From: Vincent Danen <vdanen@annvix.org>
Cc: <supervision@list.skarnet.org><supervision@list.skarnet.org>
<supervision@list.skarnet.org>
Subject: Re: runit running under linux 2.4 with openwall patches
Date: Thu, 20 Jan 2005 15:52:00 -0700 [thread overview]
Message-ID: <E515603D-6B35-11D9-9341-000A9598BFB2@annvix.org> (raw)
In-Reply-To: <Pine.LNX.4.44.0501201725200.11392-100000@e-smith.charlieb.ott.istop.com>
[-- Attachment #1: Type: text/plain, Size: 2137 bytes --]
On Jan 20, 2005, at 15:28, Charlie Brady wrote:
>> One of the features of openwall is stack protection. I'm getting this
>> when I try to boot into a 2.4.29 kernel with openwall hardening
>> enabled:
>>
>> Security: return onto stack from 0x0804812c to 0xbffffea0 running as
>> UID 0, EUID 0, process runit:1
>> Security more returns onto stack, logging disabled for a minute
>>
>> I can manage to make the kernel boot, but runit isn't running and it's
>> consuming 100% cpu in my vmware test machine.
>>
>> I have two ideas that may be causing the problem, and not being a
>> kernel person I don't really know for 100% which it is:
>>
>> 1) the Non-executable user stack area part of owl
>> 2) the enforce RLIMIT_NPROC on execve(2)
>>
>> I have a feeling that it's #1 tho.
>
> Why do you have that feeling? What gives you these two ideas? Do you
> see
> any actions from runit before the "return onto stack" message?
Well, for one, it's explicitly stating runit (ie. process runit:1).
For two, runit is starting, but when runit should be switching to stage
2, I keep getting these errors and pretty much nothing is happening.
The kernel boots, the fs is mounted, and the first error is before the
traditional initscripts, which runit runs, is done. Those initscripts
execute fine without error, but when runit should be switching to stage
2, all I get are these errors being reported with CPU climbing.
> You might run "strace runit-init" in place of "runit", although I'm not
> sure what chaos that might cause.
Well, it is in vmware so doesn't really matter... =) I'll just take a
snapshot first. The fact that the kernel is pretty much pointing out
runit each time leads me to believe it's, well, runit. I'm not sure
what runit is doing when it's entering it's stages, but whatever it is
doing might be what is causing the owl-patched-kernel to freak out.
BTW, I just compiled and upgraded to runit 1.2.1 and see the same
behaviour.
--
Annvix - Secure Linux Server: http://annvix.org/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4}
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 186 bytes --]
next prev parent reply other threads:[~2005-01-20 22:52 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-20 22:14 Vincent Danen
2005-01-20 22:28 ` Charlie Brady
2005-01-20 22:52 ` Vincent Danen [this message]
2005-01-21 19:32 ` Gerrit Pape
2005-01-25 4:51 ` Vincent Danen
2005-01-25 10:58 ` Torne Wuff
2005-01-25 19:54 ` Vincent Danen
2005-01-25 23:33 ` Vincent Danen
2005-01-26 0:44 ` Csillag Tamás
2005-01-26 4:31 ` Vincent Danen
2005-01-26 8:52 ` Csillag Tamás
2005-01-27 19:52 ` Charlie Brady
2005-01-26 12:07 ` Milan P. Stanic
[not found] ` <20050205212555.GI20427@digitus>
2005-02-05 23:14 ` Vincent Danen
2005-03-14 14:11 ` Csillag Tamás
2005-03-14 17:40 ` Gerrit Pape
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E515603D-6B35-11D9-9341-000A9598BFB2@annvix.org \
--to=vdanen@annvix.org \
--cc=supervision@list.skarnet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).