Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 338572

Summary: "netstat -x" fails with "warning, got bogus unix line." on sys-kernel/hardened-sources-2.6.34-r6
Product: Gentoo Linux Reporter: Aleister <maxtaager>
Component: HardenedAssignee: The Gentoo Linux Hardened Kernel Team (OBSOLETE) <hardened-kernel+disabled>
Status: RESOLVED FIXED    
Severity: normal CC: felix.schuster, idl0r, kfm
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: the kernel config for the box in question

Description Aleister 2010-09-24 15:43:38 UTC 
after i upgraded the kernel i am starting to see these messages popup till now ckhrootkit and netstat produces those lines

Reproducible: Always

Steps to Reproduce:
1.run netstat
2.see the messages
3. scratch your head




Portage 2.1.8.3 (hardened/linux/amd64/10.0/no-multilib, gcc-4.4.4, glibc-2.11.2-r0, 2.6.34-hardened-r6 x86_64)
=================================================================
System uname: Linux-2.6.34-hardened-r6-x86_64-Intel-R-_Atom-TM-_CPU_330_@_1.60GHz-with-gentoo-1.12.13
Timestamp of tree: Fri, 24 Sep 2010 00:45:02 +0000
distcc 3.1 x86_64-pc-linux-gnu [disabled]
app-shells/bash:     4.0_p37
dev-lang/python:     2.6.5-r3, 3.1.2-r4
dev-util/cmake:      2.8.1-r2
sys-apps/baselayout: 1.12.13
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.65-r1
sys-devel/automake:  1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.4.4-r1
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/usr/distdir"
EMERGE_DEFAULT_OPTS="--with-bdeps y --jobs 3 --load-average 6"
FEATURES="assume-digests distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
GENTOO_MIRRORS="http://gentoo.tiscali.nl/"
LANG="en_GB.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="acl amd64 bash-completion berkdb bzip2 cli cracklib crypt cups cxx dri epoll gdbm glibc-omitfp gpm hardened iconv justify logrotate mmx modules ncurses nls nptl nptlonly openmp pam pcre perl pic pppd python readline reflection sasl session sse sse2 ssl ssse3 sysfs syslog threads unicode urandom xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nouveau nv r128 radeon savage sis tdfx trident vesa via vmware voodoo" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, FFLAGS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Aleister 2010-09-24 15:52:47 UTC 
Created attachment 248528 [details]
the kernel config for the box in question
Comment 2 Anthony Basile gentoo-dev 2010-09-24 19:18:45 UTC 
I can't reproduce this on a similar system.  Can you give me more information:

1) Let me see the netstat command plus flags that produces this.  Cut and paste the entire output from netstat.  Also, give me the version of netstat.
 
2) Did it happen only on upgrade of the kernel?  Can you boot into an earlier kernel that doesn't produce this behavior and a kernel which does.  Let me know which kernel does not produce the problem.

3) Have you compared to the corresponding vanilla --- I always put that info in the Changelog.  In this case its vanilla 2.6.34.7
Comment 3 Anthony Basile gentoo-dev 2010-09-25 23:32:01 UTC 
Never mind, I just hit it.  *sigh*  This is what happens when you have to fast track stabilization.

The problem occurs when you try to get netstat to report on unix sockets in any state.  Its okay for tcp or udp sockets.  Please test if any apps using unix sockets show signs of badness and report on this bug.

I'll be testing newer patches from upstream to see if this is fixed, otherwise I'll try to trace it down and prepare our own fix.
Comment 4 Anthony Basile gentoo-dev 2010-09-25 23:45:22 UTC 
Never mind again.  Its fixed upstream.  See http://forums.grsecurity.net/viewtopic.php?f=3&t=2439
Comment 5 Anthony Basile gentoo-dev 2010-09-28 08:56:39 UTC 
Since grsec upstream is dropping support for 2.6.34, I've moved to 2.6.35 which includes this fix. The first 2.6.35 ebuild is now in the tree.

I'm leaving this bug open in case there's any other issues arising from the changed format of /proc/net/unix.  I'll close it when 2.6.34-r6 is deprecated.
Comment 6 Anthony Basile gentoo-dev 2010-12-20 23:47:14 UTC 
ust stabilized hardened-sources-2.6.32-r31.ebuild and hardened-sources-2.6.36-r6.ebuild which include the fix.  Closing.