grsecurity forums

[dirls028]

I get this message on my server:
PAX: From 10.7.xx.xx: execution attempt in: <NULL>, 00000000-00000000 00000000
PAX: terminating task: /usr/local/sbin/vsftpd(vsftpd):7435, uid/euid: 0/0, PC: 00000e56, SP: 5a01daac
PAX: bytes at PC: <invalid address>.
PAX: bytes at SP: 279b99b7 ffffffff 279bb0eb 279b7504 279bc67c 279bc67c 00000010 5a01daf8 279b9e17 279bb0eb 5a01dba0 080694c4 279b9da6 5a01dba8 00000000 00000008 5a01dba0 00000004 080694c4 5a01dbd8
grsec: From 10.7.xx.xx: (default:D:/soft/chftp/usr/local/sbin/vsftpd) denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /soft/chftp/usr/local/sbin/vsftpd[vsftpd:7435] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

who can tell me what the meaning?somebody attempt to hack me or vsftpd offended the PAX? and what shuld i do? Thanks!!

[PaX Team]

who can tell me what the meaning?somebody attempt to hack me or vsftpd offended the PAX? and what shuld i do? Thanks!!

this means that PaX detected a code execution attempt in a non-executable memory region, in your case that region wasn't even a valid mapping (hence the 'invalid address' message). since the wrong PC is close to 0, i take it that vsftpd dereferenced a NULL function ptr somewhere (i think it's more likely a bug in vsftpd or your system setup than a deliberate exploit attempt). you can find out more if you enable coredumping (set the core resource limit to unlimited) and analyze the coredump in gdb (if you can reproduce the problem at all, that is).