Date: Mon, 20 Jul 2020 13:20:18 +0200 From: Solar Designer <solar@...nwall.com> To: lkrg-users@...ts.openwall.com Subject: Re: kernel: BUG: unable to handle page fault for address: ffffffffab42fee7 On Mon, Jul 20, 2020 at 10:00:07AM +0200, Mikhail Morfikov wrote: > On 20/07/2020 00.22, Solar Designer wrote: > > > > What is your value of lkrg.umh_validate? > As I said in my previous message, this happens when the default sysctl settings > are used: > lkrg.umh_enforce = 1 > lkrg.umh_validate = 1 Oh, I think I understand now. LKRG checks its known UMH program pathnames at its initialization time and then only allows those that were actually found on the system. Since you don't have /sbin/bridge-stp, LKRG doesn't allow it. Then it also fails on trying to block its execution because of CPA. As a temporary workaround, you can try creating /sbin/bridge-stp as a copy of /bin/false. And we'll definitely need to fix LKRG to support UMH pathnames on CPA-protected pages, and maybe reconsider it only allowing programs that were seen at initialization (feels like unnecessary complexity). Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.