[Hardened]System.map incorrect kernel ver when grsec enabled

linuxwarz · n00b Joined: 03 Sep 2008 Posts: 7

I haven't setup a hardened install for roughly a year, but here's what happens when I make a new one using the same steps I normally use:

1) Boot x64 minimal live cd
2) Grab latest (aka current folder) hardened stage3
3) Profile set to hardened (non-selinux)
4) Grsec enabled in kernel (High w/ process hiding)
5) Finish install and reboot

test linux # ps -l
Warning: /usr/src/linux/System.map has an incorrect kernel version.
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 1921 1918 0 80 0 - 3948 - pts/1 00:00:00 bash
0 R 0 20080 1921 0 80 0 - 3729 - pts/1 00:00:00 ps

Regular users can also see all processes when they shouldn't.

Kernel: 3.4.6-hardened-r1

Troubleshooting steps that have failed:

1) Rebuild package containing ps command
2) Test install of an x86 gentoo hardened w/ same settings
3) Copied system.map to /boot
4) Built multiple old version 3 kernels with same or simular settings

Disabling grsec itself but keeping all of my existing kernel settings in tact seems to stop the issue.

[UPDATE]

Downloaded kernel from kernel.org, applied grsec patch:

test home # ps -l
Warning: /usr/src/linux/System.map has an incorrect kernel version.
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 1766 1762 0 80 0 - 11900 - pts/0 00:00:00 su
0 S 0 1767 1766 0 80 0 - 8275 - pts/0 00:00:00 bash
4 R 0 1771 1767 0 80 0 - 1883 - pts/0 00:00:00 ps

test home # uname -a
Linux test 3.4.6-grsec #1 SMP Sun Jul 29 17:23:48 CDT 2012 i686 Intel(R) Xeon(R) CPU E5620 @ 2.40GHz GenuineIntel GNU/Linux

test home # exit
user@test ~ $ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
user 1761 0.0 0.0 41284 1492 ? S 17:31 0:00 sshd: user@pts/0
user 1762 0.0 0.0 48100 1848 pts/0 Ss 17:31 0:00 -bash
user 1773 0.0 0.0 37544 996 pts/0 R+ 17:33 0:00 ps aux

Any ideas?

Caiman · Tux's lil' helper Joined: 01 Jul 2007 Posts: 93

Hello
I have same here :
ps -l
Warning: /usr/src/linux/System.map has an incorrect kernel version.
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 27910 27901 0 80 0 - 19525 - pts/1 00:00:00 su
4 S 0 27911 27910 0 80 0 - 11108 - pts/1 00:00:00 bash
0 R 0 27929 27911 0 80 0 - 4448 - pts/1 00:00:00 ps

################

emerge --info
Portage 2.1.11.52 (hardened/linux/amd64, gcc-4.5.4, glibc-2.15-r3, 3.7.5-hardened-r1 x86_64)
=================================================================
System uname: Linux-3.7.5-hardened-r1-x86_64-AMD_Athlon-tm-_64_X2_Dual_Core_Processor_3800+-with-gentoo-2.1
KiB Mem: 1921292 total, 30936 free
KiB Swap: 3085108 total, 3009248 free
Timestamp of tree: Sat, 09 Mar 2013 01:00:01 +0000
ld GNU ld (GNU Binutils) 2.22
app-shells/bash: 4.2_p37
dev-lang/python: 2.7.3-r2, 3.2.3
dev-util/pkgconfig: 0.28
sys-apps/baselayout: 2.1-r1
sys-apps/openrc: 0.11.8
sys-apps/sandbox: 2.5
sys-devel/autoconf: 2.69
sys-devel/automake: 1.11.6
sys-devel/binutils: 2.22-r1
sys-devel/gcc: 4.5.4, 4.6.3
sys-devel/gcc-config: 1.7.3
sys-devel/libtool: 2.4-r1
sys-devel/make: 3.82-r4
sys-kernel/linux-headers: 3.6 (virtual/os-headers)
sys-libs/glibc: 2.15-r3
Repositories: gentoo
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /etc/bind /etc/ssh /usr/share/gnupg/qualified.txt /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=k8 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="ftp://mirrors.tera-byte.com/pub/gentoo http://gentoo.mirrors.tera-byte.com/ "
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acl afpacket alaw amd64 apache2 berkdb bzip2 caps cli cracklib crypt cxx dlz dri dump gd gdbm gpm gssapi h323 hardened iconv imap ipv6 jpgraph justify kerberos krb5 mmx modules mudflap multilib ncurses nls nptl openmp pam pax_kernel pcre python readline samba sasl session snmp speex sse sse2 ssl symlink syslog tcpd threads tls ulaw unicode urandom xattr xml zaptel zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" QEMU_SOFTMMU_TARGETS="x86_64" QEMU_USER_TARGETS="x86_64" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON

##############

Could someone advice ?
Thanks.