[grsec] pid randomization problem - process won't execute and
will return zero value
General Stone
generalstone at gmx.net
Mon Aug 22 09:29:05 EDT 2005
On Sun, Aug 21, 2005 at 08:09:03PM -0400, Brad Spengler wrote:
> > on systems with pid randomization enabled (CONFIG_GRKERNSEC_RANDPID=y),
> > following will happen (example):
> >
> > $ time until /bin/false; do :; done
> >
> > real 0m5.336s
> > user 0m1.583s
> > sys 0m3.308s
>
> It seems that the problem occurs on a regular Linux kernel as well, it
> just takes longer (tested on 2.6.11.12):
> spender at gw:~$ time until /bin/false; do :; done
>
> real 1m28.695s
> user 0m15.730s
> sys 0m42.141s
>
> spender at gw:~$ time until /bin/false; do :; done
>
> real 54m1.585s
> user 14m23.566s
> sys 35m39.655s
>
> So is the problem that it happens too quickly with a grsec kernel?
> Also, am I the only one who can replicate this problem in a clean Linux
> kernel?
>
> -Brad
I have tested it with a 166MHz with 128MB RAM and 2,4GHz with 1,5GB RAM
machine and these two scripts,
1.) 'time until /bin/false; do :; done' and
2.) 'time until /bin/false; do ps fax | grep "/bin/false"; done'
2,4GHz with 1,5GB:
to 1.) same problem that was reported:
real 0m4.119s
user 0m0.941s
sys 0m3.161s
to 2.) endless loop (what we want), but with grsec messages:
Aug 22 14:37:32 t-39-6-gs kernel: grsec: denied resource
overstep by requesting 80916480 for RLIMIT_STACK against
limit 8388608 for /[false:3840] uid/euid:0/0 gid/egid:0/0,
parent /bin/bash[bash:20034] uid/euid:0/0 gid/egid:0/0
Aug 22 14:37:32 t-39-6-gs kernel: grsec: denied resource
overstep by requesting 80916480 for RLIMIT_STACK against
limit 8388608 for /[false:3840] uid/euid:0/0 gid/egid:0/0,
parent /bin/bash[bash:20034] uid/euid:0/0 gid/egid:0/0
Aug 22 14:38:05 t-39-6-gs kernel: grsec: denied resource
overstep by requesting 122695680 for RLIMIT_STACK
against limit 8388608 for /[false:28317] uid/euid:0/0 gid/egid:0/0,
parent /bin/bash[bash:20034] uid/euid:0/0 gid/egid:0/0
Aug 22 14:38:05 t-39-6-gs kernel: grsec: denied resource
overstep by requesting 122695680 for RLIMIT_STACK
against limit 8388608 for /[false:28317] uid/euid:0/0 gid/egid:0/0,
parent /bin/bash[bash:20034] uid/euid:0/0 gid/egid:0/0
166MHz with 128MB:
to 1.) same problem that was reported:
real 2m56.802s
user 0m42.195s
sys 2m14.108s
to 2.) not tested.
I think i can say that this is a performance problem.
The new process came faster as the PID declare as free.
-Markus Nass.
--
Bill Gates said: "It requires Windows XP or better", so I installed Linux.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050822/0072123f/attachment.pgp
More information about the grsecurity
mailing list