grsecurity forums

hi
We have a number of download servers which normally runs about 130-1700 apache processes. Since 2.6.27-hardened-r2 (gentoo) pax is limiting apache to 130 processes.
--8<--
[Fri Jan 30 14:41:21 2009] [notice] child pid 11192 exit signal Segmentation fault (11)
[Fri Jan 30 14:41:21 2009] [notice] child pid 11193 exit signal Segmentation fault (11)
[Fri Jan 30 14:41:21 2009] [notice] child pid 11194 exit signal Segmentation fault (11)
[Fri Jan 30 14:41:21 2009] [notice] child pid 11195 exit signal Segmentation fault (11)
[Fri Jan 30 14:41:21 2009] [notice] child pid 11196 exit signal Segmentation fault (11)
[Fri Jan 30 14:41:21 2009] [notice] child pid 11197 exit signal Segmentation fault (11)
[Fri Jan 30 14:41:21 2009] [notice] child pid 11198 exit signal Segmentation fault (11)
--8<--

We are currently running 2.6.27-hardened-r1 and 2.6.26-hardened-r9 which seem stable and don't have this problem.
We tried a vanilla 2.6.28.2 with pax-linux-2.6.28.2-test11 but the problem is still there.

i looks like this is just related to apache. i was able to create about 300 processes on a 2.6.27-hardened-r2 with some bash magic.

brainatwork wrote:We are currently running 2.6.27-hardened-r1 and 2.6.26-hardened-r9 which seem stable and don't have this problem.
We tried a vanilla 2.6.28.2 with pax-linux-2.6.28.2-test11 but the problem is still there.

i looks like this is just related to apache. i was able to create about 300 processes on a 2.6.27-hardened-r2 with some bash magic.

can you try the latest PaX test patches? i think all these segfaults are related to the stack expansion change i made and should be fixed now.