Resource overstep... but why?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Resource overstep... but why?

Postby xtian » Thu Feb 05, 2004 3:19 pm

Howdy Sirs,

I am using 1.9.13 with a 2.4.24 kernel, and ACLs are turned off.

I get the following error messages in syslog, which coincide with my ICQ client (centericq) seg-faulting.

kernel: grsec: From xx.xx.xx.xx: signal 11 sent to (centericq:25931) UID(1000) EUID(1000), parent (tcsh:19473) UID(1000) EUID(1000)
kernel: grsec: From xx.xx.xx.xx: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (centericq:25931) UID(1000) EUID(1000), parent (tcsh:19473) UID(1000) EUID(1000)

The removed IP xx.xx is of a remote host. Does this error message suggest that the remote host caused centericq to attempt a resource overstep? Does that mean this is an attack? Or, am running into a problem in that some software is simply having problems with my kernel compile-time grsec options? If so, can I fix this with an ACL?

Sorry if this is a dumb question, I just don't know how to read this and I'm new to using grsec, or anything like it.

Tnx for your feedback.

-X
xtian
 
Posts: 3
Joined: Tue Jan 20, 2004 4:47 am

Re: Resource overstep... but why?

Postby PaX Team » Thu Feb 05, 2004 7:20 pm

xtian wrote: kernel: grsec: From xx.xx.xx.xx: signal 11 sent to (centericq:25931) UID(1000) EUID(1000), parent (tcsh:19473) UID(1000) EUID(1000)
kernel: grsec: From xx.xx.xx.xx: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (centericq:25931) UID(1000) EUID(1000), parent (tcsh:19473) UID(1000) EUID(1000)

The removed IP xx.xx is of a remote host. Does this error message suggest that the remote host caused centericq to attempt a resource overstep? Does that mean this is an attack? Or, am running into a problem in that some software is simply having problems with my kernel compile-time grsec options? If so, can I fix this with an ACL?
it's hard to tell without some more info. e.g., did you enable any PaX options? if so, are there any messages from PaX in your logs (grep for PAX)?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Resource overstep... but why?

Postby xtian » Sat Feb 07, 2004 3:04 pm

PaX Team wrote:it's hard to tell without some more info. e.g., did you enable any PaX options? if so, are there any messages from PaX in your logs (grep for PAX)?


Hi,

I used chpax -s -E on /usr/bin/centericq, which seems to have eliminated this error. I read in another post that someone was having problems in Debian with locales all of a sudden after they got the latest updates, and notice I also had those locales problems. I think this is the same issue.

Something changed in programs such as locales and centericq evidently, such that they occasionally or never run properly at all. This is under Debian Testing.

For locales, the previous (working) package was 2.3.2.ds1-10, and the current (non-working, until you run chpax on it) version is 2.3.2.ds1-11.
xtian
 
Posts: 3
Joined: Tue Jan 20, 2004 4:47 am


Return to grsecurity support

cron