On 6 Mar 2009 at 17:13, Alex Efros wrote: > Two questions: > 1) Is "2.6.28.7 and PaX alone" mean hardened-sources-2.6.28 with > everything except PaX switched off, or vanilla-sources-2.6.28.7 manually > patched with latests PaX?
it's always the latter ;), i need to make sure it's a PaX problem. > 2) I'm perl programmer, not C. So I need more detailed instructions (list > of commands to run) how to "get coredumps and analyze them for the usual > things". Probably this info already available somewhere, so url to this > doc will be enough. i mentioned them quite a few times on the list and bugzilla and the grsec forums, here it is again. first, the coredump: you enable coredumps in your shell (ulimit -c unlimited) then run your program that crashes. this will produce a coredump file that you load into gdb and then issue the following gdb commands: bt x/8i $pc x/8x $sp info reg > As for strace - did that, it helps me detect .so libraries (Ioncube and > ZendOptimizer) because of which apache was killed. on a second thought, i'd need the strace output regardless of the gdb analysis, just to see how text relocations went as that's where the problem is probably.
