hardened-sources-3.3.0 vs dovecot
I've recently tried hardened-sources-3.3.0
(grsecurity-2.9-3.3.0-201203251922) and dovecot stopped working properly. All other deamons seem to tolerate eachother with 3.3.0-grsec, except for dovecot. Here are the error messages I see in mail.log: Apr 4 21:55:55 replaced dovecot: imap: Error: dovecot/imap: error while loading shared libraries: libpthread.so.0: failed to map segment from shared object: Cannot allocate memory Apr 4 21:55:55 replaced dovecot: master: Error: service(imap): command startup failed, throttling for 2 secs Apr 4 21:55:55 replaced dovecot: imap: Fatal: master: service(imap): child 6275 returned error 127 Apr 4 21:55:55 replaced dovecot: imap-login: Error: read(imap) failed: Connection reset by peer Apr 4 21:55:55 replaced dovecot: imap-login: Internal login failure (pid=6272 id=1) (internal failure, 1 succesful auths): user=<replaced>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Apr 4 21:56:13 replaced dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs Apr 4 21:56:13 replaced dovecot: imap-login: Fatal: master: service(imap-login): child 6309 killed with signal 9 restarting the daemon Apr 4 21:59:43 replaced dovecot: master: Warning: Killed with signal 15 (by pid=6390 uid=0 code=kill) Apr 4 21:59:53 replaced dovecot: master: Dovecot v2.1.3 starting up (core dumps disabled) daemon restarted Apr 4 22:00:43 replaced dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs Apr 4 22:00:43 replaced dovecot: imap-login: Fatal: master: service(imap-login): child 6450 killed with signal 9 Apr 4 22:05:12 replaced dovecot: imap-login: Login: user=<replaced>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=6484, secured Apr 4 22:05:12 replaced dovecot: imap(replaced): Disconnected: Logged out in=44 out=721 Apr 4 22:05:13 replaced dovecot: imap-login: Error: dovecot/imap-login: error while loading shared libraries: libcrypto.so.1.0.0: failed to map segment from shared object: Cannot allocate memory Apr 4 22:05:13 replaced dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs Apr 4 22:05:13 replaced dovecot: imap-login: Fatal: master: service(imap-login): child 6486 returned error 127 Apr 4 22:05:15 replaced dovecot: imap-login: Login: user=<replaced>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=6488, secured Apr 4 22:05:17 replaced dovecot: imap(replaced): Disconnected: Logged out in=43541 out=178193 I only see some RLIMIT_AS lines in grsec.log, no other relevant messages: Apr 4 22:00:43 replaced kernel: grsec: From 10.97.100.79: (root:U:/usr/libexec/dovecot/imap-login) denied resource overstep by requesting 63205376 for RLIMIT_AS against limit 16777216 for /usr/libexec/dovecot/imap-login[imap-login:6450] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/dovecot[dovecot:6409] uid/euid:0/0 gid/egid:0/0 Apr 4 22:05:13 replaced kernel: grsec: (root:U:/usr/libexec/dovecot/imap-login) denied resource overstep by requesting 17612800 for RLIMIT_AS against limit 16777216 for /usr/libexec/dovecot/imap-login[imap-login:6486] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/dovecot[dovecot:6409] uid/euid:0/0 gid/egid:0/0 The symptom is that I cannot log on to squirrelmail. I could get in eventually, but most of the time it fails. The symptoms are present with or without activated RBAC. There were no RLIMIT_AS grsec messages or failed shared library loads using hardened-sources-3.2.9 (grsecurity-2.9-3.2.9-201203022148) or hardened-sources-3.2.9-r1 (grsecurity-2.9-3.2.9-201203062051). Should I open a bug report? -- dr Tóth Attila, Radiológus, 06-20-825-8057 Attila Toth MD, Radiologist, +36-20-825-8057 |
| All times are GMT. The time now is 07:42 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.