Qu'est-ce que "noyau souillé" signifie?
Mon système d'exploitation s'appelle Fedora 17. Récemment, un avertissement corrompu dans le noyau "Un bogue dans le noyau/auditsc.c: 1772! -Abrt" s'est produit: Ce problème ne doit pas être signalé (il s'agit probablement d'un problème connu). Un problème de noyau est survenu, mais votre noyau a été corrompu (flags: Gd). Les responsables du noyau ne sont pas en mesure de diagnostiquer les rapports altérés.
Ensuite, je reçois le texte suivant:
# cat /proc/sys/kernel/tainted
128
# dmesg | grep -i taint
[ 8306.955523] Pid: 4511, comm: chrome Tainted: G D 3.9.10-100.fc17.i686.PAE #1 Dell Inc.
[ 8307.366310] Pid: 4571, comm: chrome Tainted: G D 3.9.10-100.fc17.i686.PAE #1 Dell Inc.
Il semble que la valeur "128" soit beaucoup plus grave: 128 - Le système est mort.
Que diriez-vous de cet avertissement? Depuis que chrome est signalé comme étant la source "corrompue", est-ce que quelqu'un rencontre également ce problème?
Pour (sur) simplifier, «corrompu» signifie que le noyau est dans un état autre que celui dans lequel il se trouverait s'il était construit à partir de l'Open Source d'origine et utilisé de la manière qui avait été prévue. C'est un moyen de signaler un noyau pour avertir les utilisateurs (par exemple, les développeurs) qu'il peut y avoir des raisons inconnues pour lesquelles il est peu fiable, et que le déboguer peut être difficile, voire impossible.
Dans ce cas, «Gd» signifie que tous les modules sont sous licence GPL ou compatible (c'est-à-dire non propriétaires), et qu'un crash ou un BUG () s'est produit.
Les raisons sont énumérées ci-dessous:
Voir: oops-tracing.txt
---------------------------------------------------------------------------
Tainted kernels:
Some oops reports contain the string 'Tainted: ' after the program
counter. This indicates that the kernel has been tainted by some
mechanism. The string is followed by a series of position-sensitive
characters, each representing a particular tainted value.
1: 'G' if all modules loaded have a GPL or compatible license, 'P' if
any proprietary module has been loaded. Modules without a
MODULE_LICENSE or with a MODULE_LICENSE that is not recognised by
insmod as GPL compatible are assumed to be proprietary.
2: 'F' if any module was force loaded by "insmod -f", ' ' if all
modules were loaded normally.
3: 'S' if the oops occurred on an SMP kernel running on hardware that
hasn't been certified as safe to run multiprocessor.
Currently this occurs only on various Athlons that are not
SMP capable.
4: 'R' if a module was force unloaded by "rmmod -f", ' ' if all
modules were unloaded normally.
5: 'M' if any processor has reported a Machine Check Exception,
' ' if no Machine Check Exceptions have occurred.
6: 'B' if a page-release function has found a bad page reference or
some unexpected page flags.
7: 'U' if a user or user application specifically requested that the
Tainted flag be set, ' ' otherwise.
8: 'D' if the kernel has died recently, i.e. there was an OOPS or BUG.
9: 'A' if the ACPI table has been overridden.
10: 'W' if a warning has previously been issued by the kernel.
(Though some warnings may set more specific taint flags.)
11: 'C' if a staging driver has been loaded.
12: 'I' if the kernel is working around a severe bug in the platform
firmware (BIOS or similar).
13: 'O' if an externally-built ("out-of-tree") module has been loaded.
14: 'E' if an unsigned module has been loaded in a kernel supporting
module signature.
15: 'L' if a soft lockup has previously occurred on the system.
16: 'K' if the kernel has been live patched.
The primary reason for the 'Tainted: ' string is to tell kernel
debuggers if this is a clean kernel or if anything unusual has
occurred. Tainting is permanent: even if an offending module is
unloaded, the tainted value remains to indicate that the kernel is not
trustworthy.
Afficher également les numéros du contenu du fichier /proc/sys/kernel/tainted:
Non-zero if the kernel has been tainted. Numeric values, which can be
ORed together. The letters are seen in "Tainted" line of Oops reports.
1 (P): A module with a non-GPL license has been loaded, this
includes modules with no license.
Set by modutils >= 2.4.9 and module-init-tools.
2 (F): A module was force loaded by insmod -f.
Set by modutils >= 2.4.9 and module-init-tools.
4 (S): Unsafe SMP processors: SMP with CPUs not designed for SMP.
8 (R): A module was forcibly unloaded from the system by rmmod -f.
16 (M): A hardware machine check error occurred on the system.
32 (B): A bad page was discovered on the system.
64 (U): The user has asked that the system be marked "tainted". This
could be because they are running software that directly modifies
the hardware, or for other reasons.
128 (D): The system has died.
256 (A): The ACPI DSDT has been overridden with one supplied by the user
instead of using the one provided by the hardware.
512 (W): A kernel warning has occurred.
1024 (C): A module from drivers/staging was loaded.
2048 (I): The system is working around a severe firmware bug.
4096 (O): An out-of-tree module has been loaded.
8192 (E): An unsigned module has been loaded in a kernel supporting module
signature.
16384 (L): A soft lockup has previously occurred on the system.
32768 (K): The kernel has been live patched.
65536 (X): Auxiliary taint, defined and used by for distros.
131072 (T): The kernel was built with the struct randomization plugin.
Source: https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
Crédit: https://askubuntu.com/questions/248470/what-does-the-kernel-taint-value-mean
C'est intéressant: # clamscan -ria --max-filesize = 4095M --max-scansize = 4095M /opt/google/chrome a identifié la version en date du 3 septembre 2017 contenant Trojan.Mirai-5932143-0Il a été identifié. uniquement pour les plus grands paramètres clamscan. Bien que chrome ait un cycle de mise à jour de 6 semaines, la version suivante est sortie le 20 septembre #ls -l chrome -rwxr-xr-x. 1 racine racine 119675208 20 sept. 19:49 /opt/google/chrome/chrome # la version avec le Trojan.Miray (je l’ai désactivée) a #ls -l /tmp/chrome-Trojan.Mirai-5932143-0 ----------. 1 racine racine 119662712 3 sep 22:00 /tmp/chrome-Trojan.Mirai-5932143-0 # sha256sum /tmp/chrome-Trojan.Mirai-5932143-0 03a03cda6d328dd40ceda2773bc0077c7f69486b752802a5685a4be0316db2fb /tmp/chrome-Trojan.Mirai-5932143-0#J'ai depuis que le noyau a planté sous RHEL. Vérification avec # rpm -aV Toutefois, cela indique que le système est propre . En résumé, je suis encore inquiet à propos du chrome.