| 1 |
Hi! |
| 2 |
|
| 3 |
On Mon, Sep 29, 2008 at 06:10:00PM +0200, Javier Mart?nez wrote: |
| 4 |
> PD: to see why the stack growth so much you can only pass gdb to the |
| 5 |
> binary itself, as you can suppose I can't know why it happens to you. |
| 6 |
|
| 7 |
While trying to strace I got smaller example which has same effect - it |
| 8 |
generate grsec alert - just like qmail-smtpd, and that happens randomly, |
| 9 |
i.e. not on each execution - just like qmail-smtpd. |
| 10 |
|
| 11 |
Below is two executions, |
| 12 |
|
| 13 |
$ perl -e 'system("strace -p $$ -o pwd.strace.$$ &"); sleep 1; exec @ARGV' /bin/pwd |
| 14 |
Process 4440 attached - interrupt to quit |
| 15 |
/home/powerman |
| 16 |
Process 4440 detached |
| 17 |
|
| 18 |
$ perl -e 'system("strace -p $$ -o pwd.strace.$$ &"); sleep 1; exec @ARGV' /bin/pwd |
| 19 |
Process 4495 attached - interrupt to quit |
| 20 |
/home/powerman |
| 21 |
Process 4495 detached |
| 22 |
|
| 23 |
and second have generated grsec alert: |
| 24 |
|
| 25 |
2008-09-29_16:16:39.16191 kern.alert: grsec: denied resource overstep |
| 26 |
by requesting 35188736 for RLIMIT_STACK against limit 8388608 for |
| 27 |
/bin/pwd[pwd:4495] uid/euid:1000/1000 gid/egid:100/100, parent |
| 28 |
/bin/bash[bash:28139] uid/euid:1000/1000 gid/egid:100/100 |
| 29 |
|
| 30 |
I've attached both strace logs, but, as far as I see, there nothing |
| 31 |
significant there. If you give me an example how to gather important |
| 32 |
information using gdb - I'll do it too (I'm Perl programmer and sysadmin |
| 33 |
and not familiar with gdb). |
| 34 |
|
| 35 |
-- |
| 36 |
WBR, Alex. |
Archives