michael at orlitzky
Aug 1, 2012, 6:56 AM
Post #5 of 7
On 08/01/12 09:08, PaX Team wrote:
Re: pthread_create problems on hardened x86
[In reply to]
> On 1 Aug 2012 at 8:41, Michael Orlitzky wrote:
>> Thanks, here are strace -f logs from both the hardened box (where it
>> fails) and a vanilla gentoo x86 VM (where it works).
> mmap2(NULL, 307200000, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = -1 ENOMEM (Cannot allocate memory)
> this can fail for several reasons, not enough RAM (depends on how overcommit is set),
> not enough address space (hardened/PIE and ASLR together change how big the holes in
> the address space end up, SEGMEXEC halves the address space), etc.
Hmm.. I think this indirectly solves the problem. I've got,
# cat /etc/security/limits.d/50-clamd.conf
#<domain> <type> <item> <value>
clamav - stack 512000
But it isn't taking effect:
# cat /proc/25394/limits | grep stack
Max stack size 307200000 307200000 bytes
So, clamd is likely running out of stack just like the test program. I
can probably figure that one out.
But, I'd ruled out the stack size limitation because resource oversteps
are supposed to be reported:
# cat /proc/config.gz | gunzip | grep GRKERNSEC_RESLOG
I've got nothing logged, even after the failures.