grsecurity forums

Hi guys.

I just put 2.4.20 on my Slack 8.1 box with the Dec 1 grsec-rc1.

Everything seems to be working find, but when I recompile glibc-2.2.5 (with linuxthreads) I get:

attempted resource overstep by requesting 331776 for RLIMIT_STACK against limit 258048 by (make:941)
attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (make:941)
segmentation fault.

My make is version 2.95.3.

I can compile other stuff... why would make try to do this?
I suppose I can use chpax to exclude make, but I'm trying to understand whats going on here, and I'm stumped.

Duh. My make is version 3.79.1... gcc is version 2.95.3, but that doesn't matter, as it's not running.

amadei wrote:I can compile other stuff... why would make try to do this?
I suppose I can use chpax to exclude make, but I'm trying to understand whats going on here, and I'm stumped.

it's not a PaX problem hence chpax won't help you, instead you should take a look at your ACLs and/or resource limits set for make, they apparently have something not large enough for the stack (my guess is that you used the learning mode at some point and it determined a limit too low for make).

Weird. I just looked over the whole machine, while I do have the ACL feature enabled in the kernel, I never set up any ACLs on the system... or even installed gradm.

I just tried to now, but it doesn't want to write to /proc/sys/kernel/grsecurity/acl... something about fed garbage 200bytes where 1175 needed.

If it's not ACLs, where are the resource limits defined?
I saw resource.h and limits.h... and they look normal.

amadei wrote:I just tried to now, but it doesn't want to write to /proc/sys/kernel/grsecurity/acl... something about fed garbage 200bytes where 1175 needed.

maybe you used the wrong version of gradm?

If it's not ACLs, where are the resource limits defined?

i don't know the slackware file system layout, but normally they should be in /etc/limits and /etc/security/limits.conf.

i think it's normal, and you'll probably get it on a non-grsec kernel, you just don't know it. I just compiled glibc the other day, and even un-chpax'd the ld-linux.so.2 that was segfaulting, and it still segfaulted. I was able to compile glibc successfully, though.

-Brad

I used gradm-1.6 on the download page, just below the grsec-1.9.8-rc1 patch.

Slackware doesn't seem to have a set location for limits... at least I looked in the obvious places.

I just so happened to notice a new make was out, so I recompiled and installed it... worked fine. Compile died with another resource limit in cc1... so I recompiled gcc 2.95.3 and it was happy as well.

At least now I can once again compile glibc and clean up my system. Things are looking up.

Thanks for the insights. And many thanks for the cool GRSecurity patch. I don't think this would have been as easy to fix without it's help.