From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-2546-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1LpVLi-0004ZH-NF
	for garchives@archives.gentoo.org; Thu, 02 Apr 2009 22:25:27 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id D46BEE042D;
	Thu,  2 Apr 2009 22:25:24 +0000 (UTC)
Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.185])
	by pigeon.gentoo.org (Postfix) with ESMTP id 72F0BE042D
	for <gentoo-hardened@lists.gentoo.org>; Thu,  2 Apr 2009 22:25:24 +0000 (UTC)
Received: by fk-out-0910.google.com with SMTP id z22so321793fkz.2
        for <gentoo-hardened@lists.gentoo.org>; Thu, 02 Apr 2009 15:25:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type;
        bh=FAxYR4D/Ao2U3kayahs7TEsxN36xedLABaHyDXFfR5o=;
        b=dwBN9jP0OomNkoEbP7GpeapjoeOcWLLtHLXkfW44YDjEy6BdChbS6uxkF+Ax2AedCu
         K3HxuuVsihtvzHO8ivg/AeNFgO4G6VZCa7+hy7QO5FltXBGn1QQdW4UaqDFQBPyR+RxC
         HoR4e7RrdLbUQ78acDl3RrUVu5iIK5QVgLnis=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=fl83ls/3bffJ+HhP/hAxnkWTNHfFGC9fAGfM7VsZdUuvp43W3GBZNdGCsekz+57MLZ
         Bb9x13Iv1TBYcBRnI3lJIEMvTilPSxnrlSFfWmWUIkNtA4xx3sbQHQC0M3xnoKrAPUnX
         8rtOGzvRbzK1RBOnaR+lMO5bFzqwWk5fRbXu4=
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.223.119.5 with SMTP id x5mr473211faq.40.1238711123844; Thu, 02 
	Apr 2009 15:25:23 -0700 (PDT)
In-Reply-To: <20090402222227.GM32102@home.power>
References: <20090402152926.GH32102@home.power>
	 <49D52B56.14682.381CDEEB@pageexec.freemail.hu>
	 <20090402222227.GM32102@home.power>
Date: Fri, 3 Apr 2009 00:25:23 +0200
Message-ID: <8b17778e0904021525n11762792pb3c2f3af2cd0870d@mail.gmail.com>
Subject: Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting 
	/sbin/init
From: klondike <franxisco1988@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Content-Type: multipart/alternative; boundary=001636c5a8d1841f59046699e845
X-Archives-Salt: d4c3098a-6c5a-4959-812c-d86bf93c0d70
X-Archives-Hash: 98b04c88db07263380505aaecde0e8ee

--001636c5a8d1841f59046699e845
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

2009/4/3 Alex Efros <powerman@powerman.asdfgroup.com>

> Hi!
>
> On Thu, Apr 02, 2009 at 11:17:10PM +0200, pageexec@freemail.hu wrote:
> > can you strace bash/etc to see what happens? probably we'll see what runs
>
> how do I can strace process N1?
> PaX doesn't kill bash if it executed not as process N1.
>
> > against the MPROTECT restricions. my guess is either textrels or
> gnu_stack
> > (compare scanelf -lpqRte on your systems).
>
> it's same on all servers:
>
> # scanelf -lpqRte
>  TEXTREL  /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Math/Pari/Pari.so
> RWX --- ---   /usr/lib/paxtest/writetext
> RWX --- ---   /usr/lib/paxtest/shlibbss
> RWX --- ---   /usr/lib/paxtest/mprotanon
> RWX --- ---   /usr/lib/paxtest/mprotdata
> RWX --- ---   /usr/lib/paxtest/mprotheap
> RWX --- ---   /usr/lib/paxtest/rettofunc1
> RWX --- ---   /usr/lib/paxtest/rettofunc2
> RWX --- ---   /usr/lib/paxtest/execbss
> RWX --- ---   /usr/lib/paxtest/execstack
> RWX --- ---   /usr/lib/paxtest/mprotshbss
> RWX --- ---   /usr/lib/paxtest/mprotstack
> RWX --- ---   /usr/lib/paxtest/mprotbss
> RWX --- ---   /usr/lib/paxtest/anonmap
> RWX --- ---   /usr/lib/paxtest/mprotshdata
> RWX --- ---   /usr/lib/paxtest/execdata
> RWX --- ---   /usr/lib/paxtest/execheap
> RWX --- ---   /usr/lib/paxtest/rettofunc1x
> RWX --- ---   /usr/lib/paxtest/rettofunc2x
> RWX --- ---   /usr/lib/paxtest/shlibdata
> RWX --- ---   /usr/inferno/Linux/386/bin/emu
> RWX --- ---   /usr/inferno/Linux/386/bin/emu-g
>
> > btw, why are you using SEGMEXEC on your core2?
>
> Hmm. You think I should use PAGEEXEC instead? According to help in linux
> kernel SEGMEXEC looks more suitable for Core2Duo and Xeon E5310...
>
> In help for PAGEEXEC it doesn't recommended for P4 and there is nothing
> about newest processors, so I suppose PAGEEXEC may not be a good choice.
>
> After your question I've re-read help, and notice "i386 with hardware
> non-executable bit support" item at end of list with less usual archs like
> avr32, sparc, etc. If that was said about Core/Xeon too, then there
> probably little usability issue with that help. ;-)
>
Just check if the cpu has the NX flag, if it does, you should use pageexec.

--001636c5a8d1841f59046699e845
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div class=3D"gmail_quote">2009/4/3 Alex Efros <span dir=3D"ltr">&lt;<a hre=
f=3D"mailto:powerman@powerman.asdfgroup.com">powerman@powerman.asdfgroup.co=
m</a>&gt;</span><br><blockquote class=3D"gmail_quote" style=3D"border-left:=
 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex=
;">
Hi!<br>
<div class=3D"im"><br>
On Thu, Apr 02, 2009 at 11:17:10PM +0200, <a href=3D"mailto:pageexec@freema=
il.hu">pageexec@freemail.hu</a> wrote:<br>
&gt; can you strace bash/etc to see what happens? probably we&#39;ll see wh=
at runs<br>
<br>
</div>how do I can strace process N1?<br>
PaX doesn&#39;t kill bash if it executed not as process N1.<br>
<div class=3D"im"><br>
&gt; against the MPROTECT restricions. my guess is either textrels or gnu_s=
tack<br>
&gt; (compare scanelf -lpqRte on your systems).<br>
<br>
</div>it&#39;s same on all servers:<br>
<br>
# scanelf -lpqRte<br>
=A0TEXTREL =A0/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Math/Pari/Pari=
.so<br>
RWX --- --- =A0 /usr/lib/paxtest/writetext<br>
RWX --- --- =A0 /usr/lib/paxtest/shlibbss<br>
RWX --- --- =A0 /usr/lib/paxtest/mprotanon<br>
RWX --- --- =A0 /usr/lib/paxtest/mprotdata<br>
RWX --- --- =A0 /usr/lib/paxtest/mprotheap<br>
RWX --- --- =A0 /usr/lib/paxtest/rettofunc1<br>
RWX --- --- =A0 /usr/lib/paxtest/rettofunc2<br>
RWX --- --- =A0 /usr/lib/paxtest/execbss<br>
RWX --- --- =A0 /usr/lib/paxtest/execstack<br>
RWX --- --- =A0 /usr/lib/paxtest/mprotshbss<br>
RWX --- --- =A0 /usr/lib/paxtest/mprotstack<br>
RWX --- --- =A0 /usr/lib/paxtest/mprotbss<br>
RWX --- --- =A0 /usr/lib/paxtest/anonmap<br>
RWX --- --- =A0 /usr/lib/paxtest/mprotshdata<br>
RWX --- --- =A0 /usr/lib/paxtest/execdata<br>
RWX --- --- =A0 /usr/lib/paxtest/execheap<br>
RWX --- --- =A0 /usr/lib/paxtest/rettofunc1x<br>
RWX --- --- =A0 /usr/lib/paxtest/rettofunc2x<br>
RWX --- --- =A0 /usr/lib/paxtest/shlibdata<br>
RWX --- --- =A0 /usr/inferno/Linux/386/bin/emu<br>
RWX --- --- =A0 /usr/inferno/Linux/386/bin/emu-g<br>
<div class=3D"im"><br>
&gt; btw, why are you using SEGMEXEC on your core2?<br>
<br>
</div>Hmm. You think I should use PAGEEXEC instead? According to help in li=
nux<br>
kernel SEGMEXEC looks more suitable for Core2Duo and Xeon E5310...<br>
<br>
In help for PAGEEXEC it doesn&#39;t recommended for P4 and there is nothing=
<br>
about newest processors, so I suppose PAGEEXEC may not be a good choice.<br=
>
<br>
After your question I&#39;ve re-read help, and notice &quot;i386 with hardw=
are<br>
non-executable bit support&quot; item at end of list with less usual archs =
like<br>
avr32, sparc, etc. If that was said about Core/Xeon too, then there<br>
probably little usability issue with that help. ;-)<br>
</blockquote></div>Just check if the cpu has the NX flag, if it does, you s=
hould use pageexec.<br>

--001636c5a8d1841f59046699e845--