Re: [gentoo-hardened] 2.6.28-hardened-r7 hangs before starting /sbin/init

Thu, 02 Apr 2009 09:36:34 -0700 

Hi!

Also, I've just compared runit-init & bash binaries on both servers.
Here results from server with this issue:

    # for i in /bin/bash /sbin/runit-init; do ls -l $i; md5sum $i; paxctl -v 
$i; done
    -rwxr-xr-x 1 root root 858476 2009-04-01 23:44 /bin/bash
    1f217dcd279f9105ecb0ffd8b5e1d19d  /bin/bash
    PaX control v0.5
    Copyright 2004,2005,2006,2007 PaX Team <[email protected]>

    - PaX flags: -------x-e-- [/bin/bash]
            RANDEXEC is disabled
            EMUTRAMP is disabled
    -rwxr-xr-x 1 root root 13616 2009-04-02 15:16 /sbin/runit-init
    c0aee39d040096e05fc95fd4bcfaf34f  /sbin/runit-init
    PaX control v0.5
    Copyright 2004,2005,2006,2007 PaX Team <[email protected]>

    - PaX flags: -----m-x-e-- [/sbin/runit-init]
            MPROTECT is disabled
            RANDEXEC is disabled
            EMUTRAMP is disabled

Here from server without this issue:

    # for i in /bin/bash /sbin/runit-init; do ls -l $i; md5sum $i; paxctl -v 
$i; done
    -rwxr-xr-x 1 root root 858476 2009-04-01 23:38 /bin/bash
    1f217dcd279f9105ecb0ffd8b5e1d19d  /bin/bash
    PaX control v0.5
    Copyright 2004,2005,2006,2007 PaX Team <[email protected]>

    - PaX flags: -------x-e-- [/bin/bash]
            RANDEXEC is disabled
            EMUTRAMP is disabled
    -rwxr-xr-x 1 root root 13616 2009-04-02 00:37 /sbin/runit-init
    8e6da3a1849d1d2830896d9caeff03e5  /sbin/runit-init
    PaX control v0.5
    Copyright 2004,2005,2006,2007 PaX Team <[email protected]>

    - PaX flags: -------x-e-- [/sbin/runit-init]
            RANDEXEC is disabled
            EMUTRAMP is disabled

As you see, bash is *same* on both servers, but on first server failed to
boot with init=/bin/bash unless I do paxctl -m /bin/bash.

I've no idea why runit-init differ, but it's ease to test - I've copied
runit-init from second server to first, and tried to boot it using that
runit-init (without marking it with paxctl -m):
    
    # ls -l /sbin/runit-init*
    -rwxr-xr-x 1 root root 13616 2009-04-02 15:16 /sbin/runit-init
    -rwxr-xr-x 1 root root 13616 2009-04-02 16:25 /sbin/runit-init2
    # md5sum /sbin/runit-init*
    c0aee39d040096e05fc95fd4bcfaf34f  /sbin/runit-init
    8e6da3a1849d1d2830896d9caeff03e5  /sbin/runit-init2

And... yeah, it doesn't boot with init=/sbin/runit-init2, as expected.

Only possible difference between servers which I can't see may be in hardware.
But:
- server should be same, at least we buy them both as "HP ProLiant DL140 G3"
  and they both has same BIOS version "1.14 08/13/07" so I suppose they
  should be same unless some hardware is broken
- previous kernel sys-kernel/hardened-sources-2.6.27-r8 works ok on both
  servers with same kernel configuration (CONFIG_PAX_MPROTECT enabled,
  paxctl -m doesn't applied to runit-init)

So, this issue in some way related to PaX changes between 2.6.27-r8 and
2.6.28-r7.

-- 
                        WBR, Alex.

Reply via email to