Re: PaX killing conntrackd (strange "execution attempt")

Wolfram Schlich <lists@xxxxxxxxxxxxxxxxxxx> · Fri, 14 Nov 2008 16:09:08 +0100

* Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> [2008-11-14 12:49]:
> Wolfram Schlich wrote:
>> * Wolfram Schlich <lists@xxxxxxxxxxxxxxxxxxx> [2008-11-13 18:41]:
>>> I've now recompiled conntrack-tools using these CFLAGS:
>>>
>>> 	-march=nocona -O0 -ggdb -DDEBUG
>>>
>>> Also, the binaries were not stripped anymore:
>>>
>>> 	/usr/sbin/conntrackd: ELF 64-bit LSB shared object, x86-64, version 1 
>>> (SYSV), for GNU/Linux 2.6.9, not stripped
>>>
> [...]
>>> I'm now stressing the firewalls with packets.
>>
>> Damnit, it doesn't break! :)
>
> So it seems that it is only triggered with PaX enabled.

I never disabled PaX!

Now I got a core, after more than a day, but it doesn't look good :(

Here's the log entry:
--8<--
11-14 14:25:20 +01:00; hafw2; kern.err; kernel: PAX: From 10.10.10.249: execution attempt in: <NULL>, 00000000-00000000 00000000
11-14 14:25:20 +01:00; hafw2; kern.err; kernel: PAX: terminating task: /usr/sbin/conntrackd(conntrackd):7543, uid/euid: 0/0, PC: 0000000000000000, SP: 00007fffffffb398
11-14 14:25:20 +01:00; hafw2; kern.err; kernel: PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
11-14 14:25:20 +01:00; hafw2; kern.err; kernel: PAX: bytes at SP-8:
--8<--

Here's the backtrace:
--8<--
hafw2 conntrackd-core # gdb /usr/sbin/conntrackd --core conntrackd.core --batch --quiet -ex "thread apply all bt full" -ex "quit"
Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `/usr/sbin/conntrackd -d -C /etc/conntrackd/conntrackd.conf'.
Program terminated with signal 9, Killed.
#0  0x0000000000000000 in ?? () from /lib64/ld-linux-x86-64.so.2

Thread 1 (process 7543):
#0  0x0000000000000000 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#1  0x00007ffff7ba28b5 in ?? ()
No symbol table info available.
#2  0x0000000000000001 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#3  0x00007ffff82197e0 in ?? ()
No symbol table info available.
#4  0x0000000000000000 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
hafw2 conntrackd-core #
--8<--

I also ran "sysctl -w kernel.randomize_va_space=0" before restarting
conntrackd after recompilation as suggested by the PaX team.

Any ideas?
-- 
Regards,
Wolfram Schlich <wschlich@xxxxxxxxxx>
Gentoo Linux * http://dev.gentoo.org/~wschlich/
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html