Package: pax-utils
Version: 1.3.7-1
Severity: important
Tags: patch
X-Debbugs-Cc: mini...@grsecurity.net
Dear Maintainer,
since the switch to meson and enabling seccomp along the way in [1],
pspax is no longer functional and dies with SIGSYS. The cause is a
missing seccomp entry for socket(), as can be seen below:
minipli@x1:~$ pspax
USER PID PAX MAPS ETYPE NAME CAPS ATTR
Bad system call (core dumped)
minipli@x1:~$ strace pspax |& tail -5
read(5, "", 1024) = 0
close(5) = 0
newfstatat(4, "stat", {st_mode=S_IFREG|0444, st_size=0, ...},
AT_SYMLINK_NOFOLLOW) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 41
+++ killed by SIGSYS (core dumped) +++
The bug has been fixed upstream via [2].
A patched version makes pspax work again:
minipli@x1:~/src/pax-utils (master)$ strace ./build/pspax |& tail -5
minipli 536027 PeMR w^x ET_DYN tail = unconfined
minipli 536030 PeMR w^x ET_DYN pspax = unconfined
) = 2928
exit_group(0) = ?
+++ exited with 0 +++
It would be nice if Debain could include this patch until a new upstream
release is created.
Thanks,
Mathias
[1] https://salsa.debian.org/debian/pax-utils/-/commit/01b3429485c9
[2] https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a9440d0bf71c
-- System Information:
Debian Release: 12.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable-debug'), (500, 'proposed-updates-debug'), (500, 'proposed-updates'),
(500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.8.12-grsec-vbox+ (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_RANDSTRUCT, TAINT_TEST
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages pax-utils depends on:
ii binutils 2.40-2
ii libc6 2.36-9+deb12u7
ii libcap2 1:2.66-4
ii python3 3.11.2-1+b1
ii python3-pyelftools 0.29-1
pax-utils recommends no packages.
Versions of packages pax-utils suggests:
ii paxctl 0.9-2
-- no debconf information
