Re: [gentoo-hardened] SELinux:after latest update every binary needs the execmod permission to execute

Thu, 13 Apr 2006 05:47:16 -0700 



Sinds my latest update I need to add execmod permissions for every 
executable binary other wise it says:
error while loading shared libraries: cannot restore segment prot after 
reloc: Permission denied
   



strace will tell you on which mapping you got the mprotect failure,
that's the culprit library.

 


Tanks, but in enforcing it craches at the first line. Not at mprotect.
strace ping
execve("/bin/ping", ["ping"], [/* 33 vars */]) = 0
+++ killed by SIGKILL +++

Without enforcing ping works just fine:

strace ping
execve("/bin/ping", ["ping"], [/* 33 vars */]) = 0
uname({sys="Linux", node="terra", ...}) = 0
brk(0)                                  = 0x8001e320

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or 
directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=17816, ...}) = 0
mmap2(NULL, 17816, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f6c000
close(3)                                = 0
open("/lib/libresolv.so.2", O_RDONLY)   = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@&\0\000"..., 
512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=68620, ...}) = 0

mmap2(NULL, 79860, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) 
= 0xb7f58000
mmap2(0xb7f68000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf) = 0xb7f68000
mmap2(0xb7f6a000, 6132, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f6a000

close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220T\1"..., 
512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=1245200, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 
0) = 0xb7f57000
mmap2(NULL, 1174740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 
0) = 0xb7e38000
mmap2(0xb7f51000, 16384, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x119) = 0xb7f51000
mmap2(0xb7f55000, 7380, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f55000

close(3)                                = 0
mprotect(0xb7f51000, 4096, PROT_READ)   = 0
mprotect(0x80000000, 40960, PROT_READ|PROT_WRITE) = 0
mprotect(0x80000000, 40960, PROT_READ|PROT_EXEC) = 0
mprotect(0x8000a000, 4096, PROT_READ)   = 0
mprotect(0xb7f87000, 4096, PROT_READ)   = 0
munmap(0xb7f6c000, 17816)               = 0
open("/dev/urandom", O_RDONLY)          = 3
read(3, "[EMAIL PROTECTED]", 4)                = 4
close(3)                                = 0
socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = 3
getuid32()                              = 0
setuid32(0)                             = 0

write(2, "Usage: ping [-LRUbdfnqrvVaA] [-c"..., 262Usage: ping 
[-LRUbdfnqrvVaA] [-c count] [-i interval] [-w deadline]

           [-p pattern] [-s packetsize] [-t ttl] [-I interface or address]
           [-M mtu discovery hint] [-S sndbuf]
           [ -T timestamp option ] [ -Q tos ] [hop1 ...] destination
) = 262
exit_group(2)                           = ?


--
[email protected] mailing list























					Reply via email to