On 29 Sep 2008 at 19:57, Alex Efros wrote: > Didn't you think it's good idea to trace this issue? It may be a bug in > grsec... anyway, usual hardened system shouldn't produce such a warnings > in logs just because somebody call exec() from perl script or use qmail.
sorry, i was busy with everything, didn't have time to look into this. now that i did, i don't quite get what happens here. thing is, if RLIMIT_STACK is overstepped, the given process should get a segfault on all execution paths that i checked yet it clearly hasn't happened according to the strace. so that leaves one option open, some bug/misreporting by grsec (or maybe PaX?) but then looking at the code, i don't see how that would happen either... can you tell me which kernel this happened on (or more precisely, which grsec version it was) and whether you can still reproduce it with the latest grsec (or PaX) test patch?
