From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-2165-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1KkKxD-0006f1-5L
	for garchives@archives.gentoo.org; Mon, 29 Sep 2008 15:46:31 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 631E0E04DD;
	Mon, 29 Sep 2008 15:46:30 +0000 (UTC)
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173])
	by pigeon.gentoo.org (Postfix) with ESMTP id 2504CE04DD
	for <gentoo-hardened@lists.gentoo.org>; Mon, 29 Sep 2008 15:46:30 +0000 (UTC)
Received: by ug-out-1314.google.com with SMTP id m2so379118uge.39
        for <gentoo-hardened@lists.gentoo.org>; Mon, 29 Sep 2008 08:46:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type
         :content-transfer-encoding:content-disposition:references;
        bh=BQhCp4qzybecVTLBWTAR3hbn2XepACUs1JVy4ksQS1s=;
        b=Qu+OsQCPUm5jXnzltSdHtwIJ31y51muNG0qi9rP9AVRKgAuor+gUwYiwsjXhB7a2ad
         guH6hfNmM0O75Dcle50KMDbswwoqKcdcRPx24R78nfUUcPPcLgQnvrbib63+hl+w7oLE
         C8SCuImzXOX+jNlXcrWQROoseLtjuBWCAIDaM=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:content-transfer-encoding:content-disposition
         :references;
        b=hvW90WuwWTVUQTz0jZMJ9yAzyxeUT9vIsG6lAHC0bavw1YePX3Yw1g//wp1LvsItp5
         TryxSJ3YgLWNh2fGXv+hutCXKOPqnY8IDYKmeIlNSGVYn7aqZzN/KGEWP2fkV9HSWxxi
         fLysdX19N5v+WXCS0LhA52T309OCnMTL1glP4=
Received: by 10.103.173.5 with SMTP id a5mr3815768mup.117.1222703188774;
        Mon, 29 Sep 2008 08:46:28 -0700 (PDT)
Received: by 10.103.212.6 with HTTP; Mon, 29 Sep 2008 08:46:28 -0700 (PDT)
Message-ID: <897813410809290846w1c011ef5n148ac4ee614f9f68@mail.gmail.com>
Date: Mon, 29 Sep 2008 17:46:28 +0200
From: "=?ISO-8859-1?Q?Javier_Mart=EDnez?=" <tazok.id0@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] what RLIMIT_STACK mean?
In-Reply-To: <20080929152100.GA10727@home.power>
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <20080927124233.GO26472@home.power>
	 <20080929152100.GA10727@home.power>
X-Archives-Salt: 98770ac3-8ed3-4fec-aa20-88247aec7adc
X-Archives-Hash: 56857efc856994f8aeef67e605effb15

I think it's not a good idea to do what you have done, people answers
questions if they know the answer and they want to do it (and have
time to do so). Please think that you didn't pay anybody to demand
nothing.

I don't use grsecurity but it seems that cat needs to growth their
stack over the hard limit imposed (look for "ulimit -a") and it's not
permitted (to avoid DOS maybe), look for some grsec resource that
impose limits to your stack and others (as open files, cpu time...),
if it's related to grsec (as it seems to be) you will need to make
this limit bigger.



2008/9/29 Alex Efros <powerman@powerman.asdfgroup.com>:
> Hi!
>
> On Sat, Sep 27, 2008 at 03:42:33PM +0300, Alex Efros wrote:
>> Can you please explain to me what these records in my logs mean?
>>
>>     2008-09-27_11:35:55.93144 kern.alert: grsec: From 78.53.3.223: denied
>>     resource overstep by requesting 180883456 for RLIMIT_STACK against limit
>>     8388608 for /bin/cat[cat:10111] uid/euid:81/81 gid/egid:81/81, parent
>>     /usr/sbin/apache2[apache2:21930] uid/euid:81/81 gid/egid:81/81
>>
>>     2008-09-27_12:08:17.12634 kern.alert: grsec: denied resource overstep by
>>     requesting 187367424 for RLIMIT_STACK against limit 8388608 for
>>     /var/qmail/bin/qmail-local[qmail-local:22538] uid/euid:1000/1000
>>     gid/egid:100/100, parent /var/qmail/bin/qmail-local[qmail-local:22535]
>>     uid/euid:1000/1000 gid/egid:100/100
>
> Is my question too complex and nobody know the answer (or even guesses),
> or it's too stupid and everybody wait until I try google (I've tried it
> already, without success)?
>
> Is last days I also notice new alert type in log:
>
>        2008-09-29_15:14:14.47478 kern.alert: grsec: From 78.129.196.12: denied
>        resource overstep by requesting 227184640 for RLIMIT_AS against
>        limit 16000000 for /var/qmail/bin/qmail-smtpd[qmail-smtpd:6545]
>        uid/euid:201/201 gid/egid:200/200, parent
>        /usr/bin/tcpserver[tcpserver:17002] uid/euid:201/201
>        gid/egid:200/200
>
> This type of alerts arise after I added simple perl script, between
> tcpserver and qmail-smtpd, which do greylisting. And, again, these alerts
> doesn't affect server - I mean, everything works fine, no mail lost, etc.
>
> --
>                        WBR, Alex.
>
>