NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/38982: PaX ASLR makes some programs crash



Fix by
http://mail-index.netbsd.org/source-changes/2010/08/23/msg012847.html
Tested on netbsd-5 with daily build 201009010000Z

--
Thom

2009/12/12 Jean-Yves Migeon <jym%netbsd.org@localhost>:
> The following reply was made to PR kern/38982; it has been noted by GNATS.
>
> From: Jean-Yves Migeon <jym%NetBSD.org@localhost>
> To: gnats-bugs%NetBSD.org@localhost
> Cc:
> Subject: Re: kern/38982: PaX ASLR makes some programs crash
> Date: Sat, 12 Dec 2009 22:06:51 +0100
>
>  I tracked down the issue a bit, and it is related to the setrlimit()
>  usage for the stack size. When setting the value to an insanely big size
>  (or infinity), all programs will end with a SIGABRT.
>
>  In the case of useradd/vipw/libutil binaries, the:
>
>  (void)setrlimit(RLIMIT_STACK, &rlim);
>
>  found inside pw_init() (in lib/libutil/passwd.c) does the trick. If you
>  comment out the line, or at least, set the rlimit to a smaller size,
>  libutil functions start working again.
>
>  From a more general PoV, using ulimit(3):
>
>  # sysctl -w security.pax.aslr.enabled=1
>  # ls
>  CVS        conf       fs         modules    netinet6   netsmb     sys
>  Makefile   crypto     gdbscripts net        netipsec   nfs        tags
>  altq       ddb        ipkdb      net80211   netisdn    opencrypto ufs
>  arch       dev        kern       netatalk   netiso     rump       uvm
>  coda       dist       lib        netbt      netkey     secmodel
>  compat     external   miscfs     netinet    netnatm    stand
>  # ulimit -s unlimited
>  # ls
>  Abort
>  # vi
>  Abort
>
>  ... and so forth. I guess that the gmake issue is the same, as it starts
>  by altering the stack ressource:
>
>  [...]
>   17022      1 gmake    CALL  getrlimit(3,0xbf0b6644)
>   17022      1 gmake    RET   getrlimit 0
>   17022      1 gmake    CALL  setrlimit(3,0xbf0b6644)
>   17022      1 gmake    RET   setrlimit 0
>   17022      1 gmake    CALL  issetugid
>   17022      1 gmake    RET   issetugid 0
>  [...]
>
>  setrlimit(3, 0xbf0b6644) => setrlimit(RLIMIT_STACK, max) (called at the
>  beginning of the main of gmake). FWIW, max == 67108864 (65k). If you
>  invoke gmake from a simple user and not from superuser, it will work as
>  expected.
>
>  --
>  Jean-Yves Migeon
>  jym%NetBSD.org@localhost
>
>


Home | Main Index | Thread Index | Old Index