From: "Kerin Millar" <kerframil@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] what RLIMIT_STACK mean?
Date: Wed, 12 Nov 2008 00:00:05 +0000 [thread overview]
Message-ID: <279fbba40811111600q1ae72296i2320b34839581260@mail.gmail.com> (raw)
In-Reply-To: <49183A77.9865.1577A2D@pageexec.freemail.hu>
2008/11/10 <pageexec@freemail.hu>:
> On 10 Nov 2008 at 7:24, Brian Kroth wrote:
>
>> atoth@atoth.sote.hu <atoth@atoth.sote.hu> 2008-11-10 12:31:
[snip]
>> grsec: denied resource overstep by requesting 4511036391424 for
>> RLIMIT_STACK against limit 8388608 for /bin/pwd[pwd:18765]
>> uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:18636]
>> uid/euid:1000/1000 gid/egid:1000/1000
>
> now this one definitely looks fishy and spender's looking into it already.
I experience a similar pattern with postfix. Here's a recent excerpt
from my kernel buffer:
[ 59.748463] grsec: denied resource overstep by requesting
6014915829760 for RLIMIT_STACK against limit 8388608 for
/etc/postfix/postfix-script[postfix-script:2981] uid/euid:0/0
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:2962]
uid/euid:0/0 gid/egid:0/0
[91229.698383] grsec: From 212.183.136.195: denied resource overstep
by requesting 2982265733120 for RLIMIT_STACK against limit 8388608 for
/etc/postfix/postfix-script[postfix-script:15670] uid/euid:0/0
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:15663]
uid/euid:0/0 gid/egid:0/0
[91466.615149] grsec: From 212.183.136.195: denied resource overstep
by requesting 7585593999360 for RLIMIT_STACK against limit 8388608 for
/etc/postfix/postfix-script[postfix-script:15876] uid/euid:0/0
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:15869]
uid/euid:0/0 gid/egid:0/0
[91852.302529] grsec: From 212.183.136.195: denied resource overstep
by requesting 4286678908928 for RLIMIT_STACK against limit 8388608 for
/etc/postfix/postfix-script[postfix-script:16148] uid/euid:0/0
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:16141]
uid/euid:0/0 gid/egid:0/0
[97084.194476] grsec: From 192.168.254.88: denied resource overstep by
requesting 12760106696704 for RLIMIT_STACK against limit 8388608 for
/etc/postfix/postfix-script[postfix-script:18069] uid/euid:0/0
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:18062]
uid/euid:0/0 gid/egid:0/0
[97084.591375] grsec: From 192.168.254.88: denied resource overstep by
requesting 6147866898432 for RLIMIT_STACK against limit 8388608 for
/etc/postfix/postfix-script[postfix-script:18084] uid/euid:0/0
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:18076]
uid/euid:0/0 gid/egid:0/0
[97104.279223] grsec: From 192.168.254.88: denied resource overstep by
requesting 3078062882816 for RLIMIT_STACK against limit 8388608 for
/etc/postfix/postfix-script[postfix-script:18183] uid/euid:0/0
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:18175]
uid/euid:0/0 gid/egid:0/0
[98499.165117] grsec: From 192.168.254.88: denied resource overstep by
requesting 973333118976 for RLIMIT_STACK against limit 8388608 for
/etc/postfix/postfix-script[postfix-script:18685] uid/euid:0/0
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:18677]
uid/euid:0/0 gid/egid:0/0
[335157.025790] grsec: From 212.183.134.66: denied resource overstep
by requesting 10497186820096 for RLIMIT_STACK against limit 8388608
for /etc/postfix/postfix-script[postfix-script:1557] uid/euid:0/0
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:1550]
uid/euid:0/0 gid/egid:0/0
[431086.838131] grsec: From 192.168.254.88: denied resource overstep
by requesting 3096323715072 for RLIMIT_STACK against limit 8388608 for
/etc/postfix/postfix-script[postfix-script:23575] uid/euid:0/0
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:23568]
uid/euid:0/0 gid/egid:0/0
This has been going on for a long time now. I had assumed that postfix
was to blame and was intending to investigate further at some point
(but, of course, I never did). If there is anything that I can do that
may help to shed light on the matter then please do let me know.
Cheers,
--Kerin
next prev parent reply other threads:[~2008-11-12 0:00 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-27 12:42 [gentoo-hardened] what RLIMIT_STACK mean? Alex Efros
2008-09-29 15:21 ` Alex Efros
2008-09-29 15:46 ` Javier Martínez
2008-09-29 15:56 ` Alex Efros
2008-09-29 16:06 ` Javier Martínez
2008-09-29 16:10 ` Javier Martínez
2008-09-29 16:24 ` Alex Efros
2008-09-29 16:46 ` pageexec
2008-09-29 16:57 ` Alex Efros
2008-09-29 23:29 ` Adam James
2008-09-30 0:03 ` Alex Efros
2008-11-08 21:13 ` pageexec
2008-11-08 22:40 ` Alex Efros
2008-11-08 21:55 ` pageexec
2008-11-08 23:06 ` atoth
2008-11-09 11:44 ` pageexec
2008-11-10 6:13 ` atoth
2008-11-10 9:24 ` Alex Efros
2008-11-10 11:31 ` atoth
2008-11-10 12:23 ` Alex Efros
2008-11-10 13:24 ` Brian Kroth
2008-11-10 12:43 ` pageexec
2008-11-10 17:02 ` atoth
2008-11-12 0:00 ` Kerin Millar [this message]
2008-11-12 0:37 ` pageexec
2008-11-09 17:40 ` Alex Efros
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=279fbba40811111600q1ae72296i2320b34839581260@mail.gmail.com \
--to=kerframil@gmail.com \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox