Re: PaX killing conntrackd (strange "execution attempt")

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Wolfram Schlich <lists@wolfram.schlich.org>
To: netfilter@vger.kernel.org, pageexec@freemail.hu
Subject: Re: PaX killing conntrackd (strange "execution attempt")
Date: Fri, 14 Nov 2008 16:09:08 +0100	[thread overview]
Message-ID: <20081114150908.GV26975@bla.fasel.org> (raw)
In-Reply-To: <491D6927.3010701@netfilter.org>

* Pablo Neira Ayuso <pablo@netfilter.org> [2008-11-14 12:49]:
> Wolfram Schlich wrote:
>> * Wolfram Schlich <lists@wolfram.schlich.org> [2008-11-13 18:41]:
>>> I've now recompiled conntrack-tools using these CFLAGS:
>>>
>>> 	-march=nocona -O0 -ggdb -DDEBUG
>>>
>>> Also, the binaries were not stripped anymore:
>>>
>>> 	/usr/sbin/conntrackd: ELF 64-bit LSB shared object, x86-64, version 1 
>>> (SYSV), for GNU/Linux 2.6.9, not stripped
>>>
> [...]
>>> I'm now stressing the firewalls with packets.
>>
>> Damnit, it doesn't break! :)
>
> So it seems that it is only triggered with PaX enabled.

I never disabled PaX!

Now I got a core, after more than a day, but it doesn't look good :(

Here's the log entry:
--8<--
11-14 14:25:20 +01:00; hafw2; kern.err; kernel: PAX: From 10.10.10.249: execution attempt in: <NULL>, 00000000-00000000 00000000
11-14 14:25:20 +01:00; hafw2; kern.err; kernel: PAX: terminating task: /usr/sbin/conntrackd(conntrackd):7543, uid/euid: 0/0, PC: 0000000000000000, SP: 00007fffffffb398
11-14 14:25:20 +01:00; hafw2; kern.err; kernel: PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
11-14 14:25:20 +01:00; hafw2; kern.err; kernel: PAX: bytes at SP-8:
--8<--

Here's the backtrace:
--8<--
hafw2 conntrackd-core # gdb /usr/sbin/conntrackd --core conntrackd.core --batch --quiet -ex "thread apply all bt full" -ex "quit"
Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `/usr/sbin/conntrackd -d -C /etc/conntrackd/conntrackd.conf'.
Program terminated with signal 9, Killed.
#0  0x0000000000000000 in ?? () from /lib64/ld-linux-x86-64.so.2

Thread 1 (process 7543):
#0  0x0000000000000000 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#1  0x00007ffff7ba28b5 in ?? ()
No symbol table info available.
#2  0x0000000000000001 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#3  0x00007ffff82197e0 in ?? ()
No symbol table info available.
#4  0x0000000000000000 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
hafw2 conntrackd-core #
--8<--

I also ran "sysctl -w kernel.randomize_va_space=0" before restarting
conntrackd after recompilation as suggested by the PaX team.

Any ideas?
-- 
Regards,
Wolfram Schlich <wschlich@gentoo.org>
Gentoo Linux * http://dev.gentoo.org/~wschlich/

next prev parent reply	other threads:[~2008-11-14 15:09 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-11-13 10:03 PaX killing conntrackd (strange "execution attempt") Wolfram Schlich
2008-11-13 13:27 ` Wolfram Schlich
2008-11-13 14:42   ` Pablo Neira Ayuso
2008-11-13 16:01     ` Wolfram Schlich
2008-11-13 17:41   ` Wolfram Schlich
2008-11-13 20:10     ` Wolfram Schlich
2008-11-14 12:03       ` Pablo Neira Ayuso
2008-11-14 15:09         ` Wolfram Schlich [this message]
2008-11-14 14:36           ` pageexec
2008-11-17 12:44             ` Pablo Neira Ayuso
2008-11-17 13:09               ` Wolfram Schlich
2008-11-17 12:57                 ` pageexec
2008-11-20 11:48               ` pageexec
2008-11-23 14:07                 ` Wolfram Schlich
2008-11-23 14:24                 ` Pablo Neira Ayuso
2008-11-23 14:29                   ` Wolfram Schlich
2008-11-23 14:36                     ` Pablo Neira Ayuso
2008-11-23 22:03                   ` pageexec
2008-11-24 13:28                     ` Pablo Neira Ayuso
2008-11-14 15:54           ` Wolfram Schlich
2008-11-14 16:18             ` Wolfram Schlich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20081114150908.GV26975@bla.fasel.org \
    --to=lists@wolfram.schlich.org \
    --cc=netfilter@vger.kernel.org \
    --cc=pageexec@freemail.hu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.