Re: [gentoo-hardened] what RLIMIT_STACK mean?

public inbox for gentoo-hardened@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Javier Martínez" <tazok.id0@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] what RLIMIT_STACK mean?
Date: Mon, 29 Sep 2008 18:10:00 +0200	[thread overview]
Message-ID: <897813410809290910i7cf31975x8a9e770ef6e6528d@mail.gmail.com> (raw)
In-Reply-To: <897813410809290906h2e8bf167vfdf4aba86080c33f@mail.gmail.com>

PD: to see why the stack growth so much you can only pass  gdb to the
binary itself, as you can suppose I can't know why it happens to you.

2008/9/29 Javier Martínez <tazok.id0@gmail.com>:
> As I said it seems to be a problem with the rlimits, maybe
> CAP_SYS_RESOURCE privilege is not granted to the binaries affected, or
> you have problems with ulimit as I said. You can strace the binary to
> see what it does and the error code, and with a more deep knowledge of
> the problem to solve it.
>
> 2008/9/29 Alex Efros <powerman@powerman.asdfgroup.com>:
>> Hi!
>>
>> On Mon, Sep 29, 2008 at 05:46:28PM +0200, Javier Mart?nez wrote:
>>> I think it's not a good idea to do what you have done, people answers
>>> questions if they know the answer and they want to do it (and have
>>> time to do so). Please think that you didn't pay anybody to demand
>>> nothing.
>>
>> I understand, but I don't think something was wrong in this case.
>>
>> At first, I don't just "demand answers", I also spend my own time
>> contributing to community - answer questions in different maillists,
>> submit to bugzilla, etc. And have enough free soft and documentation on my
>> home website.
>>
>> At second, I don't just "refresh" that thread, but add new information
>> about topic which may be important for people who trying to find answer or
>> for people who will search this maillist later looking for same issue.
>>
>>> I don't use grsecurity but it seems that cat needs to growth their
>>> stack over the hard limit imposed (look for "ulimit -a") and it's not
>>> permitted (to avoid DOS maybe), look for some grsec resource that
>>> impose limits to your stack and others (as open files, cpu time...),
>>> if it's related to grsec (as it seems to be) you will need to make
>>> this limit bigger.
>>
>> Sorry, but this isn't an answer I looking for. I know several ways how to
>> silence it - for example, I can just filter these records from logs.
>> My questions isn't "how to fix it", but "what is it" instead. Before
>> fixing something it's always good idea to understand what and why you're
>> fixing first.
>>
>> I don't understand these errors, and that's my problem.
>> If it's just "ulimit" thing, then it mean kernel should KILL these
>> processes. But this isn't happens - or there should be other noticeable
>> issues like undelivered mail or so, which I don't notice for now.
>>
>> --
>>                        WBR, Alex.
>>
>>
>

next prev parent reply	other threads:[~2008-09-29 16:10 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-09-27 12:42 [gentoo-hardened] what RLIMIT_STACK mean? Alex Efros
2008-09-29 15:21 ` Alex Efros
2008-09-29 15:46   ` Javier Martínez
2008-09-29 15:56     ` Alex Efros
2008-09-29 16:06       ` Javier Martínez
2008-09-29 16:10         ` Javier Martínez [this message]
2008-09-29 16:24           ` Alex Efros
2008-09-29 16:46   ` pageexec
2008-09-29 16:57     ` Alex Efros
2008-09-29 23:29       ` Adam James
2008-09-30  0:03         ` Alex Efros
2008-11-08 21:13       ` pageexec
2008-11-08 22:40         ` Alex Efros
2008-11-08 21:55           ` pageexec
2008-11-08 23:06             ` atoth
2008-11-09 11:44               ` pageexec
2008-11-10  6:13                 ` atoth
2008-11-10  9:24                   ` Alex Efros
2008-11-10 11:31                     ` atoth
2008-11-10 12:23                       ` Alex Efros
2008-11-10 13:24                       ` Brian Kroth
2008-11-10 12:43                         ` pageexec
2008-11-10 17:02                           ` atoth
2008-11-12  0:00                           ` Kerin Millar
2008-11-12  0:37                             ` pageexec
2008-11-09 17:40             ` Alex Efros

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=897813410809290910i7cf31975x8a9e770ef6e6528d@mail.gmail.com \
    --to=tazok.id0@gmail.com \
    --cc=gentoo-hardened@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox