[grsec] Problem with grsec and awstats

policy at gympos.sk policy at gympos.sk
Sat Jun 4 12:58:32 EDT 2005


On Tue, May 31, 2005 at 09:02:11AM +0200, crandler wrote:
> Hello,
> 
> Do you have resource logging enabled? If not so try to do this.
> (CONFIG_GRKERNSEC_RESLOG=y)
> 
> I think you encounter rlimit nproc restrictions or something like that.

RESLOG write this:
grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE
against limit 0 for /usr/lib/cgi-bin/awstats.pl[awstats.pl:4530]
uid/euid:33/33 gid/egid:33/33, 
parent /usr/local/bin/awstats-update-script[awstats-update-:4523]
uid/euid:33/33 gid/egid:33/33

I have no limits set to this user (PAM) and my (test) GRSEC configuration is:
#
# Grsecurity
#
CONFIG_GRKERNSEC=y
CONFIG_GRKERNSEC_CUSTOM=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_RESLOG=y
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_RANDSRC=y
CONFIG_GRKERNSEC_SYSCTL=y
CONFIG_GRKERNSEC_SYSCTL_ON=y
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4
Everything else is =n

> Perhaps try to set CONFIG_GRKERNSEC_EXECVE=n or 0 > execve_limiting
> Another cause could be CONFIG_GRKERNSEC_SHM.

Both Disabled...

> If this doesn't help try to use strace.

Here're any strace logs:
with segfault:
http://www.gympos.sk/~policy/awstats/debug-bad.txt
http://www.gympos.sk/~policy/awstats/debug-bad2.txt
http://www.gympos.sk/~policy/awstats/debug-bad3.txt

without problems:
http://www.gympos.sk/~policy/awstats/debug-ok.txt


Any idea ?
Thnx.


More information about the grsecurity mailing list