231504 – cannot unset PAX_MPROTECT with RSBAC softmode sysrq-alt-x or /proc/sys/kernel/pax/softmode

Bug 231504 - cannot unset PAX_MPROTECT with RSBAC softmode sysrq-alt-x or /proc/sys/kernel/pax/softmode

Summary: cannot unset PAX_MPROTECT with RSBAC softmode sysrq-alt-x or /proc/sys/kernel...

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	x86 Linux

Importance:	High normal (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-07-11 13:35 UTC by Paul Dodd
Modified:	2009-01-29 17:16 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Paul Dodd 2008-07-11 13:35:58 UTC

When trying to install sun-jdk running rsbac 2.6.21 r1 or rsbac 2.6.23 r1 (dependancy required by "emerge itext") the install process was terminated by PAX.



Reproducible: Always

Steps to Reproduce:
1.emerge sun-jdk
2.
3.

Actual Results:  
The following appeeared on the console
Jul 11 10:58:36 amythyst PAX: execution attempt in: <anonymous mapping>, 4d4b6000-4d4de000 4d4b6000
Jul 11 10:58:36 amythyst PAX: terminating task: /var/tmp/portage/dev-java/sun-jdk-1.6.0.06/work/jdk1.6.0_06/bin/java(java):3828, uid/euid: 0/0, PC: 4d4b6040, SP: 4f599fcc
Jul 11 10:58:36 amythyst PAX: bytes at PC: 55 8b 6c 24 08 53 56 9c 58 50 8b c8 81 f0 00 00 04 00 50 9d 
Jul 11 10:58:36 amythyst PAX: bytes at SP-4: 00000002 4f98e2ae 4f9f37e0 4ff7cf54 4ff45e54 00000003 00000000 00000005 00000002 4d4b6040 00000006 ffffffff ffffffff 0000000c 4f9ee6a8 00000000 4fe79fb7 00000098 4ff45e54 4ff47140 00000024

The install was terminated

Expected Results:  
After activating softmode with sysrq-alt-x no messages from PAX should appear. The install of itext should be successful.

By setting PAX_MPROTECT=n in the kernel configuration and rebooting into the new kernel it was possible to work around this problem. Other things tried such as
echo '1'>/proc/sys/kernel/pax/softmode
booting into an RSBAC maintenance kernel had no effect.

Comment 1 Rumen Yotov 2009-01-17 15:07:59 UTC

Hi,

Could you try the latest versions - rsbac-2.6.27.10 & PaX for it.
There're no ebuilds for them, but you can compile the kernel manually and use the 1.3.7 ebuild for 1.4.0 (in local overlay) - it works.
At the moment i don't have PaX activated so can't test, but later will try.
Maybe RSBAC maintenance-kernel doesn't deactivate PaX, just RSBAC.
HTH, Rumen

Comment 2 Paul Dodd 2009-01-28 15:57:13 UTC

I downloaded and compiled a kernel with RSBAC and PAX from http://enhanced.rsbac.org/2.6/2.6.27/: "linux-2.6.27.10-rsbac-1.4.0-pax-test29.tar.bz2". I was not able to boot this kernel on my gentoo system. Even disabling RSBAC in the kernel configuration did not work. The console just showed a two column display with what seems to be old output from memory. No error messages are shown. The .config file was produced from an older (working) .config file. Probably there is something obvious that I am missing.

Comment 3 Gordon Malm (RETIRED) gentoo-dev

2009-01-29 17:16:45 UTC

Please report RSBAC bugs to the RSBAC project directly.  Please reference:

http://archives.gentoo.org/gentoo-hardened/msg_24d73cabfd148aa5a3ae46dba602908d.xml

Thanks.