From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-2170-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1KkLJz-00020o-FC
	for garchives@archives.gentoo.org; Mon, 29 Sep 2008 16:10:03 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id A1BDBE0849;
	Mon, 29 Sep 2008 16:10:02 +0000 (UTC)
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191])
	by pigeon.gentoo.org (Postfix) with ESMTP id 4B5A9E0849
	for <gentoo-hardened@lists.gentoo.org>; Mon, 29 Sep 2008 16:10:02 +0000 (UTC)
Received: by nf-out-0910.google.com with SMTP id c7so772784nfi.26
        for <gentoo-hardened@lists.gentoo.org>; Mon, 29 Sep 2008 09:10:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type
         :content-transfer-encoding:content-disposition:references;
        bh=UuJ40zBsDe3UZQ/0bMt/jRH2lxF9y8EqPJwD1M+GMtc=;
        b=UqMbkrcZL3cQQHVt/J6RI2KzRlFyNhR0NK4EnbW27JXhYGtDnANlTXH9YKoXTTNudz
         VH+mpRl1/41B5jQsTqoSa4rIYamZSNJKe3GBjhzX2GIl3yEZMWdy4rUprDBlaYrORae6
         kXmhTB2z/WUb++pnmzRw1NmHXf8NjKQCC5K7w=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:content-transfer-encoding:content-disposition
         :references;
        b=ZyDbGh7qjAjjdi5TlwzshVPpvJfwuJHa2KgqzuZeh40f38BirO4U/vnBOCYH73h4C+
         v4BtYdIIRtu2AhyK5NdEc1eKM4I2bZWR5fJiPNPOZwuuKXbsK3p6rnRgl4yLgq6uRMIX
         bSsaOZ961duoB2sIEZYX+RtSJKMw772NPF2AY=
Received: by 10.103.248.1 with SMTP id a1mr3868813mus.57.1222704600725;
        Mon, 29 Sep 2008 09:10:00 -0700 (PDT)
Received: by 10.103.212.6 with HTTP; Mon, 29 Sep 2008 09:10:00 -0700 (PDT)
Message-ID: <897813410809290910i7cf31975x8a9e770ef6e6528d@mail.gmail.com>
Date: Mon, 29 Sep 2008 18:10:00 +0200
From: "=?ISO-8859-1?Q?Javier_Mart=EDnez?=" <tazok.id0@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] what RLIMIT_STACK mean?
In-Reply-To: <897813410809290906h2e8bf167vfdf4aba86080c33f@mail.gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <20080927124233.GO26472@home.power>
	 <20080929152100.GA10727@home.power>
	 <897813410809290846w1c011ef5n148ac4ee614f9f68@mail.gmail.com>
	 <20080929155647.GA17944@home.power>
	 <897813410809290906h2e8bf167vfdf4aba86080c33f@mail.gmail.com>
X-Archives-Salt: 13dc8c96-02e6-4072-9db2-8d026ec47031
X-Archives-Hash: 8957ba0b33b19d3d5e8b2333263fab2c

PD: to see why the stack growth so much you can only pass  gdb to the
binary itself, as you can suppose I can't know why it happens to you.

2008/9/29 Javier Mart=EDnez <tazok.id0@gmail.com>:
> As I said it seems to be a problem with the rlimits, maybe
> CAP_SYS_RESOURCE privilege is not granted to the binaries affected, or
> you have problems with ulimit as I said. You can strace the binary to
> see what it does and the error code, and with a more deep knowledge of
> the problem to solve it.
>
> 2008/9/29 Alex Efros <powerman@powerman.asdfgroup.com>:
>> Hi!
>>
>> On Mon, Sep 29, 2008 at 05:46:28PM +0200, Javier Mart?nez wrote:
>>> I think it's not a good idea to do what you have done, people answers
>>> questions if they know the answer and they want to do it (and have
>>> time to do so). Please think that you didn't pay anybody to demand
>>> nothing.
>>
>> I understand, but I don't think something was wrong in this case.
>>
>> At first, I don't just "demand answers", I also spend my own time
>> contributing to community - answer questions in different maillists,
>> submit to bugzilla, etc. And have enough free soft and documentation on =
my
>> home website.
>>
>> At second, I don't just "refresh" that thread, but add new information
>> about topic which may be important for people who trying to find answer =
or
>> for people who will search this maillist later looking for same issue.
>>
>>> I don't use grsecurity but it seems that cat needs to growth their
>>> stack over the hard limit imposed (look for "ulimit -a") and it's not
>>> permitted (to avoid DOS maybe), look for some grsec resource that
>>> impose limits to your stack and others (as open files, cpu time...),
>>> if it's related to grsec (as it seems to be) you will need to make
>>> this limit bigger.
>>
>> Sorry, but this isn't an answer I looking for. I know several ways how t=
o
>> silence it - for example, I can just filter these records from logs.
>> My questions isn't "how to fix it", but "what is it" instead. Before
>> fixing something it's always good idea to understand what and why you're
>> fixing first.
>>
>> I don't understand these errors, and that's my problem.
>> If it's just "ulimit" thing, then it mean kernel should KILL these
>> processes. But this isn't happens - or there should be other noticeable
>> issues like undelivered mail or so, which I don't notice for now.
>>
>> --
>>                        WBR, Alex.
>>
>>
>