From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KkLJz-00020o-FC for garchives@archives.gentoo.org; Mon, 29 Sep 2008 16:10:03 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A1BDBE0849; Mon, 29 Sep 2008 16:10:02 +0000 (UTC) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191]) by pigeon.gentoo.org (Postfix) with ESMTP id 4B5A9E0849 for ; Mon, 29 Sep 2008 16:10:02 +0000 (UTC) Received: by nf-out-0910.google.com with SMTP id c7so772784nfi.26 for ; Mon, 29 Sep 2008 09:10:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=UuJ40zBsDe3UZQ/0bMt/jRH2lxF9y8EqPJwD1M+GMtc=; b=UqMbkrcZL3cQQHVt/J6RI2KzRlFyNhR0NK4EnbW27JXhYGtDnANlTXH9YKoXTTNudz VH+mpRl1/41B5jQsTqoSa4rIYamZSNJKe3GBjhzX2GIl3yEZMWdy4rUprDBlaYrORae6 kXmhTB2z/WUb++pnmzRw1NmHXf8NjKQCC5K7w= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=ZyDbGh7qjAjjdi5TlwzshVPpvJfwuJHa2KgqzuZeh40f38BirO4U/vnBOCYH73h4C+ v4BtYdIIRtu2AhyK5NdEc1eKM4I2bZWR5fJiPNPOZwuuKXbsK3p6rnRgl4yLgq6uRMIX bSsaOZ961duoB2sIEZYX+RtSJKMw772NPF2AY= Received: by 10.103.248.1 with SMTP id a1mr3868813mus.57.1222704600725; Mon, 29 Sep 2008 09:10:00 -0700 (PDT) Received: by 10.103.212.6 with HTTP; Mon, 29 Sep 2008 09:10:00 -0700 (PDT) Message-ID: <897813410809290910i7cf31975x8a9e770ef6e6528d@mail.gmail.com> Date: Mon, 29 Sep 2008 18:10:00 +0200 From: "=?ISO-8859-1?Q?Javier_Mart=EDnez?=" To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] what RLIMIT_STACK mean? In-Reply-To: <897813410809290906h2e8bf167vfdf4aba86080c33f@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20080927124233.GO26472@home.power> <20080929152100.GA10727@home.power> <897813410809290846w1c011ef5n148ac4ee614f9f68@mail.gmail.com> <20080929155647.GA17944@home.power> <897813410809290906h2e8bf167vfdf4aba86080c33f@mail.gmail.com> X-Archives-Salt: 13dc8c96-02e6-4072-9db2-8d026ec47031 X-Archives-Hash: 8957ba0b33b19d3d5e8b2333263fab2c PD: to see why the stack growth so much you can only pass gdb to the binary itself, as you can suppose I can't know why it happens to you. 2008/9/29 Javier Mart=EDnez : > As I said it seems to be a problem with the rlimits, maybe > CAP_SYS_RESOURCE privilege is not granted to the binaries affected, or > you have problems with ulimit as I said. You can strace the binary to > see what it does and the error code, and with a more deep knowledge of > the problem to solve it. > > 2008/9/29 Alex Efros : >> Hi! >> >> On Mon, Sep 29, 2008 at 05:46:28PM +0200, Javier Mart?nez wrote: >>> I think it's not a good idea to do what you have done, people answers >>> questions if they know the answer and they want to do it (and have >>> time to do so). Please think that you didn't pay anybody to demand >>> nothing. >> >> I understand, but I don't think something was wrong in this case. >> >> At first, I don't just "demand answers", I also spend my own time >> contributing to community - answer questions in different maillists, >> submit to bugzilla, etc. And have enough free soft and documentation on = my >> home website. >> >> At second, I don't just "refresh" that thread, but add new information >> about topic which may be important for people who trying to find answer = or >> for people who will search this maillist later looking for same issue. >> >>> I don't use grsecurity but it seems that cat needs to growth their >>> stack over the hard limit imposed (look for "ulimit -a") and it's not >>> permitted (to avoid DOS maybe), look for some grsec resource that >>> impose limits to your stack and others (as open files, cpu time...), >>> if it's related to grsec (as it seems to be) you will need to make >>> this limit bigger. >> >> Sorry, but this isn't an answer I looking for. I know several ways how t= o >> silence it - for example, I can just filter these records from logs. >> My questions isn't "how to fix it", but "what is it" instead. Before >> fixing something it's always good idea to understand what and why you're >> fixing first. >> >> I don't understand these errors, and that's my problem. >> If it's just "ulimit" thing, then it mean kernel should KILL these >> processes. But this isn't happens - or there should be other noticeable >> issues like undelivered mail or so, which I don't notice for now. >> >> -- >> WBR, Alex. >> >> >