1 |
2008/11/10 <pageexec@××××××××.hu>: |
2 |
> On 10 Nov 2008 at 7:24, Brian Kroth wrote: |
3 |
> |
4 |
>> atoth@××××××××××.hu <atoth@××××××××××.hu> 2008-11-10 12:31: |
5 |
|
6 |
[snip] |
7 |
|
8 |
>> grsec: denied resource overstep by requesting 4511036391424 for |
9 |
>> RLIMIT_STACK against limit 8388608 for /bin/pwd[pwd:18765] |
10 |
>> uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:18636] |
11 |
>> uid/euid:1000/1000 gid/egid:1000/1000 |
12 |
> |
13 |
> now this one definitely looks fishy and spender's looking into it already. |
14 |
|
15 |
I experience a similar pattern with postfix. Here's a recent excerpt |
16 |
from my kernel buffer: |
17 |
|
18 |
[ 59.748463] grsec: denied resource overstep by requesting |
19 |
6014915829760 for RLIMIT_STACK against limit 8388608 for |
20 |
/etc/postfix/postfix-script[postfix-script:2981] uid/euid:0/0 |
21 |
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:2962] |
22 |
uid/euid:0/0 gid/egid:0/0 |
23 |
[91229.698383] grsec: From 212.183.136.195: denied resource overstep |
24 |
by requesting 2982265733120 for RLIMIT_STACK against limit 8388608 for |
25 |
/etc/postfix/postfix-script[postfix-script:15670] uid/euid:0/0 |
26 |
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:15663] |
27 |
uid/euid:0/0 gid/egid:0/0 |
28 |
[91466.615149] grsec: From 212.183.136.195: denied resource overstep |
29 |
by requesting 7585593999360 for RLIMIT_STACK against limit 8388608 for |
30 |
/etc/postfix/postfix-script[postfix-script:15876] uid/euid:0/0 |
31 |
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:15869] |
32 |
uid/euid:0/0 gid/egid:0/0 |
33 |
[91852.302529] grsec: From 212.183.136.195: denied resource overstep |
34 |
by requesting 4286678908928 for RLIMIT_STACK against limit 8388608 for |
35 |
/etc/postfix/postfix-script[postfix-script:16148] uid/euid:0/0 |
36 |
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:16141] |
37 |
uid/euid:0/0 gid/egid:0/0 |
38 |
[97084.194476] grsec: From 192.168.254.88: denied resource overstep by |
39 |
requesting 12760106696704 for RLIMIT_STACK against limit 8388608 for |
40 |
/etc/postfix/postfix-script[postfix-script:18069] uid/euid:0/0 |
41 |
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:18062] |
42 |
uid/euid:0/0 gid/egid:0/0 |
43 |
[97084.591375] grsec: From 192.168.254.88: denied resource overstep by |
44 |
requesting 6147866898432 for RLIMIT_STACK against limit 8388608 for |
45 |
/etc/postfix/postfix-script[postfix-script:18084] uid/euid:0/0 |
46 |
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:18076] |
47 |
uid/euid:0/0 gid/egid:0/0 |
48 |
[97104.279223] grsec: From 192.168.254.88: denied resource overstep by |
49 |
requesting 3078062882816 for RLIMIT_STACK against limit 8388608 for |
50 |
/etc/postfix/postfix-script[postfix-script:18183] uid/euid:0/0 |
51 |
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:18175] |
52 |
uid/euid:0/0 gid/egid:0/0 |
53 |
[98499.165117] grsec: From 192.168.254.88: denied resource overstep by |
54 |
requesting 973333118976 for RLIMIT_STACK against limit 8388608 for |
55 |
/etc/postfix/postfix-script[postfix-script:18685] uid/euid:0/0 |
56 |
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:18677] |
57 |
uid/euid:0/0 gid/egid:0/0 |
58 |
[335157.025790] grsec: From 212.183.134.66: denied resource overstep |
59 |
by requesting 10497186820096 for RLIMIT_STACK against limit 8388608 |
60 |
for /etc/postfix/postfix-script[postfix-script:1557] uid/euid:0/0 |
61 |
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:1550] |
62 |
uid/euid:0/0 gid/egid:0/0 |
63 |
[431086.838131] grsec: From 192.168.254.88: denied resource overstep |
64 |
by requesting 3096323715072 for RLIMIT_STACK against limit 8388608 for |
65 |
/etc/postfix/postfix-script[postfix-script:23575] uid/euid:0/0 |
66 |
gid/egid:0/0, parent /lib64/rc/sh/runscript.sh[runscript.sh:23568] |
67 |
uid/euid:0/0 gid/egid:0/0 |
68 |
|
69 |
This has been going on for a long time now. I had assumed that postfix |
70 |
was to blame and was intending to investigate further at some point |
71 |
(but, of course, I never did). If there is anything that I can do that |
72 |
may help to shed light on the matter then please do let me know. |
73 |
|
74 |
Cheers, |
75 |
|
76 |
--Kerin |