grsecurity forums


https://forums.grsecurity.net./

Resource overstep... but why?

https://forums.grsecurity.net./viewtopic.php?f=3&t=687

Page 1 of 1

Resource overstep... but why?

PostPosted: Thu Feb 05, 2004 3:19 pm
by xtian
Howdy Sirs,

I am using 1.9.13 with a 2.4.24 kernel, and ACLs are turned off.

I get the following error messages in syslog, which coincide with my ICQ client (centericq) seg-faulting.

kernel: grsec: From xx.xx.xx.xx: signal 11 sent to (centericq:25931) UID(1000) EUID(1000), parent (tcsh:19473) UID(1000) EUID(1000)
kernel: grsec: From xx.xx.xx.xx: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (centericq:25931) UID(1000) EUID(1000), parent (tcsh:19473) UID(1000) EUID(1000)

The removed IP xx.xx is of a remote host. Does this error message suggest that the remote host caused centericq to attempt a resource overstep? Does that mean this is an attack? Or, am running into a problem in that some software is simply having problems with my kernel compile-time grsec options? If so, can I fix this with an ACL?

Sorry if this is a dumb question, I just don't know how to read this and I'm new to using grsec, or anything like it.

Tnx for your feedback.

-X

Re: Resource overstep... but why?

PostPosted: Thu Feb 05, 2004 7:20 pm
by PaX Team
xtian wrote: kernel: grsec: From xx.xx.xx.xx: signal 11 sent to (centericq:25931) UID(1000) EUID(1000), parent (tcsh:19473) UID(1000) EUID(1000)
kernel: grsec: From xx.xx.xx.xx: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (centericq:25931) UID(1000) EUID(1000), parent (tcsh:19473) UID(1000) EUID(1000)

The removed IP xx.xx is of a remote host. Does this error message suggest that the remote host caused centericq to attempt a resource overstep? Does that mean this is an attack? Or, am running into a problem in that some software is simply having problems with my kernel compile-time grsec options? If so, can I fix this with an ACL?
it's hard to tell without some more info. e.g., did you enable any PaX options? if so, are there any messages from PaX in your logs (grep for PAX)?

Re: Resource overstep... but why?

PostPosted: Sat Feb 07, 2004 3:04 pm
by xtian
PaX Team wrote:it's hard to tell without some more info. e.g., did you enable any PaX options? if so, are there any messages from PaX in your logs (grep for PAX)?


Hi,

I used chpax -s -E on /usr/bin/centericq, which seems to have eliminated this error. I read in another post that someone was having problems in Debian with locales all of a sudden after they got the latest updates, and notice I also had those locales problems. I think this is the same issue.

Something changed in programs such as locales and centericq evidently, such that they occasionally or never run properly at all. This is under Debian Testing.

For locales, the previous (working) package was 2.3.2.ds1-10, and the current (non-working, until you run chpax on it) version is 2.3.2.ds1-11.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/