[gentoo-hardened] Problem with logrotate with a hardened/grsec system

[Guillaume Castagnino]

Hi,

Logrotate has a very strange behavior on my grsec box :
after reading the config files, there is a big lockup, logrotate does not 
start rotating the logs, and use 100% CPU. Here is the verbose output :

=====================8<=====================
# logrotate /etc/logrotate.conf  -v
reading config file /etc/logrotate.conf
including /etc/logrotate.d
reading config file acpid
reading config info for /var/log/acpid
reading config file apache2
reading config info for /var/log/apache2/*log
reading config file fail2ban
reading config info for /var/log/fail2ban.log
reading config file samba
reading config info for /var/log/samba/log
reading config file syslog-ng
reading config info 
for /var/log/syslog /var/log/auth.log /var/log/mail.err /var/log/cron.log
/var/log/mail.log /var/log/messages /var/log/user.log /var/log/daemon.log
/var/log/kern.log /var/log/imapd.log /var/log/grsec.log /var/log/iptables.log
/var/log/rsync.log
reading config info for /var/log/wtmp
<HERE IS THE LOCKUP>
=====================>8=====================

The same logrotate config works well on my desktop (non hardened) box.
Strace output of logrotate execution sounds quite strange to me. Seems 
logrotate loops for half an hour with this message :

=====================8<=====================
mremap(0x4ae6d000, 557056, 557056, MREMAP_MAYMOVE) = 0x4ae6d000
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1082, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1082, ...}) = 0
mremap(0x4ae6d000, 557056, 557056, MREMAP_MAYMOVE) = 0x4ae6d000
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1082, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1082, ...}) = 0
mremap(0x4ae6d000, 557056, 557056, MREMAP_MAYMOVE) = 0x4ae6d000
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1082, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1082, ...}) = 0
mremap(0x4ae6d000, 557056, 557056, MREMAP_MAYMOVE) = 0x4ae6d000
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1082, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1082, ...}) = 0
mremap(0x4ae6d000, 557056, 557056, MREMAP_MAYMOVE) = 0x4ae6d000
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1082, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1082, ...}) = 0
mremap(0x4ae6d000, 557056, 557056, MREMAP_MAYMOVE) = 0x4ae6d000
=====================>8=====================

Do you have any idea of what could cause this strange behavior ?

Some config infos :
- using a vanilla 2.6.14.6 with grsec patch 2.1.8
- rbac is disabled for those tests
- logrotate is 3.7.1-r2
- hardened profile hardened/x86/2.6 full ~x86
- CFLAGS : -march=pentium4 -O2 -mtune=pentium4 -fomit-frame-pointer -pipe

Regards,
-- 
Guillaume Castagnino
    [EMAIL PROTECTED] / [EMAIL PROTECTED]
GnuPG/PGP key : 
http://wwwkeys.pgp.net:11371/pks/lookup?op=vindex&search=0x8AF468AF 
Fingerprint : CD52 FE40 9592 BA1E E89D 5FB6 820E 4742 8AF4 68AF

pgpCeJvnOWUGD.pgp
Description: PGP signature