I have been fiddling with this for a while now, I am pretty sure grsec is the one making my life harder...
I have been trying a few different webmail scripts, all in PHP. I am running Gentoo Linux 1.4, Apache 1.3.27, PHP 4.3.1, Qmail, bancimap etc. etc., and grsec version says it's "20030516" (I emerged "grsecurity-base-policy" with the Gentoo system).
These are the grsec settings I have compiled into the Kernel:
- Code: Select all
ACL options --->
[ ] ACL Debugging Messages
(3) Maximum tries before password lockout
(30) Time to wait after max password tries, in seconds
Filesystem Protections --->
[*] Proc restrictions
[ ] Restrict to user only
[ ] Allow special group
[*] Linking restrictions
[ ] FIFO restrictions
[*] Chroot jail restrictions
[*] Deny mounts
[*] Deny double-chroots
[*] Deny pivot_root in chroot
[*] Enforce chdir("/") on all chroots
[*] Deny fchdir outside of chroot
[*] Deny (f)chmod +s
[*] Deny mknod
[*] Protect outside processes
[*] Restrict priority changes
[ ] Capability restrictions within chroot
Kernel Auditing --->
[ ] Single group for auditing
[ ] Exec logging
[*] Log execs within chroot
[ ] Chdir logging
[*] (Un)Mount logging
[ ] IPC logging
[*] Signal logging
[*] Fork failure logging
[*] Time change logging
Executable Protections --->
[ ] Exec process limiting
[*] Dmesg(8) restriction
[*] Randomized PIDs
[ ] Trusted path execution
Network Protections --->
[*] Randomized IP IDs
[*] Randomized TCP source ports
[ ] Randomized RPC XIDs
[*] Altered Ping IDs
[ ] Socket restrictions
Miscellaneous Features --->
(10) Seconds in between log messages (minimum)
(4) Number of messages in a burst (maximum)
The error I find in my "everything" logfile is:
- Code: Select all
[kernel] grsec: signal 11 sent to (httpd:803) UID(65534) EUID(65534), parent (httpd:29604) UID(0) EUID(0)
I have another server at home which is almost exactly the same as the one I am having problems with, except that the one at home does not have grsec installed at all. So when I run the same webmail interface at home, it works fine, I am actually connecting to the "production server" with this interface from home, and get no errors, which means the mail programs don't seem to be the problem. I can read mail via pop and imap online, however, once I install the exact same interface on the production server, it dies right after I try to login, and spits out the error above.
Any help would be appreciated...