[rsbac] kernel oops accessing /dev/log

Vincent Danen vdanen at annvix.org
Fri Feb 10 20:18:45 CET 2006


* Amon Ott <ao at rsbac.org> [2006-02-10 10:04:15 +0100]:

> > > > You can mail it to me. It lists all function addresses, so you 
> can 
> > > > look at the EIP and the call trace to find which function it was 
> in.
> > > 
> > > There is also a utility, ksymoops, which does this for you.
> > 
> > Looked at it and sent the output to Amon as well.  Mumbo-jumbo to 
> me..
> 
> This is the sys_lstat64 function. I cannot really see any step where 
> it could dereference a NULL pointer.
> 
> According to oops.txt and System.map it is sys_fstat. Not much luck 
> there either. Hmm.
> 
> Does the oops still happen, if you disable RSBAC network support 
> completely?

That seems to have done it.  Need to test a bit further, but no oops so
far in the vmware machine or on the x86 machine.  I disabled NET,
NET_DEV, and NET_OBJ (the three CONFIG_RSBAC_NET* things that were
enabled).

Thanks, Amon!  Does that help to track it down a bit?  Maybe?  =)  I'm
going to rebuild the kernels with this same config on x86_64 and make
sure there isn't any regression, but so far it looks good (rebooted
twice on each "machine" to see if it was sporadic, looked at the
/dev/log and /var/lib/mysql/mysql.sock files and so far so good).

-- 
Annvix - Secure Linux Server: http://annvix.org/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C  A2BC 2EBC 5E32 FEE3 0AD4}
Wasting time like it was free...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://www.rsbac.org/pipermail/rsbac/attachments/20060210/82165008/attachment.bin


More information about the rsbac mailing list