Re: [gentoo-hardened] what RLIMIT_STACK mean?

public inbox for gentoo-hardened@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Javier Martínez" <tazok.id0@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] what RLIMIT_STACK mean?
Date: Mon, 29 Sep 2008 17:46:28 +0200	[thread overview]
Message-ID: <897813410809290846w1c011ef5n148ac4ee614f9f68@mail.gmail.com> (raw)
In-Reply-To: <20080929152100.GA10727@home.power>

I think it's not a good idea to do what you have done, people answers
questions if they know the answer and they want to do it (and have
time to do so). Please think that you didn't pay anybody to demand
nothing.

I don't use grsecurity but it seems that cat needs to growth their
stack over the hard limit imposed (look for "ulimit -a") and it's not
permitted (to avoid DOS maybe), look for some grsec resource that
impose limits to your stack and others (as open files, cpu time...),
if it's related to grsec (as it seems to be) you will need to make
this limit bigger.

2008/9/29 Alex Efros <powerman@powerman.asdfgroup.com>:
> Hi!
>
> On Sat, Sep 27, 2008 at 03:42:33PM +0300, Alex Efros wrote:
>> Can you please explain to me what these records in my logs mean?
>>
>>     2008-09-27_11:35:55.93144 kern.alert: grsec: From 78.53.3.223: denied
>>     resource overstep by requesting 180883456 for RLIMIT_STACK against limit
>>     8388608 for /bin/cat[cat:10111] uid/euid:81/81 gid/egid:81/81, parent
>>     /usr/sbin/apache2[apache2:21930] uid/euid:81/81 gid/egid:81/81
>>
>>     2008-09-27_12:08:17.12634 kern.alert: grsec: denied resource overstep by
>>     requesting 187367424 for RLIMIT_STACK against limit 8388608 for
>>     /var/qmail/bin/qmail-local[qmail-local:22538] uid/euid:1000/1000
>>     gid/egid:100/100, parent /var/qmail/bin/qmail-local[qmail-local:22535]
>>     uid/euid:1000/1000 gid/egid:100/100
>
> Is my question too complex and nobody know the answer (or even guesses),
> or it's too stupid and everybody wait until I try google (I've tried it
> already, without success)?
>
> Is last days I also notice new alert type in log:
>
>        2008-09-29_15:14:14.47478 kern.alert: grsec: From 78.129.196.12: denied
>        resource overstep by requesting 227184640 for RLIMIT_AS against
>        limit 16000000 for /var/qmail/bin/qmail-smtpd[qmail-smtpd:6545]
>        uid/euid:201/201 gid/egid:200/200, parent
>        /usr/bin/tcpserver[tcpserver:17002] uid/euid:201/201
>        gid/egid:200/200
>
> This type of alerts arise after I added simple perl script, between
> tcpserver and qmail-smtpd, which do greylisting. And, again, these alerts
> doesn't affect server - I mean, everything works fine, no mail lost, etc.
>
> --
>                        WBR, Alex.
>
>

next prev parent reply	other threads:[~2008-09-29 15:46 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-09-27 12:42 [gentoo-hardened] what RLIMIT_STACK mean? Alex Efros
2008-09-29 15:21 ` Alex Efros
2008-09-29 15:46   ` Javier Martínez [this message]
2008-09-29 15:56     ` Alex Efros
2008-09-29 16:06       ` Javier Martínez
2008-09-29 16:10         ` Javier Martínez
2008-09-29 16:24           ` Alex Efros
2008-09-29 16:46   ` pageexec
2008-09-29 16:57     ` Alex Efros
2008-09-29 23:29       ` Adam James
2008-09-30  0:03         ` Alex Efros
2008-11-08 21:13       ` pageexec
2008-11-08 22:40         ` Alex Efros
2008-11-08 21:55           ` pageexec
2008-11-08 23:06             ` atoth
2008-11-09 11:44               ` pageexec
2008-11-10  6:13                 ` atoth
2008-11-10  9:24                   ` Alex Efros
2008-11-10 11:31                     ` atoth
2008-11-10 12:23                       ` Alex Efros
2008-11-10 13:24                       ` Brian Kroth
2008-11-10 12:43                         ` pageexec
2008-11-10 17:02                           ` atoth
2008-11-12  0:00                           ` Kerin Millar
2008-11-12  0:37                             ` pageexec
2008-11-09 17:40             ` Alex Efros

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=897813410809290846w1c011ef5n148ac4ee614f9f68@mail.gmail.com \
    --to=tazok.id0@gmail.com \
    --cc=gentoo-hardened@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox