Created attachment 347326 [details] abrt_report.log, dmesg.log and util-linux-2.23-build.log grsec: From 127.0.0.6: denied RWX mmap of <anonymous mapping> by /var/tmp/portage/sys-apps/util-linux-2.23/work/util-linux-2.23/setarch[setarch:31531] uid/euid:250/250 gid/egid:250/250, parent /var/tmp/portage/sys-apps/util-linux-2.23/work/util-linux-2.23/tests/ts/misc/setarch[setarch:31489] uid/euid:250/250 gid/egid:250/250 setarch[31531]: segfault at 0 ip 000002244dc32814 sp 000003aa9fe134e0 error 4 in libsandbox.so[2244dc28000+11000] grsec: From 127.0.0.6: Segmentation fault occurred at (nil) in /var/tmp/portage/sys-apps/util-linux-2.23/work/util-linux-2.23/setarch[setarch:31531] uid/euid:250/250 gid/egid:250/250, parent /var/tmp/portage/sys-apps/util-linux-2.23/work/util-linux-2.23/tests/ts/misc/setarch[setarch:31489] uid/euid:250/250 gid/egid:250/250 Portage 2.2.0_alpha174 (hardened/linux/amd64/selinux, gcc-4.8.0, glibc-2.17, 3.8.11-pax.x86_64 x86_64) ================================================================= System Settings ================================================================= System uname: Linux-3.8.11-pax.x86_64-x86_64-Intel-R-_Core-TM-2_Quad_CPU_Q9300_@_2.50GHz-with-gentoo-2.2 KiB Mem: 6114284 total, 176356 free KiB Swap: 10484724 total, 10238552 free Timestamp of tree: Sat, 04 May 2013 08:15:01 +0000 ld GNU gold (GNU Binutils 2.23.2) 1.11 ccache version 3.1.9 [disabled] app-shells/bash: 4.2_p45 dev-java/java-config: 2.2.0 dev-lang/python: 2.5.4-r5, 2.6.8-r1, 2.7.4::custom, 3.1.5-r1, 3.2.4, 3.3.1 dev-util/ccache: 3.1.9 dev-util/cmake: 2.8.10.2-r2 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.11.8 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.12.6, 1.13.1 sys-devel/binutils: 2.23.2 sys-devel/gcc: 4.6.4, 4.7.2-r1, 4.8.0 sys-devel/gcc-config: 1.8 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.8 (virtual/os-headers) sys-libs/glibc: 2.17 Repositories: gentoo systemd hardened-dev gnome custom Installed sets: @local ACCEPT_KEYWORDS="amd64 x86 ~amd64 ~x86" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-Wall -Wextra -ggdb -march=native -pipe -O3 -fno-tree-vectorize -frecord-gcc-switches" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/polkit-1/actions /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo" CXXFLAGS="-Wall -Wextra -ggdb -march=native -pipe -O3 -fno-tree-vectorize -frecord-gcc-switches" DISTDIR="/var/portage/distfiles" EMERGE_DEFAULT_OPTS="--keep-going" FCFLAGS="-Wall -Wextra -ggdb -march=native -pipe -O3 -fno-tree-vectorize -frecord-gcc-switches" FEATURES="assume-digests binpkg-logs buildpkg collision-protect config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox selinux sesandbox sfperms split-elog split-log splitdebug strict test test-fail-continue unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync webrsync-gpg xattr" FFLAGS="-Wall -Wextra -ggdb -march=native -pipe -O3 -fno-tree-vectorize -frecord-gcc-switches" GENTOO_MIRRORS="http://mirrors.163.com/gentoo http://distfiles.gentoo.org" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu -Wl,--icf=safe" MAKEOPTS="V=1 -j10" PKGDIR="/var/portage/packages-amd64" PORTAGE_BZIP2_COMMAND="lbzip2" PORTAGE_COMPRESS="xz" PORTAGE_COMPRESS_FLAGS="-9ef" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="--ipv4" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/systemd /var/lib/layman/hardened-development /var/lib/layman/gnome /usr/local/portage" SYNC="rsync://mirrors.ustc.edu.cn/gentoo-portage" USE="X acl alsa amd64 audit bash-completion berkdb bzip2 c++0x cairo caps cli cracklib crypt custom-cflags cxx dbus dri ffmpeg gdbm gmp gnome gpm gtk gtk3 hardened iconv icu ipv6 jit jpeg jpeg2k justify lzma mmx modules mudflap multilib ncurses nls nptl open_perms opengl openmp orc pam pax_kernel pcre png pulseaudio qt4 readline selinux session sse sse2 ssl svg systemd tcpd threads tiff udev unicode urandom vim-syntax xattr xinetd zlib" ABI_X86="x32 32 64" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" DRACUT_MODULES="btrfs caps dmsquash-live gensplash livenet lvm nfs ssh-client syslog systemd" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en en_US zh zh_CN" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="pypy1_9 pypy2_0 python3_1 python3_2 python3_3 python2_5 python2_6 python2_7" QEMU_SOFTMMU_TARGETS="x86_64 arm mips64el ppc64" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="nouveau nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" USE_PYTHON="2.7-pypy-1.9 2.7-pypy-2.0 3.1 3.2 3.3 2.5 2.6 2.7" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND ================================================================= Package Settings ================================================================= sys-apps/util-linux-2.23 was built with the following: USE="bash-completion cramfs (multilib) ncurses nls (selinux) suid test udev unicode -cytune -fdformat -old-linux -slang -static-libs -tty-helpers"
someone on the hardened team will have to poke this
i'm going to guess it's due to the -Z flag: -Z, --mmap-page-zero turns on MMAP_PAGE_ZERO and i'm going to guess hardened kernels disallow that
(In reply to SpanKY from comment #2) > i'm going to guess it's due to the -Z flag: > -Z, --mmap-page-zero turns on MMAP_PAGE_ZERO > > and i'm going to guess hardened kernels disallow that I'm not sure what's going on here because $ uname -m x86_64 $ setarch i386 -Z $ uname -m i686 $ uname -r 3.11.8-hardened I am using util-linux 2.24.1-r3. @Alphat-PC. I know this is an old bug, but can you reproduce it?
Still happens with sys-apps/util-linux-2.24.1-r3 and sys-apps/util-linux-2.25.2, dmesg: [4537878.542023] grsec: denied RWX mmap of <anonymous mapping> by /var/tmp/portage/sys-apps/util-linux-2.24.1-r3/work/util-linux-2.24.1-abi_x86_64.amd64/setarch[setarch:14197] uid/euid:250/250 gid/egid:250/250, parent /var/tmp/portage/sys-apps/util-linux-2.24.1-r3/work/util-linux-2.24.1/tests/ts/misc/setarch[setarch:14155] uid/euid:250/250 gid/egid:250/250 [4537878.542029] setarch[14197]: segfault at 0 ip 000003103c088a64 sp 000003b849f66a40 error 4 in libsandbox.so[3103c07e000+12000] [4537878.542037] grsec: Segmentation fault occurred at (nil) in /var/tmp/portage/sys-apps/util-linux-2.24.1-r3/work/util-linux-2.24.1-abi_x86_64.amd64/setarch[setarch:14197] uid/euid:250/250 gid/egid:250/250, parent /var/tmp/portage/sys-apps/util-linux-2.24.1-r3/work/util-linux-2.24.1/tests/ts/misc/setarch[setarch:14155] uid/euid:250/250 gid/egid:250/250 [4538048.580372] grsec: denied RWX mmap of <anonymous mapping> by /var/tmp/portage/sys-apps/util-linux-2.25.2/work/util-linux-2.25.2-abi_x86_64.amd64/setarch[setarch:12117] uid/euid:250/250 gid/egid:250/250, parent /var/tmp/portage/sys-apps/util-linux-2.25.2/work/util-linux-2.25.2/tests/ts/misc/setarch[setarch:11844] uid/euid:250/250 gid/egid:250/250 [4538048.580380] setarch[12117]: segfault at 0 ip 000002c9cc51ba64 sp 000003af10427fd0 error 4 in libsandbox.so[2c9cc511000+12000] [4538048.580392] grsec: Segmentation fault occurred at (nil) in /var/tmp/portage/sys-apps/util-linux-2.25.2/work/util-linux-2.25.2-abi_x86_64.amd64/setarch[setarch:12117] uid/euid:250/250 gid/egid:250/250, parent /var/tmp/portage/sys-apps/util-linux-2.25.2/work/util-linux-2.25.2/tests/ts/misc/setarch[setarch:11844] uid/euid:250/250 gid/egid:250/250 Portage 2.2.8-r2 (hardened/linux/amd64, gcc-4.8.3, glibc-2.19-r1, 3.15.10-hardened-r1 x86_64) ================================================================= System Settings ================================================================= KiB Mem: 65825872 total, 581548 free KiB Swap: 0 total, 0 free Timestamp of tree: Mon, 24 Nov 2014 15:15:01 +0000 ld GNU ld (Gentoo 2.24 p1.4) 2.24 app-shells/bash: 4.2_p53 dev-lang/perl: 5.18.2-r2 dev-lang/python: 2.7.7 dev-util/pkgconfig: 0.28-r1 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.12.4 sys-apps/sandbox: 2.6-r1 sys-devel/binutils: 2.24-r3 sys-devel/gcc: 4.8.3 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4.2-r1 sys-devel/make: 4.0-r1 sys-kernel/linux-headers: 3.16 (virtual/os-headers) sys-libs/glibc: 2.19-r1 Repositories: gentoo nikoli ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=corei7-avx -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0 /usr/share/themes/oxygen-gtk/gtk-3.0 /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=corei7-avx -O2 -pipe" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs cgroup collision-protect config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync network-sandbox news parallel-fetch preserve-libs protect-owned sandbox sfperms strict test unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" LANG="en_US.UTF-8" LDFLAGS="-Wl,--hash-style=gnu -Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j9" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTDIR_OVERLAY="/var/lib/layman/nikoli" USE="X a52 aac acl acpi aes-ni alsa amd64 amr audiofile avx bash-completion bzip2 cairo caps cdda cddb cdio cdparanoia cdr celt cli consolekit cracklib crypt css cups cxx dbus djvu dri dvd dvdr encode exif fat ffmpeg flac fluidsynth fontconfig fortran gd geoip gif gimp gmp gphoto2 graphviz gsm gstreamer gtk handbook hardened iconv icu id3tag idn imagemagick imap imlib ios ipod ipv6 jbig jpeg jpeg2k justify kde kipi lame laptop lcms libass libnotify libproxy libsamplerate lm_sensors lz4 lzma lzo mac mad matroska mikmod mmx mmxext mng modplug modules mp3 mp4 mtp multilib musepack musicbrainz ncurses networkmanager nls nptl ntfs ogg openal openexr opengl openmp opus pam pango pax_kernel pcre pdf phonon plasma pm-utils png policykit postscript qt3support qt4 rar raw readline reiserfs replaygain rtmp sasl scanner semantic-desktop session smp sndfile socks5 speex spell sqlite sse sse2 sse3 sse4_1 ssl ssse3 startup-notification svg symlink taglib threads thumbnail tiff truetype udev udisks unicode upnp upower usb v4l v4l2 vcd vdpau vorbis vpx wavpack webkit webp wma x264 xattr xcb xcomposite xface xinerama xml xmp xpm xscreensaver xtpax xv xz zip zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="*" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-minimizer" LINGUAS="ru ru_RU en" NGINX_MODULES_HTTP="access auth_basic autoindex fastcgi gzip rewrite" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby20" USERLAND="GNU" VIDEO_CARDS="radeon r600 modesetting vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, SYNC, USE_PYTHON ================================================================= Package Settings ================================================================= sys-apps/util-linux-2.24.1-r3 was built with the following: USE="bash-completion caps cramfs ncurses nls pam tty-helpers udev unicode -cytune -fdformat -python (-selinux) -slang -static-libs -suid -test" ABI_X86="64 -32 -x32" PYTHON_SINGLE_TARGET="python2_7 -python3_3 -python3_4" PYTHON_TARGETS="python2_7 -python3_3 -python3_4" Do you need some other info, build logs?
eroen@occam /tmp/setarchtest $ eix -e util-linux [U] sys-apps/util-linux Available versions: 2.24.1-r3 (~)2.24.2 2.25.2-r2 2.26.2 (~)2.27 (~)2.27.1 **9999 {bash-completion caps +cramfs cytune fdformat kill ncurses nls pam python +readline selinux slang static-libs +suid systemd test tty-helpers udev unicode ABI_MIPS="n32 n64 o32" ABI_PPC="32 64" ABI_S390="32 64" ABI_X86="32 64 x32" PYTHON_SINGLE_TARGET="python2_7 python3_3 python3_4" PYTHON_TARGETS="python2_7 python3_3 python3_4"} Installed versions: 2.27(19:56:03 07/09/15)(caps ncurses pam static-libs suid test udev unicode -cramfs -fdformat -nls -python -selinux -slang -systemd -tty-helpers ABI_MIPS="-n32 -n64 -o32" ABI_PPC="-32 -64" ABI_S390="-32 -64" ABI_X86="32 64 -x32" PYTHON_SINGLE_TARGET="python2_7 -python3_3 -python3_4" PYTHON_TARGETS="python2_7 python3_3 python3_4") Homepage: https://www.kernel.org/pub/linux/utils/util-linux/ Description: Various useful Linux utilities eroen@occam /tmp/setarchtest $ /usr/bin/setarch i386 -vRFZLXBIST3 --uname-2.6 echo "success" Switching on ADDR_NO_RANDOMIZE. Switching on FDPIC_FUNCPTRS. Switching on MMAP_PAGE_ZERO. Switching on ADDR_COMPAT_LAYOUT. Switching on READ_IMPLIES_EXEC. Switching on ADDR_LIMIT_32BIT. Switching on SHORT_INODE. Switching on WHOLE_SECONDS. Switching on STICKY_TIMEOUTS. Switching on ADDR_LIMIT_3GB. Switching on UNAME26. success eroen@occam /tmp/setarchtest $ LD_PRELOAD=/usr/lib64/libsandbox.so /usr/bin/setarch i386 -vRFZLXBIST3 --uname-2.6Switching on ADDR_NO_RANDOMIZE. Switching on FDPIC_FUNCPTRS. Switching on MMAP_PAGE_ZERO. Switching on ADDR_COMPAT_LAYOUT. Switching on READ_IMPLIES_EXEC. Switching on ADDR_LIMIT_32BIT. Switching on SHORT_INODE. Switching on WHOLE_SECONDS. Switching on STICKY_TIMEOUTS. Switching on ADDR_LIMIT_3GB. Switching on UNAME26. eroen@occam /tmp/setarchtest $ exit logout eroen@occam /tmp/setarchtest $ LD_PRELOAD=/usr/lib64/libsandbox.so /usr/bin/setarch i386 -vRFZLXBIST3 --uname-2.6 echo "success" Switching on ADDR_NO_RANDOMIZE. Switching on FDPIC_FUNCPTRS. Switching on MMAP_PAGE_ZERO. Switching on ADDR_COMPAT_LAYOUT. Switching on READ_IMPLIES_EXEC. Switching on ADDR_LIMIT_32BIT. Switching on SHORT_INODE. Switching on WHOLE_SECONDS. Switching on STICKY_TIMEOUTS. Switching on ADDR_LIMIT_3GB. Switching on UNAME26. Segmentation fault eroen@occam /tmp/setarchtest $ dmesg -H | tail ... [Jan 9 21:44] setarch[13585]: segfault at 0 ip 0000037bdfe02503 sp 000003acd57e07f0 error 4 in libsandbox.so[37bdfdf7000+14000] eroen@occam /tmp/setarchtest $
Created attachment 433846 [details, diff] Use an absolute path when testing setarch This bug is still present in sys-apps/util-linux-2.26.2 $ LD_PRELOAD=/usr/lib64/libsandbox.so setarch i686 echo "success" success -> works $ LD_PRELOAD=/usr/lib64/libsandbox.so setarch i686 -vX /bin/echo "success" Switching on ADDR_NO_RANDOMIZE. Switching on FDPIC_FUNCPTRS. Switching on MMAP_PAGE_ZERO. Switching on ADDR_COMPAT_LAYOUT. Switching on READ_IMPLIES_EXEC. Switching on ADDR_LIMIT_32BIT. Switching on SHORT_INODE. Switching on WHOLE_SECONDS. Switching on STICKY_TIMEOUTS. Switching on ADDR_LIMIT_3GB. success -> works $ cd /bin $ pwd /bin $ LD_PRELOAD=/usr/lib64/libsandbox.so setarch i686 -vX ./echo "success" Switching on ADDR_NO_RANDOMIZE. Switching on FDPIC_FUNCPTRS. Switching on MMAP_PAGE_ZERO. Switching on ADDR_COMPAT_LAYOUT. Switching on READ_IMPLIES_EXEC. Switching on ADDR_LIMIT_32BIT. Switching on SHORT_INODE. Switching on WHOLE_SECONDS. Switching on STICKY_TIMEOUTS. Switching on ADDR_LIMIT_3GB. success -> works $ LD_PRELOAD=/usr/lib64/libsandbox.so setarch i686 -vX echo "success" Switching on ADDR_NO_RANDOMIZE. Switching on FDPIC_FUNCPTRS. Switching on MMAP_PAGE_ZERO. Switching on ADDR_COMPAT_LAYOUT. Switching on READ_IMPLIES_EXEC. Switching on ADDR_LIMIT_32BIT. Switching on SHORT_INODE. Switching on WHOLE_SECONDS. Switching on STICKY_TIMEOUTS. Switching on ADDR_LIMIT_3GB. segmentation fault -> segfaults dmesg: ... grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/setarch[setarch:10328] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/zsh[zsh:9861] uid/euid:1000/1000 gid/egid:1000/1000 setarch[10328]: segfault at 0 ip 00000385fc736f84 sp 0000039654430150 error 4 in libsandbox.so[385fc72c000+16000] grsec: Segmentation fault occurred at (nil) in /usr/bin/setarch[setarch:10328] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/zsh[zsh:9861] uid/euid:1000/1000 gid/egid:1000/1000 grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/bin/setarch[setarch:10328] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/zsh[zsh:9861] uid/euid:1000/1000 gid/egid:1000/1000 If any other executable (e.g. ls, zsh, ...) instead of echo is used the same behaviour is shown: - with a path (relative or absolute) it works - without path it fails with a segmentation fault. Workaround ---------- This does *not* fix the problem but lets the test pass by using an absolute path to echo. diff -ur a/tests/ts/misc/setarch b/tests/ts/misc/setarch --- a/tests/ts/misc/setarch +++ b/tests/ts/misc/setarch @@ -20,6 +20,6 @@ ts_check_test_command "$TS_CMD_SETARCH" -$TS_CMD_SETARCH $(uname -m) -vRFZLXBIST3 --uname-2.6 echo "success" >$TS_OUTPUT 2>&1 +$TS_CMD_SETARCH $(uname -m) -vRFZLXBIST3 --uname-2.6 /bin/echo "success" >$TS_OUTPUT 2>&1 ts_finalize
Sorry mixed up the output: with '-vX' only 'Switching on READ_IMPLIES_EXEC.' is shown by setarch. The other lines are not. Here's the correct output for reference. $ LD_PRELOAD=/usr/lib64/libsandbox.so setarch i686 echo "success" success -> works $ LD_PRELOAD=/usr/lib64/libsandbox.so setarch i686 -vX /bin/echo "success" Switching on READ_IMPLIES_EXEC. success -> works $ cd /bin $ pwd /bin $ LD_PRELOAD=/usr/lib64/libsandbox.so setarch i686 -vX ./echo "success" Switching on READ_IMPLIES_EXEC. success -> works $ LD_PRELOAD=/usr/lib64/libsandbox.so setarch i686 -vX echo "success" Switching on READ_IMPLIES_EXEC. segmentation fault -> segfaults
Another problem solved by an update: util-linux 2.30.2 does not segfault. In my opinion the issue can be closed since the affected versions (util-linux <2.30.2) are no longer in the portage tree.
Thanks for the heads up.
