276774 – sys-apps/gradm segmentation fault

Bug 276774 - sys-apps/gradm segmentation fault

Summary: sys-apps/gradm segmentation fault

Status:	VERIFIED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	x86 Linux

Importance:	High critical (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-07-06 15:08 UTC by Andreis Vinogradovs ( slepnoga )
Modified:	2010-07-15 12:49 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
kernel config (config-2.6.28-hardened-r7-gw,54.09 KB, text/plain) 2009-07-06 15:11 UTC, Andreis Vinogradovs ( slepnoga )	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreis Vinogradovs ( slepnoga ) 2009-07-06 15:08:09 UTC

gradm segmentation fault in policy generations.

Reproducible: Always

Steps to Reproduce:
1.install hardened system, sys-apps/gradm-2.1.13.200902232204
2.run gradm -F -L /etc/grsec/learning.logs -O /etc/grsec/policy
Actual Results:  
segmentation fault  

Expected Results:  
gw ~ # gradm -F -L /etc/grsec/learning.logs -O /etc/grsec/policy
Beginning full learning 1st pass...done.
Beginning full learning role reduction...done.
Beginning full learning 2nd pass...done.
Beginning full learning subject reduction for user root...done.
Beginning full learning subject reduction for user named...done.
Beginning full learning subject reduction for user postfix...done.
Beginning full learning object reduction for subject /...done.
Segmentation fault  

my emerge --info:
gw ~ # emerge --info
Portage 2.1.6.13 (hardened/linux/x86/2008.0, gcc-3.4.6, glibc-2.9_p20081201-r2, 2.6.28-hardened-r7-gw i686)
=================================================================
System uname: Linux-2.6.28-hardened-r7-gw-i686-Pentium_III_-Coppermine-with-glibc2.3.2
Timestamp of tree: Mon, 06 Jul 2009 14:15:03 +0000
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p39
dev-lang/python:     2.5.4-r3
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.63
sys-devel/automake:  1.5, 1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium3 -mtune=pentium3 -pipe -fstack-protector"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O2 -march=pentium3 -mtune=pentium3 -pipe -fstack-protector"
DISTDIR="/usr/portage/distfiles"
FEATURES="buildpkg ccache distlocks fixpackages metadata-transfer parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv"
FFLAGS="-O2"
GENTOO_MIRRORS="http://gentoo.tups.lv/source"
LANG="ru_RU.UTF-8"
LC_ALL="C"
LDFLAGS="-Wl,-O1"
LINGUAS="ru"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_COMPRESS="lzma"
PORTAGE_COMPRESS_FLAGS="-6"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/my"
SYNC="rsync://gentoo.tups.lv/gentoo-portage"
USE="acl alsa berkdb bzip2 cli cracklib crypt cups dri fortran gdbm gpm hardened iconv isdnlog logrotate midi mudflap ncurses nptl nptlonly pam pcre perl pic postgres pppd profile python readline reflection session spl sqlite sqlite3 ssl symlink sysfs tcpd unicode urandom x86 xorg zlib" ALSA_CARDS="null" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias asis auth_digest authn_dbd cern_meta charset_lite dbd dumpio ident imagemap log_forensic proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http substitute version" ELIBC="glibc" KERNEL="linux" LINGUAS="ru" USERLAND="GNU"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_RSYNC_EXTRA_OPTS

Comment 1 Andreis Vinogradovs ( slepnoga ) 2009-07-06 15:10:23 UTC

gw ~ # gradm --version
gradm v2.1.13
Licensed under the GNU General Public License (GPL) version 2 or higher
Copyright 2002,2003,2004  Brad Spengler

Comment 2 Andreis Vinogradovs ( slepnoga ) 2009-07-06 15:11:21 UTC

Created attachment 196913 [details]
kernel config

Comment 3 Gordon Malm (RETIRED) gentoo-dev

2009-07-06 16:43:30 UTC

Please remove -fstack-protector from CFLAGS and CXXFLAGS and 'emerge -e gradm'.  The hardened profile/gcc applies -fstack-protector and -fstack-protector-all where it is safe to do so already.

Also (and you may want to do this first) please give the machine a few passes with memtest86+ if possible (non-24/7 production hopefully).  The system could be getting a little long in the tooth; eventually capacitors and various electronic components will wear out, etc.

Hope it helps.  Re-open if you continue to have issues after completing the above steps.

Comment 4 Gordon Malm (RETIRED) gentoo-dev

2009-08-21 19:08:52 UTC

Fixed in CVS, see bug 281512.

Comment 5 Gordon Malm (RETIRED) gentoo-dev

2009-08-21 19:09:20 UTC

er, re-opening so it can be closed properly

Comment 6 Gordon Malm (RETIRED) gentoo-dev

2009-08-21 19:09:32 UTC

closing as fixed.