Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Kerin Millar <kerframil@×××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] what RLIMIT_STACK mean?
Date: Wed, 12 Nov 2008 00:00:27
Message-Id: 279fbba40811111600q1ae72296i2320b34839581260@mail.gmail.com
In Reply to: Re: [gentoo-hardened] what RLIMIT_STACK mean? by pageexec@freemail.hu
1 2008/11/10 <pageexec@××××××××.hu>:
2 > On 10 Nov 2008 at 7:24, Brian Kroth wrote:
3 >
4 >> atoth@××××××××××.hu <atoth@××××××××××.hu> 2008-11-10 12:31:
5
6 [snip]
7
8 >> grsec: denied resource overstep by requesting 4511036391424 for
9 >> RLIMIT_STACK against limit 8388608 for /bin/pwd[pwd:18765]
10 >> uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:18636]
11 >> uid/euid:1000/1000 gid/egid:1000/1000
12 >
13 > now this one definitely looks fishy and spender's looking into it already.
14
15 I experience a similar pattern with postfix. Here's a recent excerpt
16 from my kernel buffer:
17
18 [ 59.748463] grsec: denied resource overstep by requesting
19 6014915829760 for RLIMIT_STACK against limit 8388608 for
20 /etc/postfix/postfix-script[postfix-script:2981] uid/euid:0/0
21 gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:2962]
22 uid/euid:0/0 gid/egid:0/0
23 [91229.698383] grsec: From 212.183.136.195: denied resource overstep
24 by requesting 2982265733120 for RLIMIT_STACK against limit 8388608 for
25 /etc/postfix/postfix-script[postfix-script:15670] uid/euid:0/0
26 gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:15663]
27 uid/euid:0/0 gid/egid:0/0
28 [91466.615149] grsec: From 212.183.136.195: denied resource overstep
29 by requesting 7585593999360 for RLIMIT_STACK against limit 8388608 for
30 /etc/postfix/postfix-script[postfix-script:15876] uid/euid:0/0
31 gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:15869]
32 uid/euid:0/0 gid/egid:0/0
33 [91852.302529] grsec: From 212.183.136.195: denied resource overstep
34 by requesting 4286678908928 for RLIMIT_STACK against limit 8388608 for
35 /etc/postfix/postfix-script[postfix-script:16148] uid/euid:0/0
36 gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:16141]
37 uid/euid:0/0 gid/egid:0/0
38 [97084.194476] grsec: From 192.168.254.88: denied resource overstep by
39 requesting 12760106696704 for RLIMIT_STACK against limit 8388608 for
40 /etc/postfix/postfix-script[postfix-script:18069] uid/euid:0/0
41 gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:18062]
42 uid/euid:0/0 gid/egid:0/0
43 [97084.591375] grsec: From 192.168.254.88: denied resource overstep by
44 requesting 6147866898432 for RLIMIT_STACK against limit 8388608 for
45 /etc/postfix/postfix-script[postfix-script:18084] uid/euid:0/0
46 gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:18076]
47 uid/euid:0/0 gid/egid:0/0
48 [97104.279223] grsec: From 192.168.254.88: denied resource overstep by
49 requesting 3078062882816 for RLIMIT_STACK against limit 8388608 for
50 /etc/postfix/postfix-script[postfix-script:18183] uid/euid:0/0
51 gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:18175]
52 uid/euid:0/0 gid/egid:0/0
53 [98499.165117] grsec: From 192.168.254.88: denied resource overstep by
54 requesting 973333118976 for RLIMIT_STACK against limit 8388608 for
55 /etc/postfix/postfix-script[postfix-script:18685] uid/euid:0/0
56 gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:18677]
57 uid/euid:0/0 gid/egid:0/0
58 [335157.025790] grsec: From 212.183.134.66: denied resource overstep
59 by requesting 10497186820096 for RLIMIT_STACK against limit 8388608
60 for /etc/postfix/postfix-script[postfix-script:1557] uid/euid:0/0
61 gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:1550]
62 uid/euid:0/0 gid/egid:0/0
63 [431086.838131] grsec: From 192.168.254.88: denied resource overstep
64 by requesting 3096323715072 for RLIMIT_STACK against limit 8388608 for
65 /etc/postfix/postfix-script[postfix-script:23575] uid/euid:0/0
66 gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:23568]
67 uid/euid:0/0 gid/egid:0/0
68
69 This has been going on for a long time now. I had assumed that postfix
70 was to blame and was intending to investigate further at some point
71 (but, of course, I never did). If there is anything that I can do that
72 may help to shed light on the matter then please do let me know.
73
74 Cheers,
75
76 --Kerin

Replies

Subject Author
Re: [gentoo-hardened] what RLIMIT_STACK mean? pageexec@××××××××.hu
Report Message
Find on MARC Find on Google Groups