[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DLA 1232-1] linux security update - hidepid not working in Wheezy (regression)

Hello everyone,

I am facing multiple reproducible issues after updating to 3.2.0-5-amd64 when using the option hidepid=2 for mounting /proc. These issues did not exist with 3.2.0-4-amd64. And are solved by removing hidepid=2 from fstab and rebooting.

When I am trying to start Firefox or Thunderbird (as user, not root) they print these lines: Sandbox: unexpected multithreading found; this prevents using namespace sandboxing.
too much recursion
ExceptionHandler::GenerateDump cloned child 5188
ExceptionHandler::WaitForContinueSignal waiting for continue signal...
ExceptionHandler::SendContinueSignalToChild sent continue signal to child

Top shows this (as user, not root) and does not start either:
Error, do this: mount -t proc proc /proc Htop shows an empty list of processes.

When trying to remount /proc with "mount -t proc proc /proc" bash replies "memory access error".
The same happens with "sudo su -".
My only chance therefore was to reboot the old kernel, remove hidepid and start the new kernel again.

When using hidepid=1 strangely it becomes worse. Then gdm3 does not even start (it just loads forever).

Of course KPTI is much more important than hidepid. But on a server this behaviour, without a warning, might cause a headache.

In Stretch hidepid=2 works without any issues.

Best regards,
Stefan Benter

PS: Thanks a lot for your effort! I really did not expect you to be so fast in backporting KPTI.

Reply to: