'saractl test' fails with: WX protection binary error: wrong magic number

Question

'saractl test' fails with: WX protection binary error: wrong magic number

Mdyrl7777777 opened this issue 6 years ago · 5 comments

Sorry for constantly haunting you but I have another minor issue:

sudo saractl -vvv test
Traceback (most recent call last):
  File "/usr/bin/saractl", line 11, in <module>
    load_entry_point('saractl==0.2', 'console_scripts', 'saractl')()
  File "/usr/lib/python3.6/site-packages/sara/main.py", line 33, in main
    return _main(argv)
  File "/usr/lib/python3.6/site-packages/sara/main.py", line 30, in _main
    return cli.do_cmd()
  File "/usr/lib/python3.6/site-packages/sara/CLI.py", line 132, in do_cmd
    return int(not self._safe_call(self.sara.test))
  File "/usr/lib/python3.6/site-packages/sara/CLI.py", line 67, in _safe_call
    return fname(*args, **kwargs)
  File "/usr/lib/python3.6/site-packages/sara/Sara.py", line 56, in test
    if not self.__sml.test_config():
  File "/usr/lib/python3.6/site-packages/sara/SubModLoader.py", line 198, in test_config
    self.__load_config_objects_binary()
  File "/usr/lib/python3.6/site-packages/sara/SubModLoader.py", line 299, in __load_config_objects_binary
    extra_files=exf)
  File "/usr/lib/python3.6/site-packages/sara/submodules/wxprot.py", line 111, in __init__
    extra_files=extra_files)
  File "/usr/lib/python3.6/site-packages/sara/submodules/BaseConfig.py", line 80, in __init__
    self.build_dicts_from_binary()
  File "/usr/lib/python3.6/site-packages/sara/submodules/wxprot.py", line 355, in build_dicts_from_binary
    raise WXPBinaryException('wrong magic number')
sara.submodules.wxprot.WXPBinaryException: WX protection binary error: wrong magic number.

My setup is the same as in #9

Answer 1 · 2018-06-12T19:12:00.000Z

Don't worry and thank you for taking the time for reporting these issues.
Do you have the same issue with the following command?
sudo saractl -vvv status

Can you please paste the output of:
sudo hexdump -C /sys/kernel/security/sara/wxprot/.dump |head -n2

Thank you :)

Answer 2 · 2018-06-12T20:48:48.000Z

$ sudo saractl -vvv status
Traceback (most recent call last):
  File "/usr/bin/saractl", line 11, in <module>
    load_entry_point('saractl==0.2', 'console_scripts', 'saractl')()
  File "/usr/lib/python3.6/site-packages/sara/main.py", line 33, in main
    return _main(argv)
  File "/usr/lib/python3.6/site-packages/sara/main.py", line 30, in _main
    return cli.do_cmd()
  File "/usr/lib/python3.6/site-packages/sara/CLI.py", line 101, in do_cmd
    ret = self._safe_call(self.sara.status, verbose=verbose)
  File "/usr/lib/python3.6/site-packages/sara/CLI.py", line 67, in _safe_call
    return fname(*args, **kwargs)
  File "/usr/lib/python3.6/site-packages/sara/Sara.py", line 66, in status
    ret['configs'] = self.__sml.get_current_configs()
  File "/usr/lib/python3.6/site-packages/sara/SubModLoader.py", line 183, in get_current_configs
    self.__load_config_objects_binary()
  File "/usr/lib/python3.6/site-packages/sara/SubModLoader.py", line 299, in __load_config_objects_binary
    extra_files=exf)
  File "/usr/lib/python3.6/site-packages/sara/submodules/wxprot.py", line 111, in __init__
    extra_files=extra_files)
  File "/usr/lib/python3.6/site-packages/sara/submodules/BaseConfig.py", line 80, in __init__
    self.build_dicts_from_binary()
  File "/usr/lib/python3.6/site-packages/sara/submodules/wxprot.py", line 355, in build_dicts_from_binary
    raise WXPBinaryException('wrong magic number')
sara.submodules.wxprot.WXPBinaryException: WX protection binary error: wrong magic number.

Interestingly executing it without -vvv works good:

$ sudo saractl status
SARA: enabled
Configuration: unlocked
WX Protection: enabled
WX Protection XATTRS: disabled
WX Protection user XATTRS: disabled
Trampoline emulation: available
Default: NONE
Version: 0
WX Protection: configuration loaded (1eda5850279fdab8e5c2964ed62f584bb363f171)

Below fails even when executing as root:

sudo hexdump -C /sys/kernel/security/sara/wxprot/.dump |head -n2
hexdump: /sys/kernel/security/sara/wxprot/.dump: Operation not permitted

Answer 3 · 2018-06-12T20:55:52.000Z

Can you paste the output of ls -la /sys/kernel/security/sara/wxprot/ and wc -l /etc/sara/wxprot.conf.d/*|tail -n1

Thank you

Answer 4 · 2018-06-13T13:47:30.000Z

ls -la /sys/kernel/security/sara/wxprot/
total 0
drwxr-xr-x 2 root root 0 Jun 13 13:03 .
drwxr-xr-x 4 root root 0 Jun 13 13:03 ..
-r-------- 1 root root 0 Jun 13 13:03 .dump
--w------- 1 root root 0 Jun 13 13:03 .load
-r-------- 1 root root 0 Jun 13 13:03 default_flags
-r-------- 1 root root 0 Jun 13 13:03 emutramp_available
-rw------- 1 root root 0 Jun 13 13:03 enabled
-r-------- 1 root root 0 Jun 13 13:03 hash
-r-------- 1 root root 0 Jun 13 13:03 version
-rw------- 1 root root 0 Jun 13 13:03 xattr_enabled
-rw------- 1 root root 0 Jun 13 13:03 xattr_user_allowed

wc -l /etc/sara/wxprot.conf.d/*|tail -n1
  588 total

Answer 5 · 2018-06-15T13:46:17.000Z

This issue should be solved in the latest release: https://github.com/smeso/sara/releases/latest