple lack of checking envpp against NULL in gr_acl_bad_env(), just add it at the very beginning of the function (where gr_acl_is_enabled() is checked as well) and it should be ok.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top

gradm segfault

Postby jlaurmi » Thu Aug 15, 2002 8:17 am

I fixed the previous error simply by putting space into LD_LIBRARY_PATH ( I didn't want to reboot ), but I still have another problem, which appeared after glibc upgrade too. gradm segfaults and I can't disable the acl system therefore. If I copy the gradm binary to some other directory, it doesn't segfault, but it can't access /proc/sys/kernel/grsecurity/acl due the acl restrictions and therefore is useless.

strace gradm:
Code: Select all
execve("/sbin/gradm", ["gradm"], [/* 24 vars */]) = 0
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++


/var/log/messages:
Code: Select all
Aug 15 15:20:35 oblivion kernel: grsec: attempt to mmap [08:02:16110] gradm executable by (gradm:2413) UID(0) EUID(0), parent (strace:19823) UID(0) EUID(0)
Aug 15 15:20:35 oblivion kernel: grsec: signal 11 sent to (gradm:2413) UID(0) EUID(0), parent (strace:19823) UID(0) EUID(0)
jlaurmi
 
Posts: 9
Joined: Fri Jun 28, 2002 7:46 am
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group
cron