grsecurity forums

[oliver]

Hi!

I have just started using grsecurity. I have a server configured to run a mail scanner that also uses mcafee virus scan (uvscan) to check for virii. Now, I have not yet started configuring anything related to ACLs at all (I had some tries and it broke a lot of stuff at first, so I currently disabled it). Most of grsecurity's stuff is compiled in, but I have activated sysctl support and nothing is on at the moment. I'm using the patch for 2.4.20.

The problem is that every now and then (yes, it's working most of the time), the uvscan process generates log lines like this:

kernel: grsec: From 127.0.0.1: attempted resource overstep by requesting 9412608 for RLIMIT_AS against limit 8388608 by (uvscan:15814) UID(64014) EUID(64014), parent (perl5.6.1:15808) UID(64014) EUID(64014)

It's certainly me, but I can't figure out where these messages come from. Why is there any AS limit enforced when ACLs are disabled? I have seen messages from PAX on other systems for XFree86 and they looked different, so that's not it either, is it? What can I do? Is there a way to enlarge the AS limit for uvscan without configuring the complete ACL system (for now)? Or isn't this related to ACLs at all?

Thanks for any hints!!

Oliver

[spender]

It's not related to the ACL system. Either you already have limits set up for your system (via ulimit), or the process is setting its own limits. Most likely it's the latter.

-Brad

[oliver]

Hey, thanks for that! I actually found the limit now I know I had to look for one :-) Two things hadn't been that clear to me:

- that limits propagate down to child processes (although certainly obvious)
- that my previous kernel without grsecurity never told me about these limit problems, although I'm sure they were already there.

Oliver