lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4182091.odzUCAWhED@sifl>
Date:	Mon, 29 Dec 2014 14:41:59 -0500
From:	Paul Moore <paul@...l-moore.com>
To:	Toralf Förster <toralf.foerster@....de>
Cc:	linux Kernel <linux-kernel@...r.kernel.org>, linux-audit@...hat.com
Subject: Re: v3.19-rc2: crashes during boot (syslog-ng, rpcbind ...)

On Monday, December 29, 2014 05:24:38 PM Toralf Förster wrote:
> On 12/29/2014 05:21 PM, Paul Moore wrote:
> > On Mon, Dec 29, 2014 at 11:07 AM, Toralf Förster wrote:
> >> A x86 KVM guest running at a 64 bit Gentoo hardened host system the
> >> following crashes appeared reproducible (screen shots attached.
> >> 
> >> If I removed syslog-ng from the runlevel default, then the crash just
> >> appeared a little bit later at another subsystem> 
> >
> > It looks like it doesn't like something in audit_compare_dname_path();
> > I'll take a look and see what I can find, there is a patch in -rc2
> > which touched some related code.
> > 
> > I didn't see this problem in my earlier testing, can you share your
> > .config?
>
> ofc - attached

[NOTE: added linux-audit to the CC line, I should have done that earlier]

I believe I can reproduce this now; I'm seeing slightly different panics, but 
it is "close enough" and based on some quality time with the code I believe 
they are both symptoms of the same root cause.

To help verify that I'm heading down the right path, could you share your 
audit configuration as well?  If that's not possible, can you at least confirm 
that you using a few audit directory watches?

-- 
paul moore
www.paul-moore.com

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ