Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 11 Nov 2019 08:22:35 +0100
From: Adam Zabrocki <pi3@....com.pl>
To: lkrg-users@...ts.openwall.com
Subject: Re: LKRG Debian 10 buster / Debian packaging

Hi,

> Hello!
> 
> Thank you for maintaining LKRG!
> 

Thank you for appreciation :)

> I have an issue similar to this, I guess.
> 
> https://www.openwall.com/lists/lkrg-users/2018/02/05/2
> 
> Using LKRG stable branch, I think. Used these files:
> 
> https://www.openwall.com/lkrg/lkrg-0.7.tar.gz
> https://www.openwall.com/lkrg/lkrg-0.7.tar.gz.sign
> 
> Debian 10, buster
> 
> Inside Qubes OS. Using Qubes VM kernel, i.e. kernel by Debian.
> 
> uname -a
> Linux host 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u1 (2019-09-20)
> x86_64 GNU/Linux
> 
> cat /proc/version
> Linux version 4.19.0-6-amd64 (debian-kernel@...ts.debian.org) (gcc
> version 8.3.0 (Debian 8.3.0-6)) #1 SMP Debian 4.19.67-2+deb10u1 (2019-09-20)
> 
> cat /etc/os-release
> PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> NAME="Debian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=debian
> HOME_URL="https://www.debian.org/"
> SUPPORT_URL="https://www.debian.org/support"
> BUG_REPORT_URL="https://bugs.debian.org/"
> 
> gcc --version
> gcc (Debian 8.3.0-6) 8.3.0
> 
> sudo insmod output/p_lkrg.ko p_init_log_level=3
> insmod: ERROR: could not insert module output/p_lkrg.ko: Unknown symbol
> in module
> 
> sudo dmesg:
> [ 1279.380872] p_lkrg: Unknown symbol usb_unregister_notify (err -2)
> [ 1279.380943] p_lkrg: Unknown symbol usb_register_notify (err -2)
> "make" log pasted below, which however looks fine. [1]
> 

I've finally sat down and analyzed specific Debian case. Debian kernels do not 
include any specific patch which modifies USB core. However, Debian do not 
built into the kernel USB core stack but instead set it as a module. USB 
notifiers are part of the usbcore which will be available only when usbcore 
module is loaded. That's the core of the problem. In such case LKRG has no 
guarantee that USB notifiers are available in the system. I've added patch to 
the official repo which verifies if USB core is built in. If not that notifier 
won't be used (such as in Debian's case):

https://bitbucket.org/Adam_pi3/lkrg-main/commits/17ae51c73bba84dc697fd13be5941d4709a87a08

I would be thankful if you could try LKRG from the official repo if you do any 
tests. It includes the latest fixes for known issues and might include solution 
for the problem which you might face in the future. Now it also include 
referred patch :)

> "make install" log pasted below too. It contains one line which might be
> interesting [2]
> 
> > Warning: modules_install: missing 'System.map' file. Skipping depmod.
> 

Right. In fact that's the problem of the "build" environment provided by the 
specific distro. Standard kernel scripts might be looking for the System.map 
file which are unknown in such set-up. That's the reason LKRG's installation 
scripts manually executes "depmod -a":

    install:
        $(MAKE) -C $(P_KERNEL) M=$(P_PWD) modules_install
        depmod -a
        ^^^^^^^^^
        $(P_PWD)/$(P_BOOTUP_SCRIPT) install

> 
> I however was able to start lkrg using systemd, which was surprising.
> 

Because depmod was executed later (silently), that's why it works :)

> sudo systemctl start lkrg.service
> 
> sudo systemctl status lkrg.service
> 
> which shows success.
> 
> sudo dmesg:
> 
> [ 2919.927190] ACPI: bus type USB registered
> [ 2919.927253] usbcore: registered new interface driver usbfs
> [ 2919.927281] usbcore: registered new interface driver hub
> [ 2919.927356] usbcore: registered new device driver usb
> [ 2919.936781] [p_lkrg] Loading LKRG...
> [ 2919.938713] Freezing user space processes ... (elapsed 0.032 seconds)
> done.
> [ 2919.970821] OOM killer disabled.
> [ 2919.970836] [p_lkrg] Verifying 20 potential UMH paths for whitelisting...
> [ 2919.976046] [p_lkrg] 3 UMH paths were whitelisted...
> [ 2920.508282] [p_lkrg] [kretprobe] register_kretprobe() for
> <ovl_create_or_link> failed! [err=-22]
> [ 2920.508315] [p_lkrg] ERROR: Can't hook ovl_create_or_link function :(
> [ 2920.658858] [p_lkrg] LKRG initialized successfully!
> [ 2920.658885] OOM killer enabled.
> [ 2920.658894] Restarting tasks ... done.
> [ 2920.678539] [p_lkrg] Disabling "clean" message.
> 
> Does that look good?
> 
> Should be OK as per
> https://www.openwall.com/lists/lkrg-users/2019/04/09/1 right?
> 

Correct. It works fine. If you are going to use OverlayFS then it must be 
initialized / loaded before LKRG so that's specific hook won't fail.

> Also posting systemd log after reboot. [3] (That is after some systemd
> unit file changes which I will discuss in separate e-mail.)
> 

Thanks for details! Unfortunately, I won't be able to take a look for that 
issue (described in separate email) now.

> I am also asking since I am considering to package LKRG for Debian
> buster / Whonix / Kicksecure / Qubes (Debian template). However, I am
> not a Debian Developer (DD). The package would be available from a third
> party repository deb.whonix.org but any DD would be welcome to help and
> upload to packages.debian.org. Can't promise anything at this point,
> except that I am looking into it and see how far I get.
> 

Sounds promising, thanks! In case you (or DD) need any help with compilation / 
preparing the package, I can help (in the limits of my free time / 
moonlighting).

Thanks,
Adam

> Kind regards,
> Patrick
> 

-- 
pi3 (pi3ki31ny) - pi3 (at) itsec pl
http://pi3.com.pl

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.