54272 – Gradm hangs when setting password.

Bug 54272 - Gradm hangs when setting password.

Summary: Gradm hangs when setting password.

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	x86 Linux

Importance:	High critical (vote)
Assignee:	Hardened Gentoo

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-06-17 22:47 UTC by Carlos Averett
Modified:	2004-06-17 22:55 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carlos Averett 2004-06-17 22:47:58 UTC

I built gentoo from the hardened stage1.  Hardened-gcc was unmerged, and I did a ACCEPT_KEYWORDS="~x86" emerge gcc, with -hardened in the use flags.

Kernel used is hardened-dev-sources

When I attempt to have gradm set the password, it prints "written to /etc/grsec/pw", but hangs.  This happens with the gradm ebuild, gradm release from the site, and gradm2 cvs.

When I run a strace on gradm, it seems to be an issue with /dev/random that is causing it to hang.

=== Cut from strace ===
execve("./gradm", ["./gradm", "-P"], [/* 34 vars */]) = 0
uname({sys="Linux", node="www", ...})   = 0
brk(0)                                  = 0xfb9cdfc
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4f896000
open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=23428, ...}) = 0
mmap2(NULL, 23428, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4f897000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200Y\1"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1212376, ...}) = 0
mmap2(NULL, 1133156, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4f89d000
mmap2(0x4f9ac000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x10e) = 0x4f9ac000
mmap2(0x4f9b0000, 6756, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4f9b0000
close(3)                                = 0
munmap(0x4f897000, 23428)               = 0
open("/dev/urandom", O_RDONLY)          = 3
read(3, "\276\36\221\236", 4)           = 4
close(3)                                = 0
geteuid32()                             = 0
getuid32()                              = 0
setrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=0}) = 0
getcwd("/root/gradm2", 4095)            = 13
mlock(0xbc843410, 256)                  = 0
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4f897000
write(1, "Setting up grsecurity RBAC passw"..., 36Setting up grsecurity RBAC password
) = 36
mlock(0xbc842160, 256)                  = 0
write(1, "Password: ", 10Password: )              = 10
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_START or TCSETS, {B38400 opost isig icanon -echo ...}) = 0
read(0, "Letmein\n", 128)               = 8
write(1, "\n", 1
)                       = 1
ioctl(0, SNDCTL_TMR_START or TCSETS, {B38400 opost isig icanon echo ...}) = 0
write(1, "Re-enter Password: ", 19Re-enter Password: )     = 19
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_START or TCSETS, {B38400 opost isig icanon -echo ...}) = 0
read(0, "Letmein\n", 128)               = 8
write(1, "\n", 1
)                       = 1
ioctl(0, SNDCTL_TMR_START or TCSETS, {B38400 opost isig icanon echo ...}) = 0
write(1, "Password written to /etc/grsec/p"..., 35Password written to /etc/grsec/pw.
) = 35
open("/dev/random", O_RDONLY)           = 3
read(3,  <unfinished ...>
=== End Cut ===

It hangs at <unfinished>.

Reproducible: Always
Steps to Reproduce:
1. Install gentoo from hardened stage1
2. Install gcc with -hardened USE flags
3. Install hardened-dev-sources kernel
4. Use gradm

Actual Results:  
It hangs

Expected Results:  
It should have written the password to /etc/grsec/pw

Portage 2.0.50-r8 (hardened-x86-2004.0, gcc-3.3.3, glibc-2.3.3.20040420-r0,
2.6.5-hardened-r5)
=================================================================
System uname: 2.6.5-hardened-r5 i686 Intel(R) Celeron(R) CPU 2.40GHz
Gentoo Base System version 1.4.16
Autoconf: sys-devel/autoconf-2.59-r3
Automake: sys-devel/automake-1.8.3
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O3 -mcpu=pentium2 -march=pentium2 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.2/share/config
/usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O3 -mcpu=pentium2 -march=pentium2 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox sfperms strict"
GENTOO_MIRRORS="ftp:///ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/
http://mirror.tucdemonic.org/gentoo/ http://mirror.datapipe.net/gentoo
ftp://darkstar.ist.utl.pt/pub/gentoo/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acl acpi apache2 arts berkdb chroot crypt curl firebird gd gif gmp gpm
hardened hardenedphp imap ipv6 jpeg libwww mmx mysql ncurses nls pam pdflib perl
pic pie png postgres python readline slang spell ssl tcltk tcpd tiff truetype
x86 xml2 zlib"

Comment 1 Carlos Averett 2004-06-17 22:55:03 UTC

Doh!  Forgot /dev/random blocks when it has insufficient entropy.  Perhaps it might to be useful to add an entry to the user guide?