Building the new hardened-3.8.6 sources I have the following problem with snort: [3711102.960848] PAX: size overflow detected in function ptr_to_compat /usr/src/linux-3.8.6-hardened/arch/x86/include/asm/compat.h:293 cicus.53_4 min, count: 4 [3711102.960853] Pid: 15875, comm: snort Not tainted 3.8.6-hardened #14 [3711102.960854] Call Trace: [3711102.960862] [<ffffffff8111fe64>] report_size_overflow+0x24/0x30 [3711102.960865] [<ffffffff8104599c>] copy_siginfo_to_user32+0x21c/0x240 [3711102.960868] [<ffffffff81046188>] ia32_setup_rt_frame+0x218/0x3b0 [3711102.960871] [<ffffffff810025b9>] do_signal+0x1b9/0x600 [3711102.960875] [<ffffffff81072bba>] ? hrtimer_cancel+0x1a/0x30 [3711102.960878] [<ffffffff81db3087>] ? page_fault+0x27/0x30 [3711102.960882] [<ffffffff810320b9>] ? do_page_fault+0x9/0x20 [3711102.960884] [<ffffffff81db3087>] ? page_fault+0x27/0x30 [3711102.960887] [<ffffffff81002a67>] do_notify_resume+0x67/0x80 [3711102.960889] [<ffffffff81db393d>] int_signal+0x12/0x17 About the only unusual thing here is that it's a 32-bit binary on a 64-bit kernel. After this the process doesn't do very much anymore. Disabling CONFIG_PAX_SIZE_OVERFLOW fixes it. It doesn't happen all the time, mostly when there is little traffic. Reproducible: Sometimes Steps to Reproduce: 1. Build and install kernel 2. Run several copies of snort 3. Look in dmesg Actual Results: Kernel error messages a above. Expected Results: No output
Please try with hardened-sources-3.10.1. Upstream will want to see if the failure is still happening on their latest grsecurity patches.
i think this was CVE-2013-2141.
Okay, 3.8.6 is off the tree and this is likely a known issue. @user, please use a newer version of hardened-sources.
Ok, thanks for the feedback. We'll try upgrading and see which new bugs we run into...
