Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo Hardened (http://www.linux-archive.org/gentoo-hardened/)
-   -   hardened-sources-3.3.0 vs dovecot (http://www.linux-archive.org/gentoo-hardened/652745-hardened-sources-3-3-0-vs-dovecot.html)

"Tóth Attila" 04-04-2012 09:00 PM

hardened-sources-3.3.0 vs dovecot
 
I've recently tried hardened-sources-3.3.0
(grsecurity-2.9-3.3.0-201203251922) and dovecot stopped working properly.
All other deamons seem to tolerate eachother with 3.3.0-grsec, except for
dovecot.

Here are the error messages I see in mail.log:
Apr 4 21:55:55 replaced dovecot: imap: Error: dovecot/imap: error while
loading shared libraries: libpthread.so.0: failed to map segment from
shared object: Cannot allocate memory
Apr 4 21:55:55 replaced dovecot: master: Error: service(imap): command
startup failed, throttling for 2 secs
Apr 4 21:55:55 replaced dovecot: imap: Fatal: master: service(imap):
child 6275 returned error 127
Apr 4 21:55:55 replaced dovecot: imap-login: Error: read(imap) failed:
Connection reset by peer
Apr 4 21:55:55 replaced dovecot: imap-login: Internal login failure
(pid=6272 id=1) (internal failure, 1 succesful auths): user=<replaced>,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Apr 4 21:56:13 replaced dovecot: master: Error: service(imap-login):
command startup failed, throttling for 2 secs
Apr 4 21:56:13 replaced dovecot: imap-login: Fatal: master:
service(imap-login): child 6309 killed with signal 9

restarting the daemon
Apr 4 21:59:43 replaced dovecot: master: Warning: Killed with signal 15
(by pid=6390 uid=0 code=kill)
Apr 4 21:59:53 replaced dovecot: master: Dovecot v2.1.3 starting up (core
dumps disabled)
daemon restarted

Apr 4 22:00:43 replaced dovecot: master: Error: service(imap-login):
command startup failed, throttling for 2 secs
Apr 4 22:00:43 replaced dovecot: imap-login: Fatal: master:
service(imap-login): child 6450 killed with signal 9
Apr 4 22:05:12 replaced dovecot: imap-login: Login: user=<replaced>,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=6484, secured
Apr 4 22:05:12 replaced dovecot: imap(replaced): Disconnected: Logged out
in=44 out=721
Apr 4 22:05:13 replaced dovecot: imap-login: Error: dovecot/imap-login:
error while loading shared libraries: libcrypto.so.1.0.0: failed to map
segment from shared object: Cannot allocate memory
Apr 4 22:05:13 replaced dovecot: master: Error: service(imap-login):
command startup failed, throttling for 2 secs
Apr 4 22:05:13 replaced dovecot: imap-login: Fatal: master:
service(imap-login): child 6486 returned error 127
Apr 4 22:05:15 replaced dovecot: imap-login: Login: user=<replaced>,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=6488, secured
Apr 4 22:05:17 replaced dovecot: imap(replaced): Disconnected: Logged out
in=43541 out=178193

I only see some RLIMIT_AS lines in grsec.log, no other relevant messages:
Apr 4 22:00:43 replaced kernel: grsec: From 10.97.100.79:
(root:U:/usr/libexec/dovecot/imap-login) denied resource overstep by
requesting 63205376 for RLIMIT_AS against limit 16777216 for
/usr/libexec/dovecot/imap-login[imap-login:6450] uid/euid:0/0
gid/egid:0/0, parent /usr/sbin/dovecot[dovecot:6409] uid/euid:0/0
gid/egid:0/0
Apr 4 22:05:13 replaced kernel: grsec:
(root:U:/usr/libexec/dovecot/imap-login) denied resource overstep by
requesting 17612800 for RLIMIT_AS against limit 16777216 for
/usr/libexec/dovecot/imap-login[imap-login:6486] uid/euid:0/0
gid/egid:0/0, parent /usr/sbin/dovecot[dovecot:6409] uid/euid:0/0
gid/egid:0/0

The symptom is that I cannot log on to squirrelmail. I could get in
eventually, but most of the time it fails. The symptoms are present with
or without activated RBAC.

There were no RLIMIT_AS grsec messages or failed shared library loads
using hardened-sources-3.2.9 (grsecurity-2.9-3.2.9-201203022148) or
hardened-sources-3.2.9-r1 (grsecurity-2.9-3.2.9-201203062051).

Should I open a bug report?
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057


All times are GMT. The time now is 09:35 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.