From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KkKYe-00042t-Gv for garchives@archives.gentoo.org; Mon, 29 Sep 2008 15:21:08 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 55240E05CA; Mon, 29 Sep 2008 15:21:07 +0000 (UTC) Received: from powerman.name (powerman.name [85.90.198.1]) by pigeon.gentoo.org (Postfix) with ESMTP id 68852E05CA for ; Mon, 29 Sep 2008 15:21:06 +0000 (UTC) Received: (qmail 9446 invoked by uid 1000); 29 Sep 2008 15:21:00 -0000 Date: Mon, 29 Sep 2008 18:21:00 +0300 From: Alex Efros To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] what RLIMIT_STACK mean? Message-ID: <20080929152100.GA10727@home.power> Mail-Followup-To: gentoo-hardened@lists.gentoo.org References: <20080927124233.GO26472@home.power> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20080927124233.GO26472@home.power> Organization: asdfGroup Inc., http://powerman.asdfGroup.com/ User-Agent: Mutt/1.5.16 (2007-06-09) X-Archives-Salt: 682b1b2b-c3bc-48c7-9c6a-d762ba5111b4 X-Archives-Hash: 9fa9271a2bdcd61c3fe9970e30a84044 Hi! On Sat, Sep 27, 2008 at 03:42:33PM +0300, Alex Efros wrote: > Can you please explain to me what these records in my logs mean? > > 2008-09-27_11:35:55.93144 kern.alert: grsec: From 78.53.3.223: denied > resource overstep by requesting 180883456 for RLIMIT_STACK against limit > 8388608 for /bin/cat[cat:10111] uid/euid:81/81 gid/egid:81/81, parent > /usr/sbin/apache2[apache2:21930] uid/euid:81/81 gid/egid:81/81 > > 2008-09-27_12:08:17.12634 kern.alert: grsec: denied resource overstep by > requesting 187367424 for RLIMIT_STACK against limit 8388608 for > /var/qmail/bin/qmail-local[qmail-local:22538] uid/euid:1000/1000 > gid/egid:100/100, parent /var/qmail/bin/qmail-local[qmail-local:22535] > uid/euid:1000/1000 gid/egid:100/100 Is my question too complex and nobody know the answer (or even guesses), or it's too stupid and everybody wait until I try google (I've tried it already, without success)? Is last days I also notice new alert type in log: 2008-09-29_15:14:14.47478 kern.alert: grsec: From 78.129.196.12: denied resource overstep by requesting 227184640 for RLIMIT_AS against limit 16000000 for /var/qmail/bin/qmail-smtpd[qmail-smtpd:6545] uid/euid:201/201 gid/egid:200/200, parent /usr/bin/tcpserver[tcpserver:17002] uid/euid:201/201 gid/egid:200/200 This type of alerts arise after I added simple perl script, between tcpserver and qmail-smtpd, which do greylisting. And, again, these alerts doesn't affect server - I mean, everything works fine, no mail lost, etc. -- WBR, Alex.