ccing grsecurity developers and mandrake development list... On Tue, Oct 21, 2003 at 08:13:18PM -0400, Wietse Venema wrote:
Luca Berra:On Tue, Oct 21, 2003 at 02:14:36PM -0700, Thor Skaalheim wrote: >The other day, I went over to the console on my Mandrake 9.1 box (running >Postfix 2.0.16) and saw two messages on the console like this: > > grsec: From 200.67.148.160: attempted resource overstep by > requesting 10240000 for RLIMIT_FSIZE against limit 10240000 > by (cleanup:30064) UID(73) EUID(73), parent (master: 870) > UID(0) EUID(0)
the message is due to you running mandrake with kernel-secure which has (CONFIG_GRKERNSEC_RESLOG) enabled the message is harmless, but it is really annoying.
But the requested file size limit matches the system limit. This warning is unnecessary.
the warning is just about as necessary as the setrlimit() :)) joking, i know that just calling setrlimit() and optionally check return code is OK. yes i think grsec is ar fault there in gr_log_resource() we have
if (unlikely(wanted >= task->rlim[res].rlim_cur &&
task->rlim[res].rlim_cur != RLIM_INFINITY))
security_alert(GR_RESOURCE_MSG, ........using >= is IMHO wrong.
i don't claim to be proficient with the code in postfix, but since
master calls
set_file_limit(INT_MAX)
and the kernel message states "against limit 10240000"
does this mean that cleanup_post_jail() containing:
if (var_message_limit > 0)
set_file_limit((off_t) var_message_limit);is called multiple times during the cleanup process lifespan?
is it avoidable?
in postdrop we have:
if (var_message_limit > 0 && get_file_limit() > var_message_limit)
set_file_limit((off_t) var_message_limit);can we put the same in cleanup?
Regards, L.
-- Luca Berra -- [EMAIL PROTECTED] Communication Media & Services S.r.l. /"\ \ / ASCII RIBBON CAMPAIGN X AGAINST HTML MAIL / \
