RE: UNS: RE: [Dazuko-devel] capability as a module on fc8

dazuko-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: UNS: RE: [Dazuko-devel] capability as a module on fc8

From:	Tikka, Sami
Subject:	RE: UNS: RE: [Dazuko-devel] capability as a module on fc8
Date:	Mon, 10 Mar 2008 10:10:27 +0200

I'll have to check if we have already fixed that. The version of dazuko we
ship in our Linux Security product (currently in beta) is able to figure out
the syscall table readonly issues without the user needing to configure
dazuko differently.

If you want to try it yourself, you can download Linux Security
(http://www.f-secure.com/linux-weblog/2008/01/08/linux-security-700-beta-3/)
and install it. Please tell me if it works for you.

What was the Linux distro and version where you tried it?

-- Sami

P.S. Yes, I know it is a bad thing F-Secure uses its own version of dazuko.
We will try to contribute our fixes back to John Ogness. 

P.P.S. The installation package contains the official dazuko 2.3.4 and a
patch with all F-Secure's changes.

> -----Original Message-----
> From: jim burns [mailto:address@hidden
> Sent: 10 March, 2008 04:50
> To: Tikka, Sami; address@hidden
> Subject: Re: UNS: RE: [Dazuko-devel] capability as a module on fc8
> 
> On Sunday 09 March 2008 06:21:39 pm you wrote:
> > What kind of problems have you had with syscalls in the past?
> 
> Kernel oops. It doesn't matter whether i pass --sct-readonly or --sct-
> nocheck.
> A sample syslog output:
> 
> 
> Mar  8 23:56:36 Insp6400 kernel: BUG: unable to handle kernel paging
> request
> at virtual address c063f754
> Mar  8 23:56:36 Insp6400 kernel: printing eip: f8c0bfae *pdpt =
> 0000000000004001 *pde = 0000000037964163 *pte = 800000000063f161
> Mar  8 23:56:36 Insp6400 kernel: Oops: 0003 [#1] SMP
> Mar  8 23:56:36 Insp6400 kernel: Modules linked in: dazuko(U) sunrpc
> nf_conntrack_netbios_ns xt_comment nf_conntrack_ipv4 xt_state
> nf_conntrack
> xt_tcpudp ipt_LOG iptable_filter ip_tables x_tables cpufreq_ondemand
> acpi_cpufreq loop ipv6 snd_usb_audio snd_usb_lib snd_rawmidi snd_hwdep
> hsfhda(U) hsfserial(U) hsfengine(P)(U) hsfosspec(U) snd_hda_intel(U)
> snd_hda_codec(U) snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq
> b44(U)
> snd_seq_device arc4 snd_pcm_oss snd_mixer_oss ecb firewire_ohci(U)
> snd_pcm
> blkcipher ssb(U) sdhci(U) firewire_core(U) mmc_core(U) iwl3945(U)
> video(U)
> mii(U) snd_timer ac(U) snd crc_itu_t battery(U) dcdbas(U) output(U)
> button(U)
> iTCO_wdt(U) i2c_i801(U) soundcore i2c_core(U) iTCO_vendor_support(U)
> pcspkr(U) mac80211 snd_page_alloc cfg80211 joydev(U) sr_mod sg cdrom(U)
> dm_snapshot(U) dm_zero(U) dm_mirror(U) dm_mod(U) pata_acpi ata_generic
> ata_piix libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd(U)
> ohci_hcd(U)
> ehci_hcd(U)
> Mar  8 23:56:36 Insp6400 kernel:
> Mar  8 23:56:36 Insp6400 kernel: Pid: 2275, comm: modprobe Tainted: P
> (2.6.24.3-12.fc8PAE #4)
> Mar  8 23:56:36 Insp6400 kernel: EIP: 0060:[<f8c0bfae>] EFLAGS:
> 00210282 CPU:
> 0
> Mar  8 23:56:36 Insp6400 kernel: EIP is at xp_sys_hook+0x18a/0x210
> [dazuko]
> Mar  8 23:56:36 Insp6400 kernel: EAX: c048db60 EBX: f5040500 ECX:
> f5193eac
> EDX:c063f754
> Mar  8 23:56:36 Insp6400 kernel: ESI: f5040540 EDI: f8c0f87c EBP:
> f8c0e680
> ESP:f5193e98
> Mar  8 23:56:36 Insp6400 kernel:  DS: 007b ES: 007b FS: 00d8 GS: 0033
> SS: 0068
> Mar  8 23:56:36 Insp6400 kernel: Process modprobe (pid: 2275,
> ti=f5192000
> task=f
> 1c14000 task.ti=f5192000)
> Mar  8 23:56:36 Insp6400 kernel: Stack: f5195800 00000000 0f800000
> 00000000
> f8c0cbfd f5040568 f8c090a4 c0446a9c
> Mar  8 23:56:36 Insp6400 kernel:        ffffffff 00000001 c0451157
> 00000000
> 00000000 00000000 c048ef49 00008238
> Mar  8 23:56:36 Insp6400 kernel:        00000000 00000000 000003e8
> 00000000
> 00000000 00000000 00000000 00000000
> Mar  8 23:56:36 Insp6400 kernel: Call Trace:
> Mar  8 23:56:36 Insp6400 kernel:  [<f8c090a4>] dazuko_init+0x6d/0x8e
> [dazuko]
> Mar  8 23:56:36 Insp6400 kernel:  [<c0446a9c>]
> blocking_notifier_call_chain+0x17/0x1a
> Mar  8 23:56:36 Insp6400 kernel:  [<c0451157>]
> sys_init_module+0x14fa/0x161b
> Mar  8 23:56:36 Insp6400 kernel:  [<c048ef49>] do_sync_read+0xc7/0x10a
> Mar  8 23:56:36 Insp6400 kernel:  [<c0408116>]
> sysenter_past_esp+0x6b/0xa1
> Mar  8 23:56:36 Insp6400 kernel:  =======================
> Mar  8 23:56:36 Insp6400 kernel: Code: f8 c0 f8 8b 82 50 05 00 00 83 c0
> 04 f0
> ff
>  00 64 a1 00 40 7a c0 86 98 bc 05 00 00 8b 15 d8 f8 c0 f8 83 c2 14 8b
> 02 a3 e8
> f
> 8 c0 f8 <c7> 02 78 ad c0 f8 8b 15 d8 f8 c0 f8 81 c2 a4 00 00 00 8b 02
> a3
> Mar  8 23:56:36 Insp6400 kernel: EIP: [<f8c0bfae>]
> xp_sys_hook+0x18a/0x210
> [dazuko] SS:ESP 0068:f5193e98
> Mar  8 23:56:36 Insp6400 kernel: ---[ end trace 9717c3868b47d771 ]---

[Prev in Thread]

Current Thread

[Next in Thread]

[Dazuko-devel] capability as a module on fc8, jim burns, 2008/03/08
- Re: [Dazuko-devel] capability as a module on fc8, John Ogness, 2008/03/08
- RE: [Dazuko-devel] capability as a module on fc8, Tikka, Sami, 2008/03/09
  - Re: UNS: RE: [Dazuko-devel] capability as a module on fc8, jim burns, 2008/03/09
    - RE: UNS: RE: [Dazuko-devel] capability as a module on fc8, Tikka, Sami <=
    - Re: [Dazuko-devel] capability as a module on fc8, John Ogness, 2008/03/11

Prev by Date: Re: UNS: RE: [Dazuko-devel] capability as a module on fc8
Next by Date: Re: [Dazuko-devel] 2.3.5-pre1 posted
Previous by thread: Re: UNS: RE: [Dazuko-devel] capability as a module on fc8
Next by thread: Re: [Dazuko-devel] capability as a module on fc8
Index(es):
- Date
- Thread