Reproducible for me on Debian wheezy/sid with custom kernel 3.3.6-pf.
`echo 0 /proc/sys/kernel/randomize_va_space` makes `/lib/ld-linux.so.2
/bin/bash` stop crashing with `cannot allocate 3 bytes (8192 bytes
allocated)`. There is nx in /proc/cpuinfo flags.
--
You received this bug notification
I'm still seeing this problem (under scratchbox, trying to run the Maemo
SDK) with 2.6.31-20.58 (and with 2.6.31-22.60). Was this reverted?
I haven't gotten the example proof of concept code to crash, but I
cannot run af-sb-init.sh, which is required to start the Maemo SDK gui
under scratchbox.
This bug was fixed in the package linux - 2.6.31-20.57
---
linux (2.6.31-20.57) karmic-proposed; urgency=low
[ Kees Cook ]
* SAUCE: x86: brk away from exec rand area
- LP: #452175
[ Keng-Yu Lin ]
* SAUCE: (drop after 2.6.31) input: Add hotkey quirk for Samsung
I can confirm that the -proposed (-20) kernel fixes the testcase in qa-
regression-testing (test-kernel-aslr-collisions.py)
** Tags added: verification-done
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You received this bug
** Branch linked: lp:ubuntu/linux-mvl-dove
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Branch linked: lp:ubuntu/linux-fsl-imx51
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
@Hannu: I have not been able to reproduce this error on Jaunty (and
Karmic was the first to carry the NX-emu patch which caused the
problem). Can you please open a new bug for Jaunty if you're still
seeing problems? Thanks!
--
Random segfaults when using ld.so explicitly to start a program
This bug was fixed in the package linux - 2.6.32-12.16
---
linux (2.6.32-12.16) lucid; urgency=low
[ Andy Whitcroft ]
* Revert SAUCE: acpi battery -- delay first lookup of the battery until
first use
* SAUCE: acpi battery -- move first lookup asynchronous
- LP: #507211
** Changed in: linux (Ubuntu Karmic)
Status: Triaged = Fix Committed
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
** Description changed:
+ SRU Justification:
+
+ Impact: With the current NX emulation, there are cases where the brk
+ segment conflicts with the exe randomization.
+
+ Fix: The patch linked to this report moves the brk segment out of the
+ way for these cases.
+
+ Testcase: See below
+
+
For Karmic, it will go into the next stable release update, so
probably in a few weeks.
What about Jaunty? I'm the original observer of this problem (Visi just
took care of reporting it here) and unfortunately the information in the
report about this problem not occurring with Jaunty /
I was able to compile the latest public karmic 32 bit generic kernel
with the patch. When I have used that kernel I was not able to see
anymore the reported problem. I would say that the fix was working for
me.
Can someone tell me when could this patch appear on an average user desktop?
I would
This has been committed to the Lucid tree now, and will be available there in
2.6.32-N.16:
http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-lucid.git;a=commitdiff;h=4ac4eee5ec83a0d9a41f7200c3879b41abd738c8
For Karmic, it will go into the next stable release update, so probably
in a few weeks.
**
Here is a minimal test-case for brk crashing into other segments. This is
nearly identical to the upstream issue seen with text ASLR, so the nx-emu
allocation methods need to be adjusted to match what was done to upstream text
ASLR to avoid brk collisions (with upstream, the text area is
This fixes the problems for me and tests out against normal system
utilization, the minimal test case, and the original bash-loaded test-
case, with randomize_va_space set to 0 or 2 (1 still triggers the
problem, but the combination of large PIE brk allocations and
randomized-without-brk is not a
** Changed in: linux (Ubuntu Karmic)
Status: Confirmed = Triaged
** Changed in: linux (Ubuntu Lucid)
Status: Confirmed = In Progress
** Changed in: linux (Ubuntu Karmic)
Assignee: Amit Kucheria (amitk) = Kees Cook (kees)
--
Random segfaults when using ld.so explicitly to
Actually, setting /proc/sys/kernel/randomize_va_space to 0 makes this
worse because it forces the brk (heap) area to immediately follow the
text area, and the NX emulation patch performs randomization of exec
regions no matter what randomize_va_space is. It seems the solution
here is to fix up
This is still the case for 2.6.31-17-generic-pae (and non -pae). If
there is no fix comming it would rock if someone could tell us how to
rebuild the current kernel with the problematic patch dropped (in step-
by-step fashion, as I usualy don't rebuild my kernel)?
I need to test further, but
On Thu, Jan 14, 2010 at 07:53:51AM -, Stefan Kost wrote:
This is still the case for 2.6.31-17-generic-pae (and non -pae). If
there is no fix comming it would rock if someone could tell us how to
Diagnosing the why this is happening is proving difficult. No progress
has been made on it yet,
** Also affects: bash (Ubuntu Karmic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Karmic)
Importance: Undecided
Status: New
** Changed in: bash (Ubuntu Karmic)
Status: New = Invalid
** Changed in: linux (Ubuntu)
Status: Triaged = Confirmed
Apparently only an issue with linux, not bash
** Changed in: bash (Ubuntu)
Status: Confirmed = Invalid
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You received this bug notification because you are a member of Ubuntu
Bugs,
@Jean you appear to be seeing a different problem; probably bad RAM.
This problem is specific to DSO executables (built PIE or loaded via
separate ld.so).
@Riku right, 64bit will not show it. 32bit PAE will only not show it if
you have NX hardware (i.e. the CS-limit protections are not enabled
The problem appears on 2.6.31-15-generic-pae, too.
$ fgrep pae /proc/cpuinfo
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat
pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe lm constant_tsc
arch_perfmon pebs bts pni dtes64 monitor ds_cpl vmx est tm2 ssse3
to Pekka:
If you have seen the above discussion then there was this link about the
nx-emulation:
https://wiki.ubuntu.com/Security/Features#Non-Exec%20Memory
If you read it you will see that the generic-pae kernel is also using the
nx-emulation if your processor does not support nx.
As far as I
Correct. To avoid this issue, you must either run 64bit, or on a system
that has hardware support for the NX bit (check your BIOS, it is
frequently disabled).
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You received this bug
uname :
Linux 2.6.31-14-generic-pae #48-Ubuntu SMP Fri Oct 16 15:22:42 UTC 2009 i686
GNU/Linux
hardware :
HP xw4100 / P4 / 2Gb / 36Gb SCSI320
dmesg output :
[37809.238716] apt-get[3530]: segfault at 44a5affd ip 00b8f36d sp bfb468b0
error 4 in libapt-pkg-libc6.10-6.so.4.8.1[af6000+bd000]
Just tried to echo 0 /proc/sys/kernel/randomize_va_space as root and
apt-get install : same issue (segfault).
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You received this bug notification because you are a member of Ubuntu
Bugs,
@kees If the problem does not appear on 64-bit, then it likely will not
appear on the 32-bit generic-pae kernel (assuming this is on a system
with PAE and the NX bit).
Correct, this is reproducible on 32bit kernel but not on a 64bit kernel.
--
Random segfaults when using ld.so explicitly to
** Changed in: linux (Ubuntu)
Status: Incomplete = Triaged
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
I took a look at the diff from -2.3 to -3.4. I guess this is related to
changelog entry:
[ Kees Cook ]
* SAUCE: [x86] implement cs-limit nx-emulation for ia32
- LP: #369978
Kees, do you know if the nx-emulation could cause this?
--
Random segfaults when using ld.so explicitly to start a
This could be possible, though I do find it rather unexpected since other
shared-library loading works fine (i.e. a PIE executable is effectively a
shared library, like ld.so). If the problem does not appear on 64-bit, then it
likely will not appear on the 32-bit generic-pae kernel (assuming
I should clarify a bit further: this is likely a bad interaction between the
randomized mmap allocations and the NX emulation. If you disable ASLR, the
problem may also vanish (though note that this disables ASLR for the entire
system, which is not really recommended):
hrm, it seems randomize_va_space=0 is not disabling ASLR for ld.so and
vdso, so this did not change the problem for me. (I am able to
reproduce this test-case on an nx-emulated system.
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You
Also note that Fedora 12's kernel carries the same (or nearly identical)
nx-emulation patch, so the behavior would be exposed there too (which is
what comment 7 seems to show).
So, I suspect the exec-range ASLR that is specific to the patch is
buggy. I will continue poking at this.
--
Random
works:
* 2.6.30-2.3
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
broken the next one:
* 2.6.30-3.4
So it seems with this release came the change that broke it.
Changes:
http://launchpadlibrarian.net/26403381/linux_2.6.30-3.4_i386.changes
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You received
I made some tests with various kernel versions using the test script
attached to the bug description.
broken:
* 2.6.31-14.48
* 2.6.30-10.12
works:
* 2.6.30-1
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You received this bug
I have a laptop with Fedora 12. On that machine, I have a debian-lenny
chroot.
Within the chroot, I can reproduce the same behavior.
Outside of it, I can't (because which is a binary here).
# uname -a
Linux boober.fraggle 2.6.31.5-115.fc12.i686.PAE #1 SMP Wed Nov 4 00:27:30 EST
2009 i686 i686
On Thu, Nov 12, 2009 at 7:00 PM, Sven Herzberg he...@gnome-de.org wrote:
I have a laptop with Fedora 12. On that machine, I have a debian-lenny
chroot.
Within the chroot, I can reproduce the same behavior.
Outside of it, I can't (because which is a binary here).
# uname -a
Linux
Riku you're right. I guess we need to bisect using some previously built
karmic kernels from
https://edge.launchpad.net/ubuntu/karmic/+source/linux
We only need to concentrate on the the i386 builds. And then download
and install the corresponding linux-image-*-generic_*.deb.
Help with verifying
Re-adding linux (kernel) as a possible bug originator.
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Importance: Undecided = Medium
** Changed in: linux (Ubuntu)
Status: New = Incomplete
--
Random segfaults when using ld.so
** Changed in: linux (Ubuntu)
Assignee: (unassigned) = Amit Kucheria (amitk)
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
If it is not a kernel bug, howcome it only appears with a Ubuntu patched
kernel? At the minimum, it should be bisected which kernel patch broke
bash.
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You received this bug notification
I have Karmic installed and with kernel 2.6.31-14 this is totally
reproducible. But if I boot to 2.6.28-15, the problem disappears.
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You received this bug notification because you are a
Confirmed on a 32-bit laptop. The script works just fine on a 64-bit
machine.
** Changed in: linux (Ubuntu)
Importance: Undecided = Medium
** Changed in: linux (Ubuntu)
Status: New = Confirmed
--
Random segfaults when using ld.so explicitly to start a program
Replacing /bin/bash with /bin/dash does not show anymore errors. Sounds
like an upstream bash bug, not a kernel bug
** Package changed: linux (Ubuntu) = bash (Ubuntu)
--
Random segfaults when using ld.so explicitly to start a program
https://bugs.launchpad.net/bugs/452175
You received this bug
46 matches
Mail list logo