Re: PaX killing conntrackd (strange "execution attempt")

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Wolfram Schlich <lists@wolfram.schlich.org>
To: netfilter@vger.kernel.org
Subject: Re: PaX killing conntrackd (strange "execution attempt")
Date: Thu, 13 Nov 2008 17:01:25 +0100	[thread overview]
Message-ID: <20081113160125.GL26975@bla.fasel.org> (raw)
In-Reply-To: <491C3CC5.8090402@netfilter.org>

* Pablo Neira Ayuso <pablo@netfilter.org> [2008-11-13 15:43]:
> Wolfram Schlich wrote:
> > Here's the answer from the PaX team, for those who might be interested:
> > 
> > * pageexec@freemail.hu <pageexec@freemail.hu> [2008-11-13 14:18]:
> >> On 13 Nov 2008 at 11:03, Wolfram Schlich wrote:
> >>> --8<--
> >>> 2008-11-13 07:38:34 +01:00; hafw2; kern.notice; kernel: ip4t_FW DENY_IN: IN=eth1 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=XX.XXX.XX.XX DST=XX.XX.XXX.X LEN=48 TO
> >>> S=0x00 PREC=0x00 TTL=118 ID=23801 DF PROTO=TCP SPT=2608 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
> >>> 2008-11-13 07:38:34 +01:00; hafw2; kern.err; kernel: PAX: execution attempt in: <NULL>, 00000000-00000000 00000000
> >>> 2008-11-13 07:38:34 +01:00; hafw2; kern.err; kernel: PAX: terminating task: /usr/sbin/conntrackd(conntrackd):6562, uid/euid: 0/0, PC: 0000000000000000, SP: 0000797077f7ea48
> >>> 2008-11-13 07:38:34 +01:00; hafw2; kern.err; kernel: PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
> >>> 2008-11-13 07:38:34 +01:00; hafw2; kern.err; kernel: PAX: bytes at SP-8:
> >>> 2008-11-13 07:38:34 +01:00; hafw2; kern.alert; kernel: grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/conntrackd[conntrackd:
> >>> 6562] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
> >>> --8<--
> >>>
> >>> The log messages look somewhat strange, especially the 'NULL',
> >>> '000..' and '??' parts :) I've always only seen such messages
> >>> with a more meaningful content so far, thus I'm a bit confused.
> >>>
> >>> What might be the reason for that?
> >> this is a null function pointer dereference problem on the surface and you'll have to
> >> debug it to get more info. i wonder why nothing shows up in the stack dump however,
> >> maybe there's more corruption here behind the scenes. once you get the coredumps (and
> >> i hope you have debug info saved away ;) we can get a backtrace and other things. also
> >> disable randomization in /proc/sys/... so that results are comparable. best would be
> >> to find a way to directly trigger this crash, then you could have a live gdb session
> >> instead of coredump analysis.
> > 
> > I'll take care of these suggestions now and let you know
> > about any news.
> 
> Thank you. BTW, what version of conntrackd is triggering this problem?
> Is it latest 0.9.8?

Yep, as you can see from my initial mail :)
-- 
Regards,
Wolfram Schlich <wschlich@gentoo.org>
Gentoo Linux * http://dev.gentoo.org/~wschlich/

next prev parent reply	other threads:[~2008-11-13 16:01 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-11-13 10:03 PaX killing conntrackd (strange "execution attempt") Wolfram Schlich
2008-11-13 13:27 ` Wolfram Schlich
2008-11-13 14:42   ` Pablo Neira Ayuso
2008-11-13 16:01     ` Wolfram Schlich [this message]
2008-11-13 17:41   ` Wolfram Schlich
2008-11-13 20:10     ` Wolfram Schlich
2008-11-14 12:03       ` Pablo Neira Ayuso
2008-11-14 15:09         ` Wolfram Schlich
2008-11-14 14:36           ` pageexec
2008-11-17 12:44             ` Pablo Neira Ayuso
2008-11-17 13:09               ` Wolfram Schlich
2008-11-17 12:57                 ` pageexec
2008-11-20 11:48               ` pageexec
2008-11-23 14:07                 ` Wolfram Schlich
2008-11-23 14:24                 ` Pablo Neira Ayuso
2008-11-23 14:29                   ` Wolfram Schlich
2008-11-23 14:36                     ` Pablo Neira Ayuso
2008-11-23 22:03                   ` pageexec
2008-11-24 13:28                     ` Pablo Neira Ayuso
2008-11-14 15:54           ` Wolfram Schlich
2008-11-14 16:18             ` Wolfram Schlich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20081113160125.GL26975@bla.fasel.org \
    --to=lists@wolfram.schlich.org \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.