From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/681 Path: main.gmane.org!not-for-mail From: Vincent Danen Newsgroups: gmane.comp.sysutils.supervision.general Subject: Re: runit running under linux 2.4 with openwall patches Date: Mon, 24 Jan 2005 21:51:12 -0700 Message-ID: References: <20050121193151.5581.qmail@f99cf6af5269a6.315fe32.mid.smarden.org> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 (Apple Message framework v619) Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-64--527546601" Content-Transfer-Encoding: 7bit X-Trace: sea.gmane.org 1106628683 20370 80.91.229.6 (25 Jan 2005 04:51:23 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 25 Jan 2005 04:51:23 +0000 (UTC) Original-X-From: supervision-return-920-gcsg-supervision=m.gmane.org@list.skarnet.org Tue Jan 25 05:51:17 2005 Return-path: Original-Received: from antah.skarnet.org ([212.85.147.14]) by deer.gmane.org with smtp (Exim 3.35 #1 (Debian)) id 1CtIfd-00006W-00 for ; Tue, 25 Jan 2005 05:51:17 +0100 Original-Received: (qmail 21663 invoked by uid 76); 25 Jan 2005 04:51:37 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Archive: Original-Received: (qmail 21657 invoked from network); 25 Jan 2005 04:51:37 -0000 In-Reply-To: <20050121193151.5581.qmail@f99cf6af5269a6.315fe32.mid.smarden.org> Original-To: X-Pgp-Agent: GPGMail 1.0.2 X-Mailer: Apple Mail (2.619) X-SA-Exim-Connect-IP: 68.149.32.61 X-SA-Exim-Mail-From: vdanen@annvix.org X-SA-Exim-Version: 4.1 (built Mon, 20 Sep 2004 22:38:34 -0600) X-SA-Exim-Scanned: Yes (on hades.annvix.org) Xref: main.gmane.org gmane.comp.sysutils.supervision.general:681 X-Report-Spam: http://spam.gmane.org/gmane.comp.sysutils.supervision.general:681 --Apple-Mail-64--527546601 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On Jan 21, 2005, at 12:32, Gerrit Pape wrote: >> One of the features of openwall is stack protection. I'm getting this >> when I try to boot into a 2.4.29 kernel with openwall hardening >> enabled: >> >> Security: return onto stack from 0x0804812c to 0xbffffea0 running as >> UID 0, EUID 0, process runit:1 >> Security more returns onto stack, logging disabled for a minute >> >> I can manage to make the kernel boot, but runit isn't running and it's >> consuming 100% cpu in my vmware test machine. > > Hm, I don't know the openwall patch and what in runit.c could cause > this. I have a feeling it's the stack protection, but why is the trick question. >> I'd like to be able to have both runit and this feature together; I >> think it should be possible because the traditional init works with >> it. >> Any ideas on how to go about this? > > Did you link the runit program statically with the dietlibc? If so, > you > could try to compile it the same way as the working /sbin/init, to be > sure it's not the compiler or libc causing the problem. That's a good idea. I did compile it statically with dietlibc. I'll try without dietlibc and see what happens. I haven't had a chance to dive back into it yet, but when I get a second I'll rebuild it and see if that clears it up. If not, I'll recompile the kernel without the stack protection option enabled, just to make sure that it is what I think it is. -- Annvix - Secure Linux Server: http://annvix.org/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4} --Apple-Mail-64--527546601 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQFB9dBALrxeMv7jCtQRAmE3AKCCsunKcYHotwEVcyCTa4p2lMIdUgCeMEeK e2widP38cnCDlKB7G3Vy9OU= =jfoZ -----END PGP SIGNATURE----- --Apple-Mail-64--527546601--