[rsbac] RSBAC build problem on linux-4.9.y-c3fbb3a

HacKurx hackurx at gmail.com
Mon May 15 21:44:47 CEST 2017 

> Am 15.05.2017 um 09:28 schrieb Amon Ott:
>> I think I found it. Just pushed 4.9.28 and 4.4.68 to git with a fix, please try.

Perfect thanks a lot. I had an error in the log but I think it's something else.

>> RSBAC mprotect works without PaX.
>
> Great.

Despite its selection in the kernel the mprotect option does not work
(tested with paxtest and firefox execution). This is not active by
default? Should I force the option with a kernel parameters?
Did I miss something in the documentation?

Many questions sorry, I discover RSBAC :)

Best regards,

HacKurx (Loic)
-------------- section suivante --------------
#
# Security options
#
CONFIG_RSBAC=y

#
# General RSBAC options
#
# CONFIG_RSBAC_INIT_THREAD is not set
CONFIG_RSBAC_PROC=y
CONFIG_RSBAC_INIT_CHECK=y
# CONFIG_RSBAC_NO_WRITE is not set
# CONFIG_RSBAC_MSDOS_WRITE is not set
CONFIG_RSBAC_AUTO_WRITE=5
CONFIG_RSBAC_RCU_RATE=1000
CONFIG_RSBAC_LIST_MAX_HASH_BITS=9
CONFIG_RSBAC_LIST_AUTO_REHASH_TRIGGER=20
CONFIG_RSBAC_LIST_CHECK_INTERVAL=1800
# CONFIG_RSBAC_LIST_STATS is not set
CONFIG_RSBAC_LIST_TRANS=y
CONFIG_RSBAC_LIST_TRANS_MAX_TTL=3600
CONFIG_RSBAC_LIST_TRANS_RANDOM_TA=y
# CONFIG_RSBAC_FD_CACHE is not set
CONFIG_RSBAC_DEBUG=y
# CONFIG_RSBAC_DEV_USER_BACKUP is not set
CONFIG_RSBAC_SECOFF_UID=400
# CONFIG_RSBAC_INIT_DELAY is not set
CONFIG_RSBAC_UM=y
CONFIG_RSBAC_UM_DIGEST=y
CONFIG_RSBAC_UM_USER_MIN=2000
CONFIG_RSBAC_UM_GROUP_MIN=2000
# CONFIG_RSBAC_UM_EXCL is not set
CONFIG_RSBAC_UM_MIN_PASS_LEN=6
CONFIG_RSBAC_UM_NON_ALPHA=y
CONFIG_RSBAC_UM_PWHISTORY=y
CONFIG_RSBAC_UM_PWHISTORY_MAX=8
# CONFIG_RSBAC_UM_ONETIME is not set
# CONFIG_RSBAC_UM_VIRTUAL is not set
# CONFIG_RSBAC_UM_NAME_CACHE is not set

#
# RSBAC networking options
#
CONFIG_RSBAC_NET=y
CONFIG_RSBAC_NET_DEV=y
# CONFIG_RSBAC_NET_DEV_VIRT is not set
CONFIG_RSBAC_IND_NETDEV_LOG=y
CONFIG_RSBAC_NET_OBJ=y
CONFIG_RSBAC_NET_OBJ_RW=y
CONFIG_RSBAC_IND_NETOBJ_LOG=y

#
# Decision modules (policy) options
#
CONFIG_RSBAC_REG=y
CONFIG_RSBAC_REG_SAMPLES=y
CONFIG_RSBAC_AUTH=y
CONFIG_RSBAC_AUTH_AUTH_PROT=y
CONFIG_RSBAC_AUTH_UM_PROT=y
# CONFIG_RSBAC_AUTH_DAC_OWNER is not set
# CONFIG_RSBAC_AUTH_ALLOW_SAME is not set
# CONFIG_RSBAC_AUTH_GROUP is not set
CONFIG_RSBAC_AUTH_LEARN=y
CONFIG_RSBAC_AUTH_LEARN_TA=0
CONFIG_RSBAC_RC=y
CONFIG_RSBAC_RC_AUTH_PROT=y
CONFIG_RSBAC_RC_UM_PROT=y
CONFIG_RSBAC_RC_GEN_PROT=y
# CONFIG_RSBAC_RC_BACKUP is not set
CONFIG_RSBAC_RC_NET_DEV_PROT=y
CONFIG_RSBAC_RC_NET_OBJ_PROT=y
# CONFIG_RSBAC_RC_NET_OBJ_UNIX_PROCESS is not set
# CONFIG_RSBAC_RC_LEARN is not set
CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE=999999
CONFIG_RSBAC_ACL=y
# CONFIG_RSBAC_ACL_SUPER_FILTER is not set
CONFIG_RSBAC_ACL_AUTH_PROT=y
CONFIG_RSBAC_ACL_UM_PROT=y
CONFIG_RSBAC_ACL_GEN_PROT=y
# CONFIG_RSBAC_ACL_BACKUP is not set
# CONFIG_RSBAC_ACL_LEARN is not set
CONFIG_RSBAC_ACL_NET_DEV_PROT=y
CONFIG_RSBAC_ACL_NET_OBJ_PROT=y
# CONFIG_RSBAC_MAC is not set
CONFIG_RSBAC_DAZ=y
CONFIG_RSBAC_DAZ_SELECT=y
CONFIG_RSBAC_DAZ_CACHE=y
CONFIG_RSBAC_DAZ_TTL=86400
# CONFIG_RSBAC_DAZ_PERSIST is not set
CONFIG_RSBAC_DAZ_DEV_MAJOR=250
CONFIG_RSBAC_CAP=y
CONFIG_RSBAC_CAP_PROC_HIDE=y
# CONFIG_RSBAC_CAP_AUTH_PROT is not set
# CONFIG_RSBAC_CAP_LOG_MISSING is not set
# CONFIG_RSBAC_CAP_LEARN is not set
CONFIG_RSBAC_JAIL=y
CONFIG_RSBAC_JAIL_NET_ADJUST=y
CONFIG_RSBAC_JAIL_NET_DEV_PROT=y
# CONFIG_RSBAC_JAIL_LOG_MISSING is not set
CONFIG_RSBAC_RES=y
CONFIG_RSBAC_FF=y
# CONFIG_RSBAC_FF_AUTH_PROT is not set
CONFIG_RSBAC_FF_UM_PROT=y
# CONFIG_RSBAC_FF_GEN_PROT is not set
# CONFIG_RSBAC_UDF is not set

#
# Softmode and switching
#
# CONFIG_RSBAC_SOFTMODE is not set
# CONFIG_RSBAC_SWITCH is not set

#
# Logging
#
CONFIG_RSBAC_IND_LOG=y
CONFIG_RSBAC_IND_USER_LOG=y
CONFIG_RSBAC_IND_PROG_LOG=y
CONFIG_RSBAC_LOG_PROGRAM_FILE=y
CONFIG_RSBAC_LOG_FULL_PATH=y
CONFIG_RSBAC_MAX_PATH_LEN=512
CONFIG_RSBAC_LOG_PSEUDO=y
CONFIG_RSBAC_LOG_PSEUDO_FS=y
CONFIG_RSBAC_SYSLOG_RATE=y
CONFIG_RSBAC_SYSLOG_RATE_DEF=1000
CONFIG_RSBAC_RMSG=y
CONFIG_RSBAC_RMSG_MAXENTRIES=200
CONFIG_RSBAC_RMSG_NOSYSLOG=y
# CONFIG_RSBAC_LOG_REMOTE is not set
CONFIG_RSBAC_SYM_REDIR=y
CONFIG_RSBAC_SYM_REDIR_REMOTE_IP=y
CONFIG_RSBAC_SYM_REDIR_UID=y
CONFIG_RSBAC_SYM_REDIR_RC=y

#
# Other RSBAC options
#
# CONFIG_RSBAC_SECDEL is not set
CONFIG_RSBAC_RW=y
CONFIG_RSBAC_IPC_SEM=y
CONFIG_RSBAC_DAC_OWNER=y
# CONFIG_RSBAC_DAC_GROUP is not set
CONFIG_RSBAC_PROC_HIDE=y
# CONFIG_RSBAC_FSOBJ_HIDE is not set
CONFIG_RSBAC_FREEZE=y
# CONFIG_RSBAC_FREEZE_UM is not set
CONFIG_RSBAC_SYSLOG=y
CONFIG_RSBAC_IOCTL=y
# CONFIG_RSBAC_USER_CHOWN is not set
# CONFIG_RSBAC_DAT_VISIBLE is not set
# CONFIG_RSBAC_NO_DECISION_ON_NETMOUNT is not set
# CONFIG_RSBAC_ENFORCE_CLOSE is not set
# CONFIG_RSBAC_MOVETO is not set
# CONFIG_RSBAC_MOVETO_EXDEV is not set
# CONFIG_RSBAC_USER_MOD_IOPERM is not set
CONFIG_RSBAC_FAKE_ROOT_UID=y
CONFIG_RSBAC_MPROTECT=y
CONFIG_RSBAC_XSTATS=y
-------------- section suivante --------------

mai 15 19:40:01 Vostro3558 kernel: ------------[ cut here ]------------
mai 15 19:40:01 Vostro3558 kernel: rtc_cmos 00:01: RTC can wake from S4
mai 15 19:40:01 Vostro3558 kernel: WARNING: CPU: 1 PID: 2 at lib/list_debug.c:29 __list_add+0x5c/0xb0
mai 15 19:40:01 Vostro3558 kernel: rtc_cmos 00:01: rtc core: registered rtc_cmos as rtc0
mai 15 19:40:01 Vostro3558 kernel: rtc_cmos 00:01: alarms up to one month, y3k, 242 bytes nvram, hpet irqs
mai 15 19:40:01 Vostro3558 kernel: i2c /dev entries driver
mai 15 19:40:01 Vostro3558 kernel: device-mapper: uevent: version 1.0.3
mai 15 19:40:01 Vostro3558 kernel: device-mapper: ioctl: 4.35.0-ioctl (2016-06-23) initialised: dm-devel at redhat.com
mai 15 19:40:01 Vostro3558 kernel: intel_pstate: Intel P-state driver initializing
mai 15 19:40:01 Vostro3558 kernel: hidraw: raw HID events driver (C) Jiri Kosina
mai 15 19:40:01 Vostro3558 kernel: list_add corruption. next->prev should be prev (ffff9da95e802ae0), but was ffff9da957c1fdc0. (next=ffff9da95a723c40).
mai 15 19:40:01 Vostro3558 kernel: usbcore: registered new interface driver usbhid
mai 15 19:40:01 Vostro3558 kernel: usbhid: USB HID core driver
mai 15 19:40:01 Vostro3558 kernel: Modules linked in:
mai 15 19:40:01 Vostro3558 kernel: CPU: 1 PID: 2 Comm: kthreadd Not tainted 4.9.28-rsbac #1
mai 15 19:40:01 Vostro3558 kernel: Hardware name: Dell Inc. Vostro 3558
mai 15 19:40:01 Vostro3558 kernel:  0000000000000000 ffffffff9c386bdd ffffbae60001bc90 0000000000000000
mai 15 19:40:01 Vostro3558 kernel:  ffffffff9c100094 ffff9da95a51adc0 ffffbae60001bce8 ffff9da95a723c40
mai 15 19:40:01 Vostro3558 kernel: Netfilter messages via NETLINK v0.30.
mai 15 19:40:01 Vostro3558 kernel:  ffff9da95a465080 000000000000041f 0000000100800711 ffffffff9c10010a
mai 15 19:40:01 Vostro3558 kernel: Call Trace:
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c386bdd>] ? dump_stack+0x46/0x59
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c100094>] ? __warn+0xb4/0xd0
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c10010a>] ? warn_slowpath_fmt+0x5a/0x80
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c3a32bc>] ? __list_add+0x5c/0xb0
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c0b4fd5>] ? rsbac_mark_kthread+0x35/0x40
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c0ff58d>] ? _do_fork+0x47d/0x610
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c123201>] ? check_preempt_curr+0x71/0x80
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c12b63b>] ? set_next_entity+0x6b/0x960
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c132c05>] ? pick_next_task_fair+0x405/0x460
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c12122e>] ? finish_task_switch+0x8e/0x1f0
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c77ddc4>] ? __schedule+0x184/0x550
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c0ff746>] ? kernel_thread+0x26/0x30
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c11d13d>] ? kthreadd+0xdd/0x130
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c11d060>] ? kthread_create_worker_on_cpu+0x60/0x60
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c781c62>] ? ret_from_fork+0x22/0x30
mai 15 19:40:01 Vostro3558 kernel: nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
mai 15 19:40:01 Vostro3558 kernel: ---[ end trace b73cd09bbfec900d ]---


mai 15 19:40:01 Vostro3558 kernel: ------------[ cut here ]------------
mai 15 19:40:01 Vostro3558 kernel: WARNING: CPU: 1 PID: 2 at lib/list_debug.c:33 __list_add+0x83/0xb0
mai 15 19:40:01 Vostro3558 kernel: list_add corruption. prev->next should be next (ffff9da95a723c40), but was ffff9da958287680. (prev=ffff9da95e802ae0).
mai 15 19:40:01 Vostro3558 kernel: Modules linked in:
mai 15 19:40:01 Vostro3558 kernel: CPU: 1 PID: 2 Comm: kthreadd Tainted: G        W       4.9.28-rsbac #1
mai 15 19:40:01 Vostro3558 kernel: Hardware name: Dell Inc. Vostro 3558
mai 15 19:40:01 Vostro3558 kernel:  0000000000000000 ffffffff9c386bdd ffffbae60001bc90 0000000000000000
mai 15 19:40:01 Vostro3558 kernel:  ffffffff9c100094 ffff9da95a51adc0 ffffbae60001bce8 ffff9da95a723c40
mai 15 19:40:01 Vostro3558 kernel:  ffff9da95a465080 000000000000041f 0000000100800711 ffffffff9c10010a
mai 15 19:40:01 Vostro3558 kernel: Call Trace:
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c386bdd>] ? dump_stack+0x46/0x59
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c100094>] ? __warn+0xb4/0xd0
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c10010a>] ? warn_slowpath_fmt+0x5a/0x80
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c3a32e3>] ? __list_add+0x83/0xb0
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c0b4fd5>] ? rsbac_mark_kthread+0x35/0x40
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c0ff58d>] ? _do_fork+0x47d/0x610
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c123201>] ? check_preempt_curr+0x71/0x80
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c12b63b>] ? set_next_entity+0x6b/0x960
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c132c05>] ? pick_next_task_fair+0x405/0x460
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c12122e>] ? finish_task_switch+0x8e/0x1f0
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c77ddc4>] ? __schedule+0x184/0x550
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c0ff746>] ? kernel_thread+0x26/0x30
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c11d13d>] ? kthreadd+0xdd/0x130
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c11d060>] ? kthread_create_worker_on_cpu+0x60/0x60
mai 15 19:40:01 Vostro3558 kernel:  [<ffffffff9c781c62>] ? ret_from_fork+0x22/0x30
mai 15 19:40:01 Vostro3558 kernel: ---[ end trace b73cd09bbfec900e ]---

More information about the rsbac mailing list