From: Michael Orlitzky <michael@orlitzky.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] Disappearing root on 2.6.36-hardened-r6 upgrade
Date: Sun, 26 Dec 2010 12:06:00 -0500 [thread overview]
Message-ID: <4D1775F8.5010704@orlitzky.com> (raw)
In-Reply-To: <4D170EDE.15195.3043ADB6@pageexec.freemail.hu>
On 12/26/2010 03:46 AM, pageexec@freemail.hu wrote:
> On 26 Dec 2010 at 1:59, Michael Orlitzky wrote:
>
>> I've got (at least) two servers that lose their root partition after
>> this upgrade. One of them has an HP cciss SCSI RAID controller; the
>> other has a single IDE hard drive. Assuming the problem is something
>> common, I'll stick to describing the one with the array for now.
>
> which grsec is this ebuild based on? my guess is that it's a recent PaX/UDEREF
> hardening that's causing this and should be mostly fixed now except for the
> IP checksum code fix which i'll release soon. in the meantime you can disable
> UDEREF. if you don't have it enabled then i don't know what it is, we'll need
> more debugging, let me know.
The hardened-patches contains the following:
4423_grsec-remove-protected-paths.patch
4420_grsecurity-2.2.1-2.6.36.2-201012121726.patch
4435_grsec-kconfig-gentoo.patch
4421_grsec-remove-localversion-grsec.patch
4425_grsec-pax-without-grsec.patch
4430_grsec-kconfig-default-gids.patch
4422_grsec-mute-warnings.patch
I do have UDEREF enabled:
# grep UDEREF .config
CONFIG_PAX_MEMORY_UDEREF=y
I can try disabling it when I'd be willing to drive to work and reboot
the thing.
next prev parent reply other threads:[~2010-12-26 18:02 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-26 6:59 [gentoo-hardened] Disappearing root on 2.6.36-hardened-r6 upgrade Michael Orlitzky
2010-12-26 8:46 ` pageexec
2010-12-26 17:06 ` Michael Orlitzky [this message]
2010-12-26 17:57 ` pageexec
2010-12-26 19:09 ` Michael Orlitzky
2010-12-26 20:00 ` pageexec
2010-12-26 23:03 ` klondike
2010-12-27 0:05 ` klondike
2010-12-29 11:36 ` pageexec
2010-12-27 19:49 ` Michael Orlitzky
2010-12-26 19:31 ` Michael Orlitzky
2010-12-26 17:31 ` Anthony G. Basile
2010-12-26 18:01 ` Anthony G. Basile
2010-12-26 18:59 ` "Tóth Attila"
2010-12-26 20:06 ` pageexec
2010-12-26 23:01 ` klondike
2010-12-30 19:29 ` "Tóth Attila"
2010-12-30 20:35 ` pageexec
2010-12-30 23:16 ` "Tóth Attila"
2011-01-04 13:52 ` "Tóth Attila"
2011-01-04 16:46 ` pageexec
2011-01-04 18:38 ` "Tóth Attila"
2011-01-04 18:18 ` pageexec
2011-01-09 14:55 ` "Tóth Attila"
2011-01-09 22:20 ` Alex Efros
2011-01-10 0:39 ` "Tóth Attila"
2011-01-04 13:52 ` "Tóth Attila"
2011-01-04 13:16 ` pageexec
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D1775F8.5010704@orlitzky.com \
--to=michael@orlitzky.com \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox