| View previous topic :: View next topic |
| Author |
Message |
haxle
n00b
Joined: 18 Feb 2005
Posts: 61
|
 Posted: Fri Sep 09, 2011 1:49 am Post subject: grsec issue with truecrypt |
 |
|
Ok so... I've got an issue here..
When I'm trying to mount an encrypted external drive i get this error:
| Code: | | No such file or directory: /tmp/.truecrypt_aux_mnt1/control |
and..
| Code: |
dmesg | tail
[ 1605.188547] grsec: mount of truecrypt to /tmp/.truecrypt_aux_mnt1 by /usr/bin/truecrypt[truecrypt:2454] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/truecrypt[truecrypt:2451] uid/euid:0/0 gid/egid:0/0
[ 1605.195804] grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/truecrypt[truecrypt:2457] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
[ 1605.199378] grsec: unmount of truecrypt by /bin/umount[umount:2458] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/truecrypt[truecrypt:2457] uid/euid:0/0 gid/egid:0/0
|
so.. it's grsec issue.. how do i fix it?  ... other than disabling grsec... |
|
| Back to top |
|
 |
causality
Apprentice
Joined: 03 Jun 2006
Posts: 239
|
| Posted: Mon Oct 10, 2011 4:31 pm Post subject: |
|
|
What are the PaX flags on the truecrypt executable?
I use Hardened but I don't actually have truecrypt installed. The output of "whereis truecrypt" will tell you where the program is located. For purposes of this response, I will assume it is /usr/bin/truecrypt but please adjust as needed if I have that wrong.
If you run "paxctl -v /usr/bin/truecrypt" you probably will not see anything about MPROTECT being disabled. If that is the case, you have found the problem. Lots of programs like mplayer and others that perform certain tasks in memory will get killed off by PaX/Grsec.
You can remove the MPROTECT restriction from truecrypt by running "paxctl -m /usr/bin/truecrypt". That should make it stop crashing. |
|
| Back to top |
|
|
haxle
n00b
Joined: 18 Feb 2005
Posts: 61
|
| Posted: Wed Oct 12, 2011 10:21 pm Post subject: |
|
|
running paxctl -v /usr/bin/truecrypt produced:
| Code: |
file /usr/bin/truecrypt does not have a PT_PAX_FLAGS program header, try conversion
|
I haven't tried conversion because i figured that would just cause more problems ... I completely disabled grsec as well and i don't get the errors in dmesg | tail anymore but there isn't anything about the issue at all now and I'm still having the same issue : ? |
|
| Back to top |
|
|
mr.sande
Tux's lil' helper
Joined: 26 Apr 2010
Posts: 82
Location: Norway
|
| Posted: Thu Oct 13, 2011 2:06 pm Post subject: |
|
|
It doesn't hurt to try to add the pax header to truecrypt and disable the mprotect, if it borks truecrypt you can just reinstall it 
You can also enable softmode for pax so that only executables with pax headers are enforced. Softmode has to be explicitly enabled with sysctl. |
|
| Back to top |
|
|
|
Kernel & Hardware
