1 |
Hi! |
2 |
|
3 |
On Mon, Sep 29, 2008 at 06:10:00PM +0200, Javier Mart?nez wrote: |
4 |
> PD: to see why the stack growth so much you can only pass gdb to the |
5 |
> binary itself, as you can suppose I can't know why it happens to you. |
6 |
|
7 |
While trying to strace I got smaller example which has same effect - it |
8 |
generate grsec alert - just like qmail-smtpd, and that happens randomly, |
9 |
i.e. not on each execution - just like qmail-smtpd. |
10 |
|
11 |
Below is two executions, |
12 |
|
13 |
$ perl -e 'system("strace -p $$ -o pwd.strace.$$ &"); sleep 1; exec @ARGV' /bin/pwd |
14 |
Process 4440 attached - interrupt to quit |
15 |
/home/powerman |
16 |
Process 4440 detached |
17 |
|
18 |
$ perl -e 'system("strace -p $$ -o pwd.strace.$$ &"); sleep 1; exec @ARGV' /bin/pwd |
19 |
Process 4495 attached - interrupt to quit |
20 |
/home/powerman |
21 |
Process 4495 detached |
22 |
|
23 |
and second have generated grsec alert: |
24 |
|
25 |
2008-09-29_16:16:39.16191 kern.alert: grsec: denied resource overstep |
26 |
by requesting 35188736 for RLIMIT_STACK against limit 8388608 for |
27 |
/bin/pwd[pwd:4495] uid/euid:1000/1000 gid/egid:100/100, parent |
28 |
/bin/bash[bash:28139] uid/euid:1000/1000 gid/egid:100/100 |
29 |
|
30 |
I've attached both strace logs, but, as far as I see, there nothing |
31 |
significant there. If you give me an example how to gather important |
32 |
information using gdb - I'll do it too (I'm Perl programmer and sysadmin |
33 |
and not familiar with gdb). |
34 |
|
35 |
-- |
36 |
WBR, Alex. |