Bug#503173: grub-common: Segmentation fault in grub-probe when using grsecurity
Frederic VANNIERE
f.vanniere at planet-work.com
Thu Oct 23 07:34:19 UTC 2008
Package: grub-common
Version: 1.96+20080724-10
Severity: normal
When using grub-probe on a custom 2.6.26.5-em64t-grsec kernel it creates a
segmentation fault :
Oct 20 11:39:14 foo kernel: PAX: terminating task:
/usr/sbin/grub-probe(grub-probe):14498, uid/euid: 0/0, PC:
00007fffffffdf18, SP: 00007fffffffdec8
Oct 20 11:39:14 foo kernel: grsec: From 88.177.xxx.xxx: denied resource
overstep by requesting 4096 for RLIMIT_CORE against limit 0 for
/usr/sbin/grub-probe[grub-probe:14498] uid/euid:0/0 gid/egid:0/0, parent
/bin/bash[bash:14245] uid/euid:0/0 gid/egid:0/0
The solution was to use chpax on /usr/sbin/grub-probe and put the
following flags :
----[ chpax 0.7 : Current flags for /usr/sbin/grub-probe (pemrxs) ]----
* Paging based PAGE_EXEC : disabled
* Trampolines : not emulated
* mprotect() : not restricted
* mmap() base : not randomized
* ET_EXEC base : not randomized
* Segmentation based PAGE_EXEC : disabled
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.27-em64t (SMP w/2 CPU cores)
Locale: LANG=fr_FR at euro, LC_CTYPE=fr_FR at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages grub-common depends on:
ii base-files 4.0.5 Debian base system miscellaneous f
ii libc6 2.7-14 GNU C Library: Shared libraries
grub-common recommends no packages.
Versions of packages grub-common suggests:
pn multiboot-doc <none> (no description available)
-- no debconf information
More information about the Pkg-grub-devel
mailing list