~drscream
grsec pax update-grub, terminating task grub-probe
I’ve installed a debian machine with the grsec kernel from kernelsec.cr0.org. Everything looks good and working fine, after some time i’ve found out that update-grub doesn’t work anymore.
[root@grapefruit]:~ # update-grub
Searching for GRUB installation directory ... found: /boot/grub
So looking in the dmesg output we will see the problem is grub-probe:
Nov 7 23:07:57 grapefruit kernel: [96585.754724] PAX: From 127.0.0.6: execution attempt in: <anonymous mapping>, ...
Nov 7 23:07:57 grapefruit kernel: [96585.761809] PAX: terminating task: /usr/sbin/grub-probe(grub-probe):20649, uid/euid: 0/0, ...
Nov 7 23:07:57 grapefruit kernel: [96585.769773] PAX: bytes at PC: 41 ...
Nov 7 23:07:57 grapefruit kernel: [96585.776171] PAX: bytes at SP-8: 0000000000000006 ...
Now it’s time to checking the pax flags of grub-probe, here we will see the default options:
[root@grapefruit]:~ # chpax -v /usr/sbin/grub-probe
---[ chpax 0.7 : Current flags for /usr/sbin/grub-probe (PeMRxS) ]---
* Paging based PAGE_EXEC : enabled (overridden)
* Trampolines : not emulated
* mprotect() : restricted
* mmap() base : randomized
* ET_EXEC base : not randomized
* Segmentation based PAGE_EXEC : enabled
We should disable paging and segmentation based PAGE_EXEC:
[root@grapefruit]:~ # chpax -ps /usr/sbin/grub-probe
And, tadaaaaa, update-grub working:
[root@grapefruit]:~ # update-grub
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... found: /boot/grub/default
Testing for an existing GRUB menu.lst file ...
found: /boot/grub/menu.lst
Searching for splash image ... none found, skipping ...
Found kernel: /boot/vmlinuz-2.6.32.15-1-grsec
Updating /boot/grub/menu.lst ... done
Send your comment by mail.