grsecurity forums

[nyx]

I found those messages in logs:

grsec: attempted resource overstep by requesting 8392704 for RLIMIT_STACK against limit 8388608 by (httpd:20544) UID(999) EUID(999), parent (httpd:7002) UID(0) EUID(0)
grsec: possible exploit bruteforcing on (httpd:20544) UID(999) EUID(999), parent (httpd:7002) UID(0) EUID(0) Banning execution of [08:07:8407960] for 600 seconds

where exactly should I look to correct this? (I set bigger value via ulimit -s now)

[spender]

You should first look into finding out why apache is crashing. Check your error logs.

-Brad

[nyx]

error logs are ok - no error messages there

I checked apache error logs and /var/log/*

the only things is error about maxclients reached in apache error_log - but that should be ok - it's meant to be configured that way...

[erich]

grsecurity has some bug there...
i'm running wolk, which includes grsecurity 1.99e.
I get the following message during system startup:

kernel: grsec: attempted resource overstep by requesting 49430528 for RLIMIT_STACK against limit 8388608 by (pidof:1154) UID(0) EUID(0), parent (init:1) UID(0) EUID(0)

Now that certainly isn't pidof or init's fault, is it?

[spender]

It's definitely not init's fault. It must be a bug in pidof. grsecurity isn't causing the sigsegv, it's just reporting it.

-Brad

[erich]

Or the reporting is broken?
pidof won't mess with the stack rlimit, will it?

[spender]

sure it could. It could have had a bug that caused it to try to modify some location outside of the stack, or it could have gone into an infinite loop causing a stack overflow. The reporting is correct. If you weren't using grsecurity, you most likely would never have known.

-Brad