[grsec] Problem with grsec and awstats

John Logsdon j.logsdon at quantex-research.com
Sun Jun 5 15:27:31 EDT 2005 

>From my recent experience with xterm, I suggest that where the resource
limit is 0, it could be that you do not have the appropriate access to
some configuration or other file.

Have you tried an strace /usr/lib/cgi-bin/awstats.pl in the same
environment as you would see from the browser?

John

John Logsdon                               "Try to make things as simple
Quantex Research Ltd, Manchester UK         as possible but not simpler"
j.logsdon at quantex-research.com              a.einstein at relativity.org
+44(0)161 445 4951/G:+44(0)7717758675       www.quantex-research.com


On Sat, 4 Jun 2005 policy at gympos.sk wrote:

> On Tue, May 31, 2005 at 09:02:11AM +0200, crandler wrote:
> > Hello,
> > 
> > Do you have resource logging enabled? If not so try to do this.
> > (CONFIG_GRKERNSEC_RESLOG=y)
> > 
> > I think you encounter rlimit nproc restrictions or something like that.
> 
> RESLOG write this:
> grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE
> against limit 0 for /usr/lib/cgi-bin/awstats.pl[awstats.pl:4530]
> uid/euid:33/33 gid/egid:33/33, 
> parent /usr/local/bin/awstats-update-script[awstats-update-:4523]
> uid/euid:33/33 gid/egid:33/33
> 
> I have no limits set to this user (PAM) and my (test) GRSEC configuration is:
> #
> # Grsecurity
> #
> CONFIG_GRKERNSEC=y
> CONFIG_GRKERNSEC_CUSTOM=y
> CONFIG_GRKERNSEC_ACL_MAXTRIES=3
> CONFIG_GRKERNSEC_ACL_TIMEOUT=30
> CONFIG_GRKERNSEC_PROC=y
> CONFIG_GRKERNSEC_PROC_USER=y
> CONFIG_GRKERNSEC_RESLOG=y
> CONFIG_GRKERNSEC_SIGNAL=y
> CONFIG_GRKERNSEC_FORKFAIL=y
> CONFIG_GRKERNSEC_TIME=y
> CONFIG_GRKERNSEC_RANDNET=y
> CONFIG_GRKERNSEC_RANDSRC=y
> CONFIG_GRKERNSEC_SYSCTL=y
> CONFIG_GRKERNSEC_SYSCTL_ON=y
> CONFIG_GRKERNSEC_FLOODTIME=10
> CONFIG_GRKERNSEC_FLOODBURST=4
> Everything else is =n
> 
> > Perhaps try to set CONFIG_GRKERNSEC_EXECVE=n or 0 > execve_limiting
> > Another cause could be CONFIG_GRKERNSEC_SHM.
> 
> Both Disabled...
> 
> > If this doesn't help try to use strace.
> 
> Here're any strace logs:
> with segfault:
> http://www.gympos.sk/~policy/awstats/debug-bad.txt
> http://www.gympos.sk/~policy/awstats/debug-bad2.txt
> http://www.gympos.sk/~policy/awstats/debug-bad3.txt
> 
> without problems:
> http://www.gympos.sk/~policy/awstats/debug-ok.txt
> 
> 
> Any idea ?
> Thnx.
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
>

More information about the grsecurity mailing list