Re: [SECURITY] [DLA 1232-1] linux security update - hidepid not working in Wheezy (regression)
Hello everyone,
I am facing multiple reproducible issues after updating to 3.2.0-5-amd64
when using the option hidepid=2 for mounting /proc. These issues did not
exist with 3.2.0-4-amd64. And are solved by removing hidepid=2 from
fstab and rebooting.
When I am trying to start Firefox or Thunderbird (as user, not root)
they print these lines:
Sandbox: unexpected multithreading found; this prevents using namespace
sandboxing.
too much recursion
ExceptionHandler::GenerateDump cloned child 5188
ExceptionHandler::WaitForContinueSignal waiting for continue signal...
ExceptionHandler::SendContinueSignalToChild sent continue signal to child
Top shows this (as user, not root) and does not start either:
Error, do this: mount -t proc proc /proc Htop shows an empty list of
processes.
When trying to remount /proc with "mount -t proc proc /proc" bash
replies "memory access error".
The same happens with "sudo su -".
My only chance therefore was to reboot the old kernel, remove hidepid
and start the new kernel again.
When using hidepid=1 strangely it becomes worse. Then gdm3 does not even
start (it just loads forever).
Of course KPTI is much more important than hidepid. But on a server this
behaviour, without a warning, might cause a headache.
In Stretch hidepid=2 works without any issues.
Best regards,
Stefan Benter
PS: Thanks a lot for your effort! I really did not expect you to be so
fast in backporting KPTI.
Reply to: