| View previous topic :: View next topic |
| Author |
Message |
toralf
Developer
Joined: 01 Feb 2004
Posts: 3922
Location: Hamburg
|
 Posted: Sun Oct 26, 2014 6:53 pm Post subject: "ps -l" at a hardened amd64: System.map not parsea |
 |
|
I'm curious, why I get the warning "Warning: /usr/src/linux/System.map not parseable as a System.map" at a hardened amd64, whereas at a x86 the same package version sys-process/procps-3.3.10-r1 runs fine. An strace shows the diff here for amd64: | Code: | read(4, "MemTotal: 16166892 kB\nMemF"..., 8191) = 1042
stat("/proc/self/wchan", 0x3849b7b6f80) = -1 ENOENT (No such file or directory)
uname({sys="Linux", node="tor-relay", ...}) = 0
stat("/boot/System.map-3.17.1-hardened", 0x3849b7b6f80) = -1 ENOENT (No such file or directory)
stat("/boot/System.map", 0x3849b7b6f80) = -1 ENOENT (No such file or directory)
stat("/lib/modules/3.17.1-hardened/System.map", 0x3849b7b6f80) = -1 ENOENT (No such file or directory)
stat("/usr/src/linux/System.map", {st_mode=S_IFREG|0644, st_size=2348938, ...}) = 0
open("/usr/src/linux/System.map", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=2348938, ...}) = 0
mmap(NULL, 2348939, PROT_READ|PROT_WRITE, MAP_PRIVATE, 5, 0) = 0x2fc3d2dd000
close(5) = 0
mmap(NULL, 135168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2fc3e10f000
mremap(0x2fc3e10f000, 135168, 266240, MREMAP_MAYMOVE) = 0x2fc3e0ce000
mremap(0x2fc3e0ce000, 266240, 528384, MREMAP_MAYMOVE) = 0x2fc3e04d000
write(2, "Warning: /usr/src/linux/System.m"..., 65) = 65
munmap(0x2fc3e04d000, 528384) = 0
munmap(0x2fc3d2dd000, 2348939) = 0
stat("/System.map", 0x3849b7b6f80) = -1 ENOENT (No such file or directory)
stat("/proc/self/task", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
|
versus x86: | Code: | read(4, "MemTotal: 8167648 kB\nMemF"..., 8191) = 1120
stat64("/proc/self/wchan", {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
stat64("/proc/self/task", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
|
Ok, so /proc/self/wchan does not exists at the amd64, but why does ps now tries to read System.map (and failed, although the file is there) ??
Last edited by toralf on Mon Feb 22, 2016 8:51 am; edited 1 time in total |
|
| Back to top |
|
 |
krinn
Watchman
Joined: 02 May 2003
Posts: 7470
|
| Posted: Mon Oct 27, 2014 12:46 am Post subject: |
|
|
Actually the file may not be there if you forget to mount /boot 
But i think it's more because x86 version found /proc/self/wchan and is happy, while the hardened version cannot open it and goes into the backup option to get the info from System.map file
While both should show the same error, the x86 may just avoid it because it found what it need already in wchan and have no need to check System.map |
|
| Back to top |
|
|
N8Fear
Tux's lil' helper
Joined: 15 Apr 2013
Posts: 140
Location: Berlin (Germany)
|
| Posted: Mon Oct 27, 2014 8:38 am Post subject: |
|
|
If you look at the first error occuring it's actually
| Code: | | stat("/proc/self/wchan", 0x3849b7b6f80) = -1 ENOENT (No such file or directory) |
So you can't read a file from the /proc directory. That is often caused by CONFIG_GRKERNSEC_PROC and friends (the proc restricting kernel options in grsec). The part about system.map is likely just a byproduct of the original error. If it's important that this works you could either lift the proc restrictions alltogether or make it less restrictive (trusted group and friends). |
|
| Back to top |
|
|
toralf
Developer
Joined: 01 Feb 2004
Posts: 3922
Location: Hamburg
|
| Posted: Mon Oct 27, 2014 3:15 pm Post subject: |
|
|
| krinn wrote: | Actually the file may not be there if you forget to mount /boot
But i think it's more because x86 version found /proc/self/wchan and is happy, while the hardened version cannot open it and goes into the backup option to get the info from System.map file
While both should show the same error, the x86 may just avoid it because it found what it need already in wchan and have no need to check System.map |
well, he error msg refers to the point that /usr/src/linux/System.map cannot be *parsed* (it can be opened) - mounting /boot just increases the # of warnings how many System.map couldn't be parsed
Furthermore /me wonders, if /proc/self/wchan is x86 specific or just not there due to the hardened profile ? |
|
| Back to top |
|
|
toralf
Developer
Joined: 01 Feb 2004
Posts: 3922
Location: Hamburg
|
| Posted: Sun Feb 21, 2016 7:54 pm Post subject: |
|
|
| N8Fear wrote: | If you look at the first error occuring it's actually
| Code: | | stat("/proc/self/wchan", 0x3849b7b6f80) = -1 ENOENT (No such file or directory) |
So you can't read a file from the /proc directory. That is often caused by CONFIG_GRKERNSEC_PROC and friends (the proc restricting kernel options in grsec). The part about system.map is likely just a byproduct of the original error. If it's important that this works you could either lift the proc restrictions alltogether or make it less restrictive (trusted group and friends). |
But as root I should be allowed to run that command, or ?
And even as root I do still get the error. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
