From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from <gentoo-hardened+bounces-2493-garchives=archives.gentoo.org@lists.gentoo.org>) id 1Lfemv-0002GL-2G for garchives@archives.gentoo.org; Fri, 06 Mar 2009 18:28:49 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0F264E02FD; Fri, 6 Mar 2009 18:28:45 +0000 (UTC) Received: from r00tworld.com (r00tworld.com [212.85.137.21]) by pigeon.gentoo.org (Postfix) with ESMTP id A5C32E0306 for <gentoo-hardened@lists.gentoo.org>; Fri, 6 Mar 2009 18:28:44 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by r00tworld.com (8.13.1/8.13.1) with ESMTP id n26ISg6w019295 for <gentoo-hardened@lists.gentoo.org>; Fri, 6 Mar 2009 19:28:43 +0100 Received: from r00tworld.com ([127.0.0.1]) by localhost (r00tworld.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 16399-02 for <gentoo-hardened@lists.gentoo.org>; Fri, 6 Mar 2009 19:28:40 +0100 (CET) Received: from [192.168.1.14] (x.r00tworld.com [212.85.137.21]) by r00tworld.com (8.13.1/8.13.1) with ESMTP id n26ISZSw019284 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO) for <gentoo-hardened@lists.gentoo.org>; Fri, 6 Mar 2009 19:28:36 +0100 From: pageexec@freemail.hu To: gentoo-hardened@lists.gentoo.org Date: Fri, 06 Mar 2009 19:28:17 +0200 Precedence: bulk List-Post: <mailto:gentoo-hardened@lists.gentoo.org> List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org> X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Subject: Re: [gentoo-hardened] 2.6.27-hardened-r8: assassination Message-ID: <49B16B41.31874.18849D3B@pageexec.freemail.hu> Priority: normal In-reply-to: <20090306151313.GB1926@home.power> References: <20090306035718.GH1917@home.power>, <49B0DBA8.84.1653B10A@pageexec.freemail.hu>, <20090306151313.GB1926@home.power> X-mailer: Pegasus Mail for Windows (4.50 PB1) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.12 (r00tworld.com [212.85.137.21]); Fri, 06 Mar 2009 19:28:36 +0100 (CET) X-Virus-Scanned: r00tworld Anti-Virus System X-Archives-Salt: 1f928870-9f68-4079-aaba-cb4591cb2460 X-Archives-Hash: 8a8ad7485ab4937aa483aed90a755853 On 6 Mar 2009 at 17:13, Alex Efros wrote: > Two questions: > 1) Is "2.6.28.7 and PaX alone" mean hardened-sources-2.6.28 with > everything except PaX switched off, or vanilla-sources-2.6.28.7 manually > patched with latests PaX? it's always the latter ;), i need to make sure it's a PaX problem. > 2) I'm perl programmer, not C. So I need more detailed instructions (list > of commands to run) how to "get coredumps and analyze them for the usual > things". Probably this info already available somewhere, so url to this > doc will be enough. i mentioned them quite a few times on the list and bugzilla and the grsec forums, here it is again. first, the coredump: you enable coredumps in your shell (ulimit -c unlimited) then run your program that crashes. this will produce a coredump file that you load into gdb and then issue the following gdb commands: bt x/8i $pc x/8x $sp info reg > As for strace - did that, it helps me detect .so libraries (Ioncube and > ZendOptimizer) because of which apache was killed. on a second thought, i'd need the strace output regardless of the gdb analysis, just to see how text relocations went as that's where the problem is probably.