On 29 Sep 2008 at 18:21, Alex Efros wrote:

> Is my question too complex and nobody know the answer (or even guesses),
> or it's too stupid and everybody wait until I try google (I've tried it
> already, without success)?

maybe it's because of what you said:

> I've no idea why grsec complain in logs about it.

at this point it's clear that you didn't quite read the description of
GRKERNSEC_RESLOG which is what you've apparently enabled. in short, grsec
is doing what you asked it to do: log various resource overstep events.

why those events occured is another question and each case needs its own
investigation. for example overstepping the default 8MB stack limit by
180MB sounds like a memory corruption problem or something trying to pass
an inordinate amount of data on the stack (say, in the environment).
whether that was because of e.g., a bug in a script on your server or an
exploit attempt is hard to tell after the fact. also the AS limit overstep
is a known issue, qmail tries to be smart and fails to estimate its own
memory needs.


Reply via email to