Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 22627 - systrace 1.2 broken on gentoo-sources-2.4.20-r5
Summary: systrace 1.2 broken on gentoo-sources-2.4.20-r5
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: x86 Linux
: High major (vote)
Assignee: Jay Pfeifer (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-06-11 11:09 UTC by Jeb Campbell
Modified: 2003-11-19 06:33 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeb Campbell 2003-06-11 11:09:50 UTC 
In automatic policy generation and when running known good policies, the process
dies/systrace kills it with:

systrace: intercept_get_string: ioctl: Bad address

Usually happens with server processes

Reproducible: Always
Steps to Reproduce:
1.Enable systrace in kernel, build systrace userland
2.systrace -A /usr/bin/rsync --daemon --no-detach -4
3.try to rsync to your server
4.die with systrace: intercept_get_string: ioctl: Bad address

Actual Results:  
systrace: intercept_get_string: ioctl: Bad address

Expected Results:  
systrace would generate /root/.systrace/usr_bin_rsync without dying.
Then rsync server could be run as
systrace -AiU /usr/bin/rsync --daemon -4 (securely)
Comment 1 Jeb Campbell 2003-06-11 11:36:41 UTC 
on #gentoo-hardened, they said this should be assigned to pfeifer

I have a patch for gentoo-sources for systrace 1.3, but I get the same results.

I have used a vanilla kernel and patched it, so I know that policy generation should work.

I have been doing alot to fix this, but I'm no kernel guru.

Please email me if I can do anything to help.
Comment 2 Jeb Campbell 2003-07-07 16:55:53 UTC 
Fixed in pfeifer-sources-2.4.21-pre2 with systrace 1.3 (as a side note, 1.4 is out).

As I understand it, this will be the next gentoo-sources (from pfeifer's postings).  Pfeifer, thanks for the great work.

I will close this bug when the new gentoo-sources comes out.

Jeb Campbell
jebc@c4solutions.net
Comment 3 Jay Pfeifer (RETIRED) gentoo-dev 2003-07-07 17:04:05 UTC 
sorry, i meant to post an update to this bug when i thought i had it fixed. glad you caught it. 
 
yes, the pfeifer-sources-2.4.21_preX series is destined for gentoo-sources. 
 
Jay
Comment 4 Jay Pfeifer (RETIRED) gentoo-dev 2003-07-07 17:09:48 UTC 
oh, and yes, i worked in 1.4 to pre3 back on the 3rd. I'm going to try and wrap-up diffs for 
pre3 in the next 24-hours. 
 
Thanks, 
 
Jay
Comment 5 Jay Pfeifer (RETIRED) gentoo-dev 2003-07-13 21:13:49 UTC 
feedback for systrace 1.4 on pfeifer-sources-2.4.21_pre3 would be great... i'm just about ready to roll this into gentoo-sources.

Thanks,

Jay
Comment 6 Jeb Campbell 2003-07-14 09:55:35 UTC 
Just compiled and tested here with same config (plus the new Apple FS -- thanks for that one).

Systrace works great.  Let me know if I can do anything else.

Jeb Campbell
jebc@c4solutions.net
Comment 7 Toby Dickenson 2003-07-26 17:26:54 UTC 
see also the patch in #18715 for 2.4.20-r2, which is still working for me in -r5
Comment 8 Toby Dickenson 2003-08-07 09:02:02 UTC 
systrace in 2.4.21-pfeifer-r1_pre4 is working well for me
Comment 9 Markus Nigbur (RETIRED) gentoo-dev 2003-11-19 06:33:33 UTC 
see comment #2, comment #3