[grsec] Update: [Was: Kernel 2.6.10-as2-grsec-20050124: proftpdsegfaulting (11 / SIGSEGV)]

Wolfpaw - Dale Corse admin-lists at wolfpaw.net
Thu Feb 17 23:09:14 EST 2005 

How many sessions are active when it dies? Sounds like its hitting
MaxClients, or a descriptor limit. The fact proftpd was compiled with
GRSec active would make no difference at all.

D.

> -----Original Message-----
> From: grsecurity-bounces at grsecurity.net 
> [mailto:grsecurity-bounces at grsecurity.net] On Behalf Of fire-eyes
> Sent: Thursday, February 17, 2005 7:56 AM
> To: grsecurity at grsecurity.net
> Subject: [grsec] Update: [Was: Kernel 
> 2.6.10-as2-grsec-20050124: proftpdsegfaulting (11 / SIGSEGV)]
> 
> 
> On Wed, 2005-02-16 at 14:17 -0500, fire-eyes wrote:
> > I'm running kernel 2.6.10, with the as2 patch, with grsecurity 
> > 20050124 patch.
> > 
> > I've been thrilled with it using it here on a server, 
> except for one 
> > problem i've run into. Proftpd keeps segfaulting , that is, 
> signal 11 
> > (SIGSEGV).
> > 
> > It worked fine for all of today, up till a while ago (while 
> I was at 
> > lunch, of course :P ), then clients could not log in, their FTP 
> > sessions were immediately closed.
> > 
> > Logs show many lines similar to:
> > 
> > grsec: From 192.168.1.128: signal 11 sen
> > to /usr/sbin/proftpd[proftpd:386]
> > uid/euid:0/1001 gid/egid:407/407,
> > parent /usr/sbin/proftpd[proftpd:29018]
> > 
> > Now, does this mean grsecurity sent that signal? Or is this 
> just the 
> > signal logging?
> > 
> > I repeatedly stopped proftpd and started it back up, and 
> kept getting 
> > the same problem.
> > 
> > I rebooted to 2.6.10, and I am not having this problem, but 
> needless 
> > to say I'm very nervous.
> 
> Update: 
> 
> I'm running 2.6.10 and after a few hours of running fine this 
> morning, the same thing is happening to clients. Sessions 
> terminated. Obviously I don't get that log line.
> 
> So this does not appear to me related to grsec, unless the 
> fact that I compiled proftpd whilst using grsec could enter 
> in as a factor.
> 
> Thanks for posting this :)
> 
> 
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net 
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
> 
>

More information about the grsecurity mailing list