From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-2169-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1KkLGC-0001MZ-UC
	for garchives@archives.gentoo.org; Mon, 29 Sep 2008 16:06:09 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 87C77E0818;
	Mon, 29 Sep 2008 16:06:07 +0000 (UTC)
Received: from gv-out-0910.google.com (gv-out-0910.google.com [216.239.58.189])
	by pigeon.gentoo.org (Postfix) with ESMTP id 4672FE0818
	for <gentoo-hardened@lists.gentoo.org>; Mon, 29 Sep 2008 16:06:07 +0000 (UTC)
Received: by gv-out-0910.google.com with SMTP id n8so102386gve.39
        for <gentoo-hardened@lists.gentoo.org>; Mon, 29 Sep 2008 09:06:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type
         :content-transfer-encoding:content-disposition:references;
        bh=8dO4FhRo/wadjfjZr3kk+FpWfC5MjPbVM2HaC5Mzjc4=;
        b=qHGUEfjI4uWNdPWoYjyWP9ZzVDKvzGEMFbiaoFTnlE6prZu4pqRJt0Q1TGEU77Nhhp
         NVXH3SiWSJAPsuPlrX5INV0fnQfyu9j3CiDvXkzYG7w4qX9PZT6l8A/+WUGoL4bxj//G
         B4kTbtsZmRqfCN+HPag6eGwHmdTdN0ED1IJ2Q=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:content-transfer-encoding:content-disposition
         :references;
        b=dRNlTv82VJFRDBXUWHapVKAvnon3nee6DiuPo7rMvDay5xFUYnVIqBWlSoD+i6jGy4
         qMcFG56wVzqU/kRQPYj/saF8gMeCGeEBpdMPO4hKidaufJNJKYILitBef66RlZ/wfd4E
         mY5FpVq5Tv2CZJrKSqYK1yKgyzMSaMl9nvpio=
Received: by 10.103.225.11 with SMTP id c11mr3877555mur.32.1222704365770;
        Mon, 29 Sep 2008 09:06:05 -0700 (PDT)
Received: by 10.103.212.6 with HTTP; Mon, 29 Sep 2008 09:06:05 -0700 (PDT)
Message-ID: <897813410809290906h2e8bf167vfdf4aba86080c33f@mail.gmail.com>
Date: Mon, 29 Sep 2008 18:06:05 +0200
From: "=?ISO-8859-1?Q?Javier_Mart=EDnez?=" <tazok.id0@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] what RLIMIT_STACK mean?
In-Reply-To: <20080929155647.GA17944@home.power>
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <20080927124233.GO26472@home.power>
	 <20080929152100.GA10727@home.power>
	 <897813410809290846w1c011ef5n148ac4ee614f9f68@mail.gmail.com>
	 <20080929155647.GA17944@home.power>
X-Archives-Salt: 0f80bb7b-be6b-4920-918a-0ab92f1a50be
X-Archives-Hash: 92c6e8f54504a19625bdf0296a4ce595

As I said it seems to be a problem with the rlimits, maybe
CAP_SYS_RESOURCE privilege is not granted to the binaries affected, or
you have problems with ulimit as I said. You can strace the binary to
see what it does and the error code, and with a more deep knowledge of
the problem to solve it.

2008/9/29 Alex Efros <powerman@powerman.asdfgroup.com>:
> Hi!
>
> On Mon, Sep 29, 2008 at 05:46:28PM +0200, Javier Mart?nez wrote:
>> I think it's not a good idea to do what you have done, people answers
>> questions if they know the answer and they want to do it (and have
>> time to do so). Please think that you didn't pay anybody to demand
>> nothing.
>
> I understand, but I don't think something was wrong in this case.
>
> At first, I don't just "demand answers", I also spend my own time
> contributing to community - answer questions in different maillists,
> submit to bugzilla, etc. And have enough free soft and documentation on my
> home website.
>
> At second, I don't just "refresh" that thread, but add new information
> about topic which may be important for people who trying to find answer or
> for people who will search this maillist later looking for same issue.
>
>> I don't use grsecurity but it seems that cat needs to growth their
>> stack over the hard limit imposed (look for "ulimit -a") and it's not
>> permitted (to avoid DOS maybe), look for some grsec resource that
>> impose limits to your stack and others (as open files, cpu time...),
>> if it's related to grsec (as it seems to be) you will need to make
>> this limit bigger.
>
> Sorry, but this isn't an answer I looking for. I know several ways how to
> silence it - for example, I can just filter these records from logs.
> My questions isn't "how to fix it", but "what is it" instead. Before
> fixing something it's always good idea to understand what and why you're
> fixing first.
>
> I don't understand these errors, and that's my problem.
> If it's just "ulimit" thing, then it mean kernel should KILL these
> processes. But this isn't happens - or there should be other noticeable
> issues like undelivered mail or so, which I don't notice for now.
>
> --
>                        WBR, Alex.
>
>