From mboxrd@z Thu Jan  1 00:00:00 1970
From: Wolfram Schlich <lists@wolfram.schlich.org>
Subject: Re: PaX killing conntrackd (strange "execution attempt")
Date: Fri, 14 Nov 2008 16:09:08 +0100
Message-ID: <20081114150908.GV26975@bla.fasel.org>
References: <20081113100309.GH26975@bla.fasel.org> <20081113132723.GK26975@bla.fasel.org> <20081113174138.GM26975@bla.fasel.org> <20081113201042.GN26975@bla.fasel.org> <491D6927.3010701@netfilter.org>
Mime-Version: 1.0
Return-path: <netfilter-owner@vger.kernel.org>
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bla.fasel.org; h=date:from
	:to:subject:message-id:references:mime-version:content-type:
	in-reply-to; s=mx; bh=RO9YFWrqudA5cTYyWCqtZ+X5wkc=; b=JDR6WultAW
	4iJWiLvEJtcbGX1GKdfgG9HHfdCFFB2DgKlutEy4qQccLxwkhijik2poNTwSRPFP
	XBJFfsELj/kM6Jumf6DFs6pk49h2DIJmTYyJaea4R0KHLLzJFLhIQp2eryqw8U7f
	R7Y8YUdpZM9ui5FGHgpW56yVb2/sHQL2I=
Content-Disposition: inline
In-Reply-To: <491D6927.3010701@netfilter.org>
Sender: netfilter-owner@vger.kernel.org
List-ID: <netfilter.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: netfilter@vger.kernel.org, pageexec@freemail.hu

* Pablo Neira Ayuso <pablo@netfilter.org> [2008-11-14 12:49]:
> Wolfram Schlich wrote:
>> * Wolfram Schlich <lists@wolfram.schlich.org> [2008-11-13 18:41]:
>>> I've now recompiled conntrack-tools using these CFLAGS:
>>>
>>> 	-march=nocona -O0 -ggdb -DDEBUG
>>>
>>> Also, the binaries were not stripped anymore:
>>>
>>> 	/usr/sbin/conntrackd: ELF 64-bit LSB shared object, x86-64, version 1 
>>> (SYSV), for GNU/Linux 2.6.9, not stripped
>>>
> [...]
>>> I'm now stressing the firewalls with packets.
>>
>> Damnit, it doesn't break! :)
>
> So it seems that it is only triggered with PaX enabled.

I never disabled PaX!

Now I got a core, after more than a day, but it doesn't look good :(

Here's the log entry:
--8<--
11-14 14:25:20 +01:00; hafw2; kern.err; kernel: PAX: From 10.10.10.249: execution attempt in: <NULL>, 00000000-00000000 00000000
11-14 14:25:20 +01:00; hafw2; kern.err; kernel: PAX: terminating task: /usr/sbin/conntrackd(conntrackd):7543, uid/euid: 0/0, PC: 0000000000000000, SP: 00007fffffffb398
11-14 14:25:20 +01:00; hafw2; kern.err; kernel: PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
11-14 14:25:20 +01:00; hafw2; kern.err; kernel: PAX: bytes at SP-8:
--8<--

Here's the backtrace:
--8<--
hafw2 conntrackd-core # gdb /usr/sbin/conntrackd --core conntrackd.core --batch --quiet -ex "thread apply all bt full" -ex "quit"
Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `/usr/sbin/conntrackd -d -C /etc/conntrackd/conntrackd.conf'.
Program terminated with signal 9, Killed.
#0  0x0000000000000000 in ?? () from /lib64/ld-linux-x86-64.so.2

Thread 1 (process 7543):
#0  0x0000000000000000 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#1  0x00007ffff7ba28b5 in ?? ()
No symbol table info available.
#2  0x0000000000000001 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#3  0x00007ffff82197e0 in ?? ()
No symbol table info available.
#4  0x0000000000000000 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
hafw2 conntrackd-core #
--8<--

I also ran "sysctl -w kernel.randomize_va_space=0" before restarting
conntrackd after recompilation as suggested by the PaX team.

Any ideas?
-- 
Regards,
Wolfram Schlich <wschlich@gentoo.org>
Gentoo Linux * http://dev.gentoo.org/~wschlich/