On 2016-02-26 01:11 PM, ruslan_ka wrote: >> I have no idea what can cause this access to /dev/tty. I never ran into >> this problem on my own server which is similar minus the EAP/RADIUS >> part, I use xauth-generic only. > xauth-eap works in a different way. It takes clear text password from client > and makes EAP request to a radius server (in my case EAP-MSCHAPv2). It allows > to store user passwords encrypted. > > Quick look through the code gives many uses for stdout (as example), but > I'm not an expert to analyze them > (https://git.strongswan.org/?p=strongswan.git&a=search&h=ddf1fc7692889298e04a4c799bf0c2f67b61ebe9&st=grep&s=stdout).
Maybe you have some log output configured to go to stdout/stderr? >> Again, not related but aren't the 2 rightsourceip= overlapping? > it is a StrongSwan feature. It manages ip pool as shared in such case. You > can either use > rightsourceip=%poolname > or just use identical definition in rightsourceip and StrongSwan will share > the same pool implicitly. It's what I assumed you were doing but your 2 CIDRs are not identical: ikev1-psk-xauth uses a /9 and ikev2-with-eap a /16. >> I honestly don't know why charon tries to access /dev/tty. Are you able >> to see that message on the console or the upstart log when the Apparmor >> profile is disabled? > With disabled Apparmor profile everything work pretty good. When doing the load testing, do you get something logged or displayed on the console with the Apparmor profile disabled? > I can provide any additional information about this system or can do > some tests. Well, at this point you demonstrated that you can have charon access /dev/tty when you fully control the 2 sides of the connections (with your load tester setup). This means that those access to /dev/tty are quite probably not the result of an attack of some kind. They are more likely the result of normal operations carried by charon. As such, I feel the proper fix would be to update the Apparmor profile to grant access to /dev/tty and avoid causing a crash. Regards, Simon -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1549436 Title: AppArmor kills StronSwan daemon 'charon' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1549436/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs