lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.DEB.2.22.1.446.2006231435450.3892@trent.utfs.org>
Date:   Tue, 23 Jun 2020 14:51:55 -0700 (PDT)
From:   Christian Kujau <lists@...dbynature.de>
To:     Alexey Dobriyan <adobriyan@...il.com>
cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Willy Tarreau <w@....eu>,
        Dan Carpenter <dan.carpenter@...cle.com>,
        Kees Kook <keescook@...omium.org>, linux-kernel@...r.kernel.org
Subject: Re: process '/usr/bin/rsync' started with executable stack

On Wed, 24 Jun 2020, Alexey Dobriyan wrote:
> > >   process '/usr/bin/rsync' started with executable stack
> > > But I can't reproduce this message,
> 
> This message is once-per-reboot.

Interesting, thanks. Now I know why I cannot reproduce this. I still 
wonder what made rsync trigger this message today. The machine is running 
for some weeks, rsync is run a few times an hour the whole day, regularly 
and automatically, with always the same parameters. But oh, now I see, 
rsync had been upgraded (automatically) over night:

 > [ALPM] upgraded rsync (3.1.3-3 -> 3.2.0-1)

And indeed, the _older_ version had NX enabled:

$ wget https://archive.archlinux.org/packages/.all/rsync-3.1.3-3-x86_64.pkg.tar.zst
$ zstd -dc rsync-3.1.3-3-x86_64.pkg.tar.zst | tar -xf - usr/bin/rsync
$ checksec --format=json --extended --file=usr/bin/rsync | jq
{
  "usr/bin/rsync": {
    "relro": "full",
    "canary": "yes",
    "nx": "yes",
    "pie": "yes",
    "clangcfi": "no",
    "safestack": "no",
    "rpath": "no",
    "runpath": "no",
    "symbols": "no",
    "fortify_source": "yes",
    "fortified": "10",
    "fortify-able": "19"
  }
}

So, while I still think a PID would have been nice, now I know that it's 
pr_warn_once and won't be printed again until after the next reboot. Going 
to ask the Arch folks why NX has been disabled...

Thanks,
Christian.
-- 
BOFH excuse #211:

Lightning strikes.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ