[grsec] gradm learning process segfaults
Marc Schiffbauer
marc at schiffbauer.net
Wed Nov 3 07:14:59 EST 2004
Hi,
i was using learning mode for several days which produced about 3GB
of learning logs.
After 2GB gradm crashed (2GB limit on a woody machine ...)
I then continued learning to another file.
If I try to use "gradm -L ... -O ..." on such a big file gradm eats
all memory (>3GB) and finally gets killed by the kernel due to OOM.
(machine has 512MB RAM and I extended swap to 3GB)
So I "sort"ed and "uniq"ed a concatenated version of all logs which
resulted in a learning log of about 122M in size.
Additionally I removed some lines from the log that seemed to be
"broken" or incomplete (Maybe because of the first crash while learning)
Using that new logfile gradm takes about 140M of ram and the learning process
seemed to run just fine.
But today I reopend my screened session and just saw
pluto:/home# nice gradm -L learning.root.uniq -O new_root_acl
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject /bin/bash...done.
Beginning full learning object reduction for subject /bin/hostname...done.
Beginning full learning object reduction for subject /bin/ps...done.
Beginning full learning object reduction for subject /bin/run-parts...done.
Beginning full learning object reduction for subject /bin/su...done.
Beginning full learning object reduction for subject /etc/init.d...done.
Beginning full learning object reduction for subject /etc/init.d/amavis...done.
[many more such lines]
Segmentation fault
pluto:/home#
Any hints what I now could do/try to get my new root ACL working?
-Marc
--
-------------------------------------------
Take back the Net! http://www.anti-dmca.org
-------------------------------------------
More information about the grsecurity
mailing list