grsec: NFS & squid

Sun, 04 Sep 2005 20:13:41 -0700 

When bootscripts start NFSd, I get the following in the logs:

[code]
Sep  5 04:47:14 nightbox bootlog:  Starting NFS mountd...[  OK  ]
Sep 5 04:47:14 nightbox kernel: grsec: denied resource overstep by requesting 100999168 for RLIMIT_STACK against limit 8388608 for /[rpc.nfsd:2697] uid/euid:0/0 gid/egid:0/0, parent /etc/rc.d/init.d/nfs-server[S24nfs-server:25113] uid/euid 
:0/0 gid/egid:0/0
Sep 5 04:47:14 nightbox kernel: grsec: denied resource overstep by requesting 100999168 for RLIMIT_STACK against limit 8388608 for /[rpc.nfsd:2697] uid/euid:0/0 gid/egid:0/0, parent /etc/rc.d/init.d/nfs-server[S24nfs-server:25113] uid/euid 
:0/0 gid/egid:0/0
Sep  5 04:47:14 nightbox bootlog:  Starting NFS nfsd...[  OK  ]
[/code]
As for squid, grsec seems to be very keen on killing it whenever it's given a chance: 

[code]
Sep  5 04:47:31 nightbox bootlog:  Starting Squid...[  OK  ]
Sep 5 04:47:31 nightbox kernel: grsec: signal 6 sent to /usr/sbin/squid[squid:6405] uid/euid:23/23 gid/egid:23/23, parent /usr/sbin/squid[squid:9868] uid/euid:0/0 gid/egid:0/0 Sep 5 04:47:31 nightbox squid[9868]: Squid Parent: child process 6405 exited due to signal 6 (note: this repeats several times until squid runs outta life for good) 
[/code]
I suspect both errors might be thanks to pkg-user: when I run both programs when logged in as root, grsec does not complain. Here I need to mention that both rpc.nfsd and /usr/sbin/squid are chown root, chmod u+s just to eliminate one possible source of errors for the time being; still running them as normal users gives the same thing. Are bootscripts executed as root or pkg-usr "bootscripts"?
There's yet another issue: stopping nfsd always fails after a minute; but that is most probably because it didn't start properly in the firtst place.
Sorry for bothering you yet one *more* time; I tried google, man and syslog, yet all in vain. Thanks for all hints in advance! 

--
David Ciecierski

Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs
--
http://linuxfromscratch.org/mailman/listinfo/hlfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

Reply via email to