From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LpVIs-0004HQ-0l for garchives@archives.gentoo.org; Thu, 02 Apr 2009 22:22:30 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 17DC1E03B0; Thu, 2 Apr 2009 22:22:29 +0000 (UTC) Received: from powerman.name (powerman.name [85.90.198.1]) by pigeon.gentoo.org (Postfix) with ESMTP id 79470E03B0 for ; Thu, 2 Apr 2009 22:22:28 +0000 (UTC) Received: (qmail 19349 invoked by uid 1000); 2 Apr 2009 22:22:27 -0000 Date: Fri, 3 Apr 2009 01:22:27 +0300 From: Alex Efros To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init Message-ID: <20090402222227.GM32102@home.power> Mail-Followup-To: gentoo-hardened@lists.gentoo.org References: <20090402152926.GH32102@home.power> <49D52B56.14682.381CDEEB@pageexec.freemail.hu> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <49D52B56.14682.381CDEEB@pageexec.freemail.hu> Organization: http://powerman.name/ User-Agent: Mutt/1.5.16 (2007-06-09) X-Archives-Salt: 12ce459b-9ad7-4b9f-90c0-3d2e2bc25a5c X-Archives-Hash: 669b72a6d1392a0e938f9ff3361f0617 Hi! On Thu, Apr 02, 2009 at 11:17:10PM +0200, pageexec@freemail.hu wrote: > can you strace bash/etc to see what happens? probably we'll see what runs how do I can strace process N1? PaX doesn't kill bash if it executed not as process N1. > against the MPROTECT restricions. my guess is either textrels or gnu_stack > (compare scanelf -lpqRte on your systems). it's same on all servers: # scanelf -lpqRte TEXTREL /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Math/Pari/Pari.so RWX --- --- /usr/lib/paxtest/writetext RWX --- --- /usr/lib/paxtest/shlibbss RWX --- --- /usr/lib/paxtest/mprotanon RWX --- --- /usr/lib/paxtest/mprotdata RWX --- --- /usr/lib/paxtest/mprotheap RWX --- --- /usr/lib/paxtest/rettofunc1 RWX --- --- /usr/lib/paxtest/rettofunc2 RWX --- --- /usr/lib/paxtest/execbss RWX --- --- /usr/lib/paxtest/execstack RWX --- --- /usr/lib/paxtest/mprotshbss RWX --- --- /usr/lib/paxtest/mprotstack RWX --- --- /usr/lib/paxtest/mprotbss RWX --- --- /usr/lib/paxtest/anonmap RWX --- --- /usr/lib/paxtest/mprotshdata RWX --- --- /usr/lib/paxtest/execdata RWX --- --- /usr/lib/paxtest/execheap RWX --- --- /usr/lib/paxtest/rettofunc1x RWX --- --- /usr/lib/paxtest/rettofunc2x RWX --- --- /usr/lib/paxtest/shlibdata RWX --- --- /usr/inferno/Linux/386/bin/emu RWX --- --- /usr/inferno/Linux/386/bin/emu-g > btw, why are you using SEGMEXEC on your core2? Hmm. You think I should use PAGEEXEC instead? According to help in linux kernel SEGMEXEC looks more suitable for Core2Duo and Xeon E5310... In help for PAGEEXEC it doesn't recommended for P4 and there is nothing about newest processors, so I suppose PAGEEXEC may not be a good choice. After your question I've re-read help, and notice "i386 with hardware non-executable bit support" item at end of list with less usual archs like avr32, sparc, etc. If that was said about Core/Xeon too, then there probably little usability issue with that help. ;-) -- WBR, Alex.