[grsec] Problem with grsec and awstats
Erno Rigo
mcree at tricon.hu
Mon May 30 12:23:31 EDT 2005
On Monday 30 May 2005 00:31, pageexec at freemail.hu wrote:
Hello!
> > dmesg write:
> > grsec: signal 11 sent to /usr/lib/cgi-bin/awstats.pl[awstats.pl:21101]
> > uid/euid: 33/33 gid/egid:33/33, parent
> > /usr/local/bin/awstats-update-script[awstats-update-:15371]
> > uid/euid:33/33 gid/egid:33/33
> >
> > Any idea what could be the problem or any way how to debug it ?
The same happens to me both in the newest 2.4 and 2.6 release. The problem
seems to be unrelated to PaX, but depends on a grsecurity feature. I'm still
testing the problem by enabling and disabling features via sysctl, but it's
quite hard as the segfault seems to occur randomly once or twice a day on my
system with ~20 awstats processes running every five minutes (each process
ran sequentially). The problem disappears with all grsec features turned off
(except the signal audit function of course).
I had the same - reproducible - segfault with proftpd at high ftp reconect
rates but it went away by replacing proftpd with pure-ftpd... 8)
The java 1.5 virtual machine also segfaults on my system, but those processes
that receive signal 11 are parented to init so it seems to be a 'feature' of
the java vm.
> if it's reproducible then you should enable coredumping and
> look at one, without that it's next to impossible to tell what
> goes wrong.
I dubt core dumps alone would do the trick. The sigsegv seems to occur at
random inside the perl interpreter binary at different stages of the awstats
script, also with different awstats configurations.
--
Ernő Rigó [McRee] - ICQ#63266198 - Tel#+36-20-5209965
--
Want a thing long enough, and you don't. - Chinese Proverb
More information about the grsecurity
mailing list