Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 281512 - sys-apps/gradm 2.1.13 segfaults when attempting to generate new rules
Summary: sys-apps/gradm 2.1.13 segfaults when attempting to generate new rules
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: AMD64 Linux
: High critical (vote)
Assignee: The Gentoo Linux Hardened Team
URL: http://forums.grsecurity.net/viewtopi...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-14 21:16 UTC by Matthew Thode ( prometheanfire )
Modified: 2009-08-21 19:07 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
proposed patch (patch,501 bytes, patch)
2009-08-14 21:17 UTC, Matthew Thode ( prometheanfire ) 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2009-08-14 21:16:36 UTC 
crash occurs after generating debug information and trying to use gradm to parse it for rules
it is fixed with the attached patch

Reproducible: Always

Steps to Reproduce:
1. gradm -F -L /etc/grsec/learning.log
2. gradm -D
3. gradm -F -L /etc/grsec/learning.log -O /etc/grsec/learning.roles

Actual Results:  
gradm -F -L /etc/grsec/learning.log -O /etc/grsec/learning.roles
Beginning full learning 1st pass...done.
Beginning full learning role reduction...done.
Beginning full learning 2nd pass...done.
Beginning full learning subject reduction for user root...done.
Beginning full learning subject reduction for user portage...done.
Beginning full learning object reduction for subject /...done.
Segmentation Fault

Expected Results:  
gradm -F -L /etc/grsec/learning.log -O /etc/grsec/learning.roles
Beginning full learning 1st pass...done.
Beginning full learning role reduction...done.
Beginning full learning 2nd pass...done.
Beginning full learning subject reduction for user root...done.
Beginning full learning subject reduction for user portage...done.
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject /bin/bash...done.
Beginning full learning object reduction for subject /bin/bzip2...done.
Beginning full learning object reduction for subject /bin/cat...done.
Beginning full learning object reduction for subject /bin/chmod...done.
Beginning full learning object reduction for subject /bin/chown...done.
Beginning full learning object reduction for subject /bin/cp...done.
Beginning full learning object reduction for subject /bin/gawk-3.1.6...done.
Beginning full learning object reduction for subject /bin/grep...done.
Beginning full learning object reduction for subject /bin/ln...done.
Beginning full learning object reduction for subject /bin/mkdir...done.
Beginning full learning object reduction for subject /bin/mktemp...done.
Beginning full learning object reduction for subject /bin/mv...done.
Beginning full learning object reduction for subject /bin/rm...done.
Beginning full learning object reduction for subject /bin/rmdir...done.
Beginning full learning object reduction for subject /bin/sed...done.
Beginning full learning object reduction for subject /bin/sort...done.
Beginning full learning object reduction for subject /bin/tar...done.
Beginning full learning object reduction for subject /bin/touch...done.
Beginning full learning object reduction for subject /usr/bin/aclocal-1.10...done.
Beginning full learning object reduction for subject /usr/bin/autoconf-2.63...done.
Beginning full learning object reduction for subject /usr/bin/autoheader-2.63...done.
Beginning full learning object reduction for subject /usr/bin/autom4te-2.63...done.
Beginning full learning object reduction for subject /usr/bin/automake-1.10...done.
Beginning full learning object reduction for subject /usr/bin/cc...done.
Beginning full learning object reduction for subject /usr/bin/diff...done.
Beginning full learning object reduction for subject /usr/bin/file...done.
Beginning full learning object reduction for subject /usr/bin/find...done.
Beginning full learning object reduction for subject /usr/bin/gmake...done.
Beginning full learning object reduction for subject /usr/bin/install...done.
Beginning full learning object reduction for subject /usr/bin/libtoolize...done.
Beginning full learning object reduction for subject /usr/bin/m4...done.
Beginning full learning object reduction for subject /usr/bin/patch...done.
Beginning full learning object reduction for subject /usr/bin/sandbox...done.
Beginning full learning object reduction for subject /usr/bin/x86_64-pc-linux-gnu-g++...done.
Beginning full learning object reduction for subject /usr/bin/x86_64-pc-linux-gnu-gcc...done.
Beginning full learning object reduction for subject /usr/bin/xargs...done.
Beginning full learning object reduction for subject /usr/lib64/misc/ac-wrapper.sh...done.
Beginning full learning object reduction for subject /usr/lib64/misc/am-wrapper.sh...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/check-implicit-pointer-usage.py...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/ebuild...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/ebuild-helpers/dodoc...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/ebuild-helpers/ecompress...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/ebuild-helpers/ecompressdir...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/ebuild-helpers/emake...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/ebuild-helpers/prepall...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/ebuild-helpers/prepallinfo...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/ebuild-helpers/prepallman...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/ebuild-helpers/prepallstrip...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/ebuild-helpers/prepman...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/ebuild-helpers/prepstrip...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/ebuild.sh...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/emerge...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/etc-update...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/filter-bash-environment.py...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/misc-functions.sh...done.
Beginning full learning object reduction for subject /usr/lib64/portage/bin/portageq...done.
Beginning full learning object reduction for subject /usr/libexec/gcc/x86_64-pc-linux-gnu/3.4.6/cc1...done.
Beginning full learning object reduction for subject /usr/libexec/gcc/x86_64-pc-linux-gnu/3.4.6/cc1plus...done.
Beginning full learning object reduction for subject /usr/libexec/gcc/x86_64-pc-linux-gnu/3.4.6/collect2...done.
Beginning full learning object reduction for subject /usr/x86_64-pc-linux-gnu/binutils-bin/2.18/ar...done.
Beginning full learning object reduction for subject /usr/x86_64-pc-linux-gnu/binutils-bin/2.18/as...done.
Beginning full learning object reduction for subject /usr/x86_64-pc-linux-gnu/binutils-bin/2.18/ld...done.
Beginning full learning object reduction for subject /usr/x86_64-pc-linux-gnu/binutils-bin/2.18/nm...done.
Beginning full learning object reduction for subject /usr/x86_64-pc-linux-gnu/binutils-bin/2.18/ranlib...done.
Beginning full learning object reduction for subject /usr/x86_64-pc-linux-gnu/binutils-bin/2.18/strip...done.
Beginning full learning object reduction for subject /usr/x86_64-pc-linux-gnu/gcc-bin/3.4.6/x86_64-pc-linux-gnu-g++...done.
Beginning full learning object reduction for subject /usr/x86_64-pc-linux-gnu/gcc-bin/3.4.6/x86_64-pc-linux-gnu-gcc...done.
Beginning full learning object reduction for subject /var/tmp/portage/sys-process/htop-0.8.1-r1/work/htop-0.8.1/configure...done.
Beginning full learning object reduction for subject /var/tmp/portage/sys-process/htop-0.8.1-r1/work/htop-0.8.1/conftest...done.
Beginning full learning object reduction for subject /var/tmp/portage/sys-process/htop-0.8.1-r1/work/htop-0.8.1/scripts/MakeHeader.py...done.
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject /bin/rm...done.
Beginning full learning object reduction for subject /bin/touch...done.

emerge --info
Portage 2.1.6.13 (hardened/linux/amd64/2008.0/no-multilib, gcc-3.4.6, glibc-2.9_p20081201-r2, 2.6.28-hardened-r9 x86_64)
=================================================================
System uname: Linux-2.6.28-hardened-r9-x86_64-Intel-R-_Core-TM-_i7_CPU_920_@_2.67GHz-with-gentoo-1.12.11.1
Timestamp of tree: Fri, 14 Aug 2009 19:15:01 +0000
app-shells/bash:     3.2_p39
dev-lang/python:     2.6.2-r1
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.63-r1
sys-devel/automake:  1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=nocona -fomit-frame-pointer"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O2 -pipe -march=nocona -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://ftp.gtlib.gatech.edu/pub/gentoo ftp://ftp.ussg.iu.edu/pub/linux/gentoo ftp://gentoo.netnitco.net/pub/mirrors/gentoo/source/ ftp://gentoo.chem.wisc.edu/gentoo/ "
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j12"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage"
USE="acl alsa amd64 bash-completion berkdb bzip2 clamav cli cracklib crypt cups dri gdbm gnutls gpm hardened iconv ieee1394 ipv6 isdnlog justify kvm lvm mmx modules mudflap ncurses network nptl nptlonly pam parted pcre perl pic pppd python qemu readline reflection session spl sse sse2 sse3 sse4 ssl sysfs syslog tcpd urandom vde xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="fbdev glint i810 intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Comment 1 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2009-08-14 21:17:56 UTC 
Created attachment 201282 [details, diff]
proposed patch

I applied the patch and gradm correctly parses new rules
Comment 2 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2009-08-14 21:19:23 UTC 
Comment on attachment 201282 [details, diff]
proposed patch

the also solves the problem for bug 276774 but I could not reopen the bug so I did it here
:D
Comment 3 Gordon Malm (RETIRED) gentoo-dev 2009-08-21 19:07:47 UTC 
Fixed in CVS.  Thanks much!