grsec: NFS & squid

David Ciecierski davidcie at klub.chip.pl
Sun Sep 4 20:13:13 PDT 2005


When bootscripts start NFSd, I get the following in the logs:

[code]
Sep  5 04:47:14 nightbox bootlog:  Starting NFS mountd...[  OK  ]
Sep  5 04:47:14 nightbox kernel: grsec: denied resource overstep by 
requesting 100999168 for RLIMIT_STACK against limit 8388608 for 
/[rpc.nfsd:2697] uid/euid:0/0 gid/egid:0/0, parent 
/etc/rc.d/init.d/nfs-server[S24nfs-server:25113] uid/euid
:0/0 gid/egid:0/0
Sep  5 04:47:14 nightbox kernel: grsec: denied resource overstep by 
requesting 100999168 for RLIMIT_STACK against limit 8388608 for 
/[rpc.nfsd:2697] uid/euid:0/0 gid/egid:0/0, parent 
/etc/rc.d/init.d/nfs-server[S24nfs-server:25113] uid/euid
:0/0 gid/egid:0/0
Sep  5 04:47:14 nightbox bootlog:  Starting NFS nfsd...[  OK  ]
[/code]

As for squid, grsec seems to be very keen on killing it whenever it's 
given a chance:

[code]
Sep  5 04:47:31 nightbox bootlog:  Starting Squid...[  OK  ]
Sep  5 04:47:31 nightbox kernel: grsec: signal 6 sent to 
/usr/sbin/squid[squid:6405] uid/euid:23/23 gid/egid:23/23, parent 
/usr/sbin/squid[squid:9868] uid/euid:0/0 gid/egid:0/0
Sep  5 04:47:31 nightbox squid[9868]: Squid Parent: child process 6405 
exited due to signal 6 (note: this repeats several times until squid 
runs outta life for good)
[/code]

I suspect both errors might be thanks to pkg-user: when I run both 
programs when logged in as root, grsec does not complain. Here I need to 
mention that both rpc.nfsd and /usr/sbin/squid are chown root, chmod u+s 
  just to eliminate one possible source of errors for the time being; 
still running them as normal users gives the same thing. Are bootscripts 
executed as root or pkg-usr "bootscripts"?

There's yet another issue: stopping nfsd always fails after a minute; 
but that is most probably because it didn't start properly in the firtst 
place.

Sorry for bothering you yet one *more* time; I tried google, man and 
syslog, yet all in vain. Thanks for all hints in advance!

-- 
David Ciecierski

Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs



More information about the hlfs-dev mailing list