[mosh-users] mosh-server fails to start on grsecurity kernel

John Hood cgull at glup.org
Tue Jun 7 21:44:34 EDT 2016 

Hindsight is so wonderful.

This is probably a duplicate of the general glibc issue in
<https://github.com/mobile-shell/mosh/issues/727>, and we even have a PR
on Gentoo Hardened <https://github.com/mobile-shell/mosh/issues/736> and
forgot about it.

regards,

  --jh


On 06/07/2016 21:19, Deven Lahoti wrote:
> Well, it turns out that the git version of mosh works perfectly, so I
> have no idea what would be causing the problem. If you'd like, I can
> modify the 1.2.5-r1 sources to get the coredump, but I don't think
> it'll be of much use to any of us, since the problem is fixed on both
> ends.
>
> Thanks,
> Deven
>
> On Tue, Jun 7, 2016 at 8:52 PM, John Hood <cgull at glup.org
> <mailto:cgull at glup.org>> wrote:
>
>     Oops, I'm forgetting two rather important things, sorry.
>
>     * The --local flag is only in mosh master, not yet in any release
>     (though 1.2.6 is coming soon).  Available on GitHub near you.  If
>     you don't want to mess with source you can run mosh-client and
>     mosh-server manually as documented on <https://mosh.mit.edu/>
>     <https://mosh.mit.edu/>.
>
>     * mosh-server itself disables coredumps to protect its
>     cryptographic secrets.  Disabling that requires editing source and
>     rebuilding mosh-server.
>
>     regards,
>
>       --jh
>
>     On 06/07/2016 20:21, Deven Lahoti wrote:
>>     mosh --local just gives "unknown option", and I can't figure out
>>     how to enable coredumps for mosh-server - coredumps work for
>>     everything else, so I'm not sure why they're disabled here.
>>
>>     On Tue, Jun 7, 2016 at 9:39 AM, John Hood <cgull at glup.org
>>     <mailto:cgull at glup.org>> wrote:
>>
>>         Try running 
>>
>>         strace -ffo trace mosh --local 127.0.0.1
>>
>>         on that server after enabling coredumps. That's not exactly
>>         the same as normal execution, since it doesn't use ssh, but
>>         it's useful for issues like this one.
>>
>>         regards,
>>
>>           --jh
>>
>>         On Jun 7, 2016, at 12:56 AM, Deven Lahoti <deywos at mit.edu
>>         <mailto:deywos at mit.edu>> wrote:
>>
>>>         Neither strace nor gdb will give me a backtrace, since they
>>>         both lose track of it when it forks, but the failure happens
>>>         after forking. For some reason, systemd says that coredumps
>>>         are disabled for the process, so I can't get one of those
>>>         either.
>>>
>>>         On Jun 7, 2016 00:31, "Alex Chernyakhovsky"
>>>         <achernya at mit.edu <mailto:achernya at mit.edu>> wrote:
>>>
>>>             Unfortunately, that's not much to go on. Could you grab
>>>             the core file
>>>             and get a backtrace? I'm assuming some syscall (probably
>>>             malloc?)
>>>             failed.
>>>
>>>             Sincerely,
>>>             -Alex
>>>
>>>             On Tue, Jun 7, 2016 at 12:18 AM, Deven Lahoti
>>>             <deywos at mit.edu <mailto:deywos at mit.edu>> wrote:
>>>             > I don't think that's the problem, since it's now
>>>             giving me:
>>>             > mosh-server[21489]: segfault at 0 ip           (null)
>>>             sp 00007fffffffcbd8
>>>             > error 14 in mosh-server[555555554000+60000]
>>>             >
>>>             > On Mon, Jun 6, 2016 at 11:42 PM, Alex Chernyakhovsky
>>>             <achernya at mit.edu <mailto:achernya at mit.edu>>
>>>             > wrote:
>>>             >>
>>>             >> I think the offending line is
>>>             >>
>>>             >> Jun 06 22:32:19 <hostname> kernel: PAX: From
>>>             18.X.X.X: execution
>>>             >> attempt in: (null), 00000000-00000000 00000000
>>>             >> Jun 06 22:32:19 <hostname> kernel: PAX: terminating task:
>>>             >> /usr/bin/mosh-server(mosh-server):12505, uid/euid:
>>>             XXXX/XXXX, PC:
>>>             >>       (nil), SP: 000003844385a508
>>>             >>
>>>             >> mosh-server needs to fork and exec to start
>>>             subprocesses, and your
>>>             >> kernel/configuration doesn't consider mosh-server to
>>>             be in the
>>>             >> whitelist.
>>>             >>
>>>             >> Sincerely,
>>>             >> -Alex
>>>             >>
>>>             >>
>>>             >> On Mon, Jun 6, 2016 at 11:30 PM, Deven Lahoti
>>>             <deywos at mit.edu <mailto:deywos at mit.edu>> wrote:
>>>             >> > Hi, when trying to connect to my machine running
>>>             Gentoo Hardened on
>>>             >> > kernel
>>>             >> > 4.4.8, mosh-server fails to start. Here are the
>>>             logs (modified to remove
>>>             >> > personal info)
>>>             [http://web.mit.edu/deywos/www/mosh.log]. I'm not really
>>>             >> > sure
>>>             >> > what the problem is, and I don't know much about
>>>             how mosh works, so I
>>>             >> > was
>>>             >> > hoping someone here could help me out.
>>>             >> >
>>>             >> > Thanks,
>>>             >> > Deven
>>>             >> >
>>>             >> > _______________________________________________
>>>             >> > mosh-users mailing list
>>>             >> > mosh-users at mit.edu <mailto:mosh-users at mit.edu>
>>>             >> > http://mailman.mit.edu/mailman/listinfo/mosh-users
>>>             >> >
>>>             >
>>>             >
>>>
>>>         _______________________________________________
>>>         mosh-users mailing list
>>>         mosh-users at mit.edu <mailto:mosh-users at mit.edu>
>>>         http://mailman.mit.edu/mailman/listinfo/mosh-users
>>
>>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mosh-users/attachments/20160607/18d98d91/attachment-0001.html

More information about the mosh-users mailing list