7zip crash on hardened-sources 2.6.38 with (form dmesg): [513770.790108] grsec: From x.x.x.x: denied RWX mmap of <anonymous mapping> by /usr/lib64/p7zip/7z[7z:31710] uid/euid:0/0 gid/egid:0/0, parent /root/srvadmin/backup.sh[backup.sh:29059] uid/euid:0/0 gid/egid:0/0 [513770.802026] grsec: From x.x.x.x: denied RWX mmap of <anonymous mapping> by /usr/lib64/p7zip/7z[7z:31712] uid/euid:0/0 gid/egid:0/0, parent /root/srvadmin/backup.sh[backup.sh:29059] uid/euid:0/0 gid/egid:0/0 [513770.817135] grsec: more alerts, logging disabled for 10 seconds [513911.675537] grsec: From x.x.x.x: denied RWX mmap of <anonymous mapping> by /usr/lib64/p7zip/7z[7z:566] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:1962] uid/euid:0/0 gid/egid:0/0 [513921.023753] grsec: From x.x.x.x: denied RWX mmap of <anonymous mapping> by /usr/lib64/p7zip/7z[7z:568] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:1962] uid/euid:0/0 gid/egid:0/0 [514042.664085] grsec: From x.x.x.x: denied RWX mmap of <anonymous mapping> by /usr/lib64/p7zip/7z[7z:3832] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:1962] uid/euid:0/0 gid/egid:0/0 [514095.025172] grsec: From x.x.x.x: denied RWX mprotect of <anonymous mapping> by /lib64/ld-2.13.so[ld-linux-x86-64:21300] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/ldd[ldd:21298] uid/euid:0/0 gid/egid:0/0 In Security config section I chosed Grsecurity -> Security Level (Hardened Gentoo [server]) It doesn't happen with hardened-sources-2.6.37 with same configuration. 7z output look like this: 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 p7zip Version 9.20 (locale=C,Utf16=off,HugeFiles=on,6 CPUs) Creating archive test.tar.7z System error: E_FAIL I'll attach kernel .config too. Reproducible: Always Steps to Reproduce: 1. emerge app-arch/p7zip-9.20.1 and sys-kernel/hardened-sources-2.6.38 2. try to compress something with sys-kernel/hardened-sources-2.6.38 Actual Results: 7zip process resource denied by kernel with previous messages Expected Results: To be able to use p7zip with hardened-sources-2.6.38 Portage 2.2.0_alpha29 (hardened/linux/amd64/no-multilib, gcc-4.5.2, glibc-2.13-r2, 2.6.38-hardened-costel x86_64) ================================================================= System uname: Linux-2.6.38-hardened-costel-x86_64-AMD_Phenom-tm-_II_X6_1100T_Processor-with-gentoo-2.0.2 Timestamp of tree: Tue, 05 Apr 2011 20:00:01 +0000 app-shells/bash: 4.2_p8 dev-lang/python: 2.7.1-r1 dev-util/cmake: 2.8.4 sys-apps/baselayout: 2.0.2 sys-apps/openrc: 0.8.0 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.68 sys-devel/automake: 1.11.1 sys-devel/binutils: 2.21 sys-devel/gcc: 4.5.2 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82 virtual/os-headers: 2.6.38 (sys-kernel/linux-headers) Repositories: gentoo added mysql Installed sets: ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=native -mtune=native -ftree-vectorize -floop-interchange -floop-strip-mine -floop-block" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe -march=native -mtune=native -ftree-vectorize -floop-interchange -floop-strip-mine -floop-block" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--jobs=4 --load-average=5.9 --keep-going --with-bdeps=y --complete-graph" FEATURES="assume-digests binpkg-logs candy collision-protect distlocks fail-clean fixlafiles fixpackages news nodoc noinfo parallel-fetch preserve-libs protect-owned sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="" GENTOO_MIRRORS="http://mirrors.kernel.org/gentoo http://distfiles.gentoo.org/ http://ftp.udc.es/gentoo/ http://gentoo-euetib.upc.es/mirror/gentoo/" LANG="ro_RO.UTF-8" LC_ALL="ro_RO.UTF-8" LDFLAGS="-Wl,-O1,--sort-common,--warn-once,--hash-style=gnu,--as-needed" LINGUAS="ro en es" MAKEOPTS="-j6 --load-average=7" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="--progress --delete-before --human-readable" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/added /usr/portage/local/mysql" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl amd64 apache2 berkdb bzip2 cli cracklib crypt cxx dri gdbm gpm hardened iconv justify lm_sensors logrotate mmx modules mudflap mysql mysqli ncurses nls nptl nptlonly openmp pam pcre perl pppd python readline samba sasl session sse sse2 ssl sysfs tcpd threads unicode urandom vhosts xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ro en es" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS
Created attachment 268755 [details] Kernel config
Which version of app-arch/p7zip is that?
It's p7zip-9.20.1 as in "Steps to reproduce". But I didn't specified the use flags: These are the packages that would be merged, in order: [ebuild R ] app-arch/p7zip-9.20.1 USE="-doc -kde (-pch) -rar (-static) -wxwidgets" 0 kB
I didn't hit this with 9.13 but I did with 9.20.1. The significant difference between our systems is that I have gcc-4.4.5 glibc-2.11.3 hardned-sources=2.6.32-r43. I haven't looked in the code yet to see where the RWX mmaping might be happening, but I'm pretty sure its not the 2.6.37 -> 2.6.38 move. Both would equally complain about RWX anon mmaps. I'll look later at where this is happening but as a work around for now, downgrade to 9.13 which is the current stable. 9.20.1 is unstable.
Actually I switched to pbzip2. It's important to me to compress a large amount of data in a time window period. bzip gzip, 7zip<9.20 use 1 or 2 core max. 7zip have a better ratio compression than (p)bzip2, that's why I chose it. I used hardened profile and 7zip for a very long period and, for me, it's the first time when I hit this bug. Thanks for the info! Hopefully it will help to solve this bug as quick as possible.
* Messages for package app-arch/p7zip-9.13: * Package: app-arch/p7zip-9.13 * Repository: gentoo * Maintainer: jlec@gentoo.org radek@gentoo.org * USE: amd64 elibc_glibc kernel_linux userland_GNU * FEATURES: fakeroot preserve-libs sandbox suidctl usersandbox * Package: app-arch/p7zip-9.13 * Repository: gentoo * Maintainer: jlec@gentoo.org radek@gentoo.org * USE: amd64 elibc_glibc kernel_linux userland_GNU * FEATURES: fakeroot preserve-libs sandbox suidctl usersandbox * Applying 9.04-makefile.patch ... * Applying 9.04-kde4.patch ... * QA Notice: Package has poor programming practices which may compile * fine but exhibit random runtime failures. * ../../Archive/NtfsHandler.cpp:1253:78: warning: passing NULL to non-pointer argument 4 of 'bool NArchive::Ntfs::CMftRec::Parse(Byte*, int, UInt32, UInt32, CObjectVector<NArchive::Ntfs::CAttr>*)' * Please do not file a Gentoo bug and instead report the above QA * issues directly to the upstream developers of this software. * Homepage: http://p7zip.sourceforge.net/ ----------------- * Messages for package app-arch/p7zip-9.20.1: * Package: app-arch/p7zip-9.20.1 * Repository: gentoo * Maintainer: jlec@gentoo.org radek@gentoo.org * USE: amd64 elibc_glibc kernel_linux userland_GNU * FEATURES: fakeroot preserve-libs sandbox suidctl usersandbox * Package: app-arch/p7zip-9.20.1 * Repository: gentoo * Maintainer: jlec@gentoo.org radek@gentoo.org * USE: amd64 elibc_glibc kernel_linux userland_GNU * FEATURES: fakeroot preserve-libs sandbox suidctl usersandbox * Applying 9.04-makefile.patch ... * QA Notice: The following files contain writable and executable sections * Files with such sections will not work properly (or at all!) on some * architectures/operating systems. A bug should be filed at * http://bugs.gentoo.org/ to make sure the issue is fixed. * For more information, see http://hardened.gentoo.org/gnu-stack.xml * Please include the following list of files in your report: * Note: Bugs should be filed for the respective maintainers * of the package in question and not hardened@g.o. * RWX --- --- usr/lib64/p7zip/7z.so * RWX --- --- usr/lib64/p7zip/7z * RWX --- --- usr/lib64/p7zip/7zr * RWX --- --- usr/lib64/p7zip/7za * RWX --- --- usr/lib64/p7zip/7zCon.sfx * QA Notice: Package has poor programming practices which may compile * fine but exhibit random runtime failures. * ../../Archive/NtfsHandler.cpp:1283:78: warning: passing NULL to non-pointer argument 4 of 'bool NArchive::Ntfs::CMftRec::Parse(Byte*, int, UInt32, UInt32, CObjectVector<NArchive::Ntfs::CAttr>*)' * Please do not file a Gentoo bug and instead report the above QA * issues directly to the upstream developers of this software. * Homepage: http://p7zip.sourceforge.net/ p.s. Portage 2.2.0_alpha29 (hardened/linux/amd64/no-multilib, gcc-4.5.2, glibc-2.13-r2, 2.6.38-hardened x86_64)
Okay this packages has a lot of issues. I spent too much time trying to trace down where the RWX mmap occurs, but haven't nailed it. A simple grep -r mmap * gives C/Alloc.c.back2: address = mmap(ADDR, size, PROTECTION, FLAGS, 0, 0); C/Alloc.c.back: address = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); C/Alloc.c: address = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0 which doesn't show any PROT_READ|PROT_WRITE|PROT_EXEC. Yet when I run it and strace, I get the RWX mapping. Strangely this does not happen on a vanilla system. So somehow the RWX mapping is introduced on hardened systems. Climbing back through the code, I know it happens when the following call is made: _mixerCoder->Code(&inStreamPointers.Front(), NULL, 1, &outStreamPointers.Front(), NULL, outStreamPointers.Size(), compressProgress) at line 248 of CPP/7zip/Archive/7z/7zEncode.cpp. It goes further back, but I stopped there. I don't think I want to spend any more time with this, so I'm going to p.mask it on hardened/linux/amd64 unless there are any objections, solutions, workarounds. Subsequent posts will have my straces on hardened and vanilla. All USE flags are off. I tried different combinations, but no change.
Created attachment 269147 [details] strace -o 7za.hardened.trace /usr/bin/7za a -- test.c.7z test.c
Created attachment 269149 [details] strace -o 7za.vanilla.trace /usr/bin/7za a -- test.c.7z test.c
It sounds good to me, as there are alternatives to p7zip and by masking this version will prevent other users to hit this bug. I also tried p7zip with other hardened-sources version and the problem occurred only with 2.6.38. Maybe next versions of hardened-sources will "automatically" fix the problem.
this is just the usual RWE GNU_STACK crap as reported by emerge itself. execstack -c /usr/lib64/p7zip/* is your friend or you can hunt down the unmarked .S file(s).
Created attachment 269281 [details, diff] Patch to fix RWX issues Classical case of assembler missing the stack markings. The culprits: ./Asm/x64/7zCrcT8U.asm ./Asm/x86/7zCrcT8U.asm Attaches is a patch to fix this. Please send also upstream so they can fix that now and on their future assembler code.
Fixing the asm did it. However, there was no change in the asm between 9.13 and 9.20.1. So something else changed that caused it to be triggered in the latter but not the former.
(In reply to comment #13) > Fixing the asm did it. However, there was no change in the asm between 9.13 > and 9.20.1. So something else changed that caused it to be triggered in the > latter but not the former. I am not sure about this, but I think it is because the ebuild for 9.13 uses makefile.linux_amd64 while 9.20 uses makefile.linux_amd64_asm (i.e. 9.13 does not use asm, 9.20 uses it).
Reported upstream: https://sourceforge.net/tracker/?func=detail&aid=3283518&group_id=111810&atid=660493
(In reply to comment #14) > (In reply to comment #13) > > Fixing the asm did it. However, there was no change in the asm between 9.13 > > and 9.20.1. So something else changed that caused it to be triggered in the > > latter but not the former. > > I am not sure about this, but I think it is because the ebuild for 9.13 uses > makefile.linux_amd64 while 9.20 uses makefile.linux_amd64_asm (i.e. 9.13 does > not use asm, 9.20 uses it). Yep. If you just get rid of makefile.linux_amd64_asm on hardened and recompile, it doesn't use the asm and it works like 9.13.
(In reply to Anthony Basile from comment #16) > Yep. If you just get rid of makefile.linux_amd64_asm on hardened and > recompile, it doesn't use the asm and it works like 9.13. How do I detect hardened profiles without an explicit USE?
(In reply to Justin Lecher from comment #17) > (In reply to Anthony Basile from comment #16) > > Yep. If you just get rid of makefile.linux_amd64_asm on hardened and > > recompile, it doesn't use the asm and it works like 9.13. > > How do I detect hardened profiles without an explicit USE? Even if you check for hardened you still have a QA on the packages for The following files contain writable and executable sections. And the fix is simpel.
(In reply to Magnus Granberg from comment #18) > (In reply to Justin Lecher from comment #17) > > (In reply to Anthony Basile from comment #16) > > > Yep. If you just get rid of makefile.linux_amd64_asm on hardened and > > > recompile, it doesn't use the asm and it works like 9.13. > > > > How do I detect hardened profiles without an explicit USE? > Even if you check for hardened you still have a QA on the packages for > The following files contain writable and executable sections. > And the fix is simpel. Ah so the bug is fixed for long and also by upstream now
