Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Alex Efros <powerman@××××××××.name>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] clone(2) blocks for 30 seconds
Date: Mon, 24 Dec 2012 03:02:36
Message-Id: 20121224025800.GA13848@home.power
In Reply to: Re: [gentoo-hardened] clone(2) blocks for 30 seconds by "Francisco Blas Izquierdo Riera (klondike)"
1 Hi!
2
3 On Mon, Dec 24, 2012 at 03:37:14AM +0100, Francisco Blas Izquierdo Riera (klondike) wrote:
4 > El 24/12/12 03:16, Alex Efros escribió:
5 > > 2012-12-23_20:45:19.15938 kern.alert: grsec: From 75.101.174.3: Segmentation fault occurred at 000014e2 in /usr/sbin/apache2[apache2:5346] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:1391] uid/euid:0/0 gid/egid:0/0
6 > > 2012-12-23_20:45:19.17936 kern.alert: grsec: From 75.101.174.3: Segmentation fault occurred at 000014b6 in /usr/sbin/apache2[apache2:5302] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:1391] uid/euid:0/0 gid/egid:0/0
7 > > 2012-12-23_22:28:17.53334 kern.alert: grsec: From 91.207.5.222: Segmentation fault occurred at 00003e5a in /usr/sbin/apache2[apache2:15962] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:5461] uid/euid:0/0 gid/egid:0/0
8 > > 2012-12-23_22:28:17.69334 kern.alert: grsec: From 91.207.5.222: Segmentation fault occurred at 00003c0e in /usr/sbin/apache2[apache2:15374] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:5461] uid/euid:0/0 gid/egid:0/0
9 > > 2012-12-23_22:28:17.92335 kern.alert: grsec: From 91.207.5.222: Segmentation fault occurred at 00004214 in /usr/sbin/apache2[apache2:16916] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:5461] uid/euid:0/0 gid/egid:0/0
10 > > 2012-12-23_22:28:18.75335 kern.alert: grsec: From 91.207.5.222: Segmentation fault occurred at 00003fa4 in /usr/sbin/apache2[apache2:16292] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:5461] uid/euid:0/0 gid/egid:0/0
11 > │ CONFIG_GRKERNSEC_BRUTE: │
12 > │ │
13 > │ the parent process will be delayed 30 seconds upon every subsequent │
14 > │ fork until the administrator is able to assess the situation and │
15 > │ restart the daemon. │
16 >
17 > Likely your culprit.
18
19 Yes, thanks a lot!
20
21 I've checked these requests in logs - they are not exploits, just usual
22 requests. Most from bots. Few crashes happens even on requests sent by
23 wget running on same server by my monitoring script.
24
25 Restarting apache doesn't helps because it will crash again few hours later.
26 And this is production server and I've no idea how to debug this bug in apache.
27
28 So - only option I've is to disable this "feature"? :-/
29
30 --
31 WBR, Alex.
Report Message
Find on MARC Find on Google Groups