Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Gentoo: Hardened

hardened-sources-3.3.0 vs dovecot

 

 

Gentoo hardened RSS feed   Index | Next | Previous | View Threaded


atoth at atoth

Apr 4, 2012, 2:00 PM

Post #1 of 1 (219 views)
Permalink
hardened-sources-3.3.0 vs dovecot

I've recently tried hardened-sources-3.3.0
(grsecurity-2.9-3.3.0-201203251922) and dovecot stopped working properly.
All other deamons seem to tolerate eachother with 3.3.0-grsec, except for
dovecot.

Here are the error messages I see in mail.log:
Apr 4 21:55:55 replaced dovecot: imap: Error: dovecot/imap: error while
loading shared libraries: libpthread.so.0: failed to map segment from
shared object: Cannot allocate memory
Apr 4 21:55:55 replaced dovecot: master: Error: service(imap): command
startup failed, throttling for 2 secs
Apr 4 21:55:55 replaced dovecot: imap: Fatal: master: service(imap):
child 6275 returned error 127
Apr 4 21:55:55 replaced dovecot: imap-login: Error: read(imap) failed:
Connection reset by peer
Apr 4 21:55:55 replaced dovecot: imap-login: Internal login failure
(pid=6272 id=1) (internal failure, 1 succesful auths): user=<replaced>,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Apr 4 21:56:13 replaced dovecot: master: Error: service(imap-login):
command startup failed, throttling for 2 secs
Apr 4 21:56:13 replaced dovecot: imap-login: Fatal: master:
service(imap-login): child 6309 killed with signal 9

restarting the daemon
Apr 4 21:59:43 replaced dovecot: master: Warning: Killed with signal 15
(by pid=6390 uid=0 code=kill)
Apr 4 21:59:53 replaced dovecot: master: Dovecot v2.1.3 starting up (core
dumps disabled)
daemon restarted

Apr 4 22:00:43 replaced dovecot: master: Error: service(imap-login):
command startup failed, throttling for 2 secs
Apr 4 22:00:43 replaced dovecot: imap-login: Fatal: master:
service(imap-login): child 6450 killed with signal 9
Apr 4 22:05:12 replaced dovecot: imap-login: Login: user=<replaced>,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=6484, secured
Apr 4 22:05:12 replaced dovecot: imap(replaced): Disconnected: Logged out
in=44 out=721
Apr 4 22:05:13 replaced dovecot: imap-login: Error: dovecot/imap-login:
error while loading shared libraries: libcrypto.so.1.0.0: failed to map
segment from shared object: Cannot allocate memory
Apr 4 22:05:13 replaced dovecot: master: Error: service(imap-login):
command startup failed, throttling for 2 secs
Apr 4 22:05:13 replaced dovecot: imap-login: Fatal: master:
service(imap-login): child 6486 returned error 127
Apr 4 22:05:15 replaced dovecot: imap-login: Login: user=<replaced>,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=6488, secured
Apr 4 22:05:17 replaced dovecot: imap(replaced): Disconnected: Logged out
in=43541 out=178193

I only see some RLIMIT_AS lines in grsec.log, no other relevant messages:
Apr 4 22:00:43 replaced kernel: grsec: From 10.97.100.79:
(root:U:/usr/libexec/dovecot/imap-login) denied resource overstep by
requesting 63205376 for RLIMIT_AS against limit 16777216 for
/usr/libexec/dovecot/imap-login[imap-login:6450] uid/euid:0/0
gid/egid:0/0, parent /usr/sbin/dovecot[dovecot:6409] uid/euid:0/0
gid/egid:0/0
Apr 4 22:05:13 replaced kernel: grsec:
(root:U:/usr/libexec/dovecot/imap-login) denied resource overstep by
requesting 17612800 for RLIMIT_AS against limit 16777216 for
/usr/libexec/dovecot/imap-login[imap-login:6486] uid/euid:0/0
gid/egid:0/0, parent /usr/sbin/dovecot[dovecot:6409] uid/euid:0/0
gid/egid:0/0

The symptom is that I cannot log on to squirrelmail. I could get in
eventually, but most of the time it fails. The symptoms are present with
or without activated RBAC.

There were no RLIMIT_AS grsec messages or failed shared library loads
using hardened-sources-3.2.9 (grsecurity-2.9-3.2.9-201203022148) or
hardened-sources-3.2.9-r1 (grsecurity-2.9-3.2.9-201203062051).

Should I open a bug report?
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057

Gentoo hardened RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.