From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/687
Path: main.gmane.org!not-for-mail
From: Csillag =?iso-8859-2?Q?Tam=E1s?= <cstamas@digitus.itk.ppke.hu>
Newsgroups: gmane.comp.sysutils.supervision.general
Subject: Re: runit running under linux 2.4 with openwall patches
Date: Wed, 26 Jan 2005 09:52:10 +0100
Message-ID: <20050126085210.GR10265@digitus>
References: <AD0A7182-6B30-11D9-9341-000A9598BFB2@annvix.org> <20050121193151.5581.qmail@f99cf6af5269a6.315fe32.mid.smarden.org> <BC8ECD7B-6E8C-11D9-9341-000A9598BFB2@annvix.org> <1106650731.41f6266bcbe61@www.wolfpuppy.org.uk> <84B8E07C-6F29-11D9-9341-000A9598BFB2@annvix.org> <20050126004448.GI10265@digitus> <31302029-6F53-11D9-9341-000A9598BFB2@annvix.org>
Reply-To: Csillag =?iso-8859-2?Q?Tam=E1s?= <cstamas@digitus.itk.ppke.hu>
NNTP-Posting-Host: deer.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: quoted-printable
X-Trace: sea.gmane.org 1106729543 30504 80.91.229.6 (26 Jan 2005 08:52:23 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Wed, 26 Jan 2005 08:52:23 +0000 (UTC)
Cc: supervision@list.skarnet.org
Original-X-From: supervision-return-926-gcsg-supervision=m.gmane.org@list.skarnet.org Wed Jan 26 09:52:14 2005
Return-path: <supervision-return-926-gcsg-supervision=m.gmane.org@list.skarnet.org>
Original-Received: from antah.skarnet.org ([212.85.147.14])
	by deer.gmane.org with smtp (Exim 3.35 #1 (Debian))
	id 1CtiuM-0001U2-00
	for <gcsg-supervision@gmane.org>; Wed, 26 Jan 2005 09:52:14 +0100
Original-Received: (qmail 32405 invoked by uid 76); 26 Jan 2005 08:52:35 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Archive: <http://www.skarnet.org/lists/>
Original-Received: (qmail 32399 invoked from network); 26 Jan 2005 08:52:35 -0000
Original-To: Vincent Danen <vdanen@annvix.org>
Content-Disposition: inline
In-Reply-To: <31302029-6F53-11D9-9341-000A9598BFB2@annvix.org>
X-Operating-System: Gnu/Linux
X-PPKE-NOSPAM: I promise, I will never let anything happen to you. Nemo.
X-PGP-Key: http://digitus.itk.ppke.hu/~cstamas/cstamas.pgp
User-Agent: Mutt/1.5.6+20040907i
X-PPKE-ITK-MailScanner: Found to be clean
X-PPKE-ITK-MailScanner-SpamCheck: not spam, SpamAssassin (pont=-13.022,
	szukseges 5, autolearn=not spam, ALL_TRUSTED -3.30, AWL 2.88,
	BAYES_00 -2.60, LOCAL_PPKE -10.00)
X-PPKE-ITK-MailScanner-From: cstamas@digitus.itk.ppke.hu
Xref: main.gmane.org gmane.comp.sysutils.supervision.general:687
X-Report-Spam: http://spam.gmane.org/gmane.comp.sysutils.supervision.general:687

I am sorry if this is a bit OT here.

On 01/25, Vincent Danen wrote:
>=20
> On Jan 25, 2005, at 17:44, Csillag Tam=E1s wrote:
>=20
> >>>Yes, it's dietlibc. Dietlibc executes code from the stack during
> >>>system calls,
> >>>afaict.
> >>
> >>Well, it's definitely dietlibc.  I compiled runit with glibc
> >>(statically) and it works just fine.   Very strange.
> >I got the same with grsecurity (www.grsecurity.org).
> >Well it did not stated exactly in the log that the stack operation is=20
> >the
> >cause of killing that process.
> >
> >It could happen for *all* dietlibc linked program.
> >(I experienced in: runsv svlogd fnord tcpsvd ... )
>=20
> Odd thing here is that I tried a few other apps that were=20
> dietlibc-compiled and didn't see a problem.
>=20
> Hmmm... spoke too soon.  None of the services requiring tcpsvd were=20
> installed, so I tried with rsync and if I start supervise on those=20
> services, nothing happens.  But if "sh -x run" myself, I can see the=20
> services are starting.  Not sure if recompiling ipsvd without dietlibc=20
> will help, but it's something I'll have to try.
You cannot predict when will it happen.
In fnord-cgi it only happend when it executed the cgis. I blamed myself
that something is missing inside it's chroot, but it worked well if I
ran it 'strace -f' (I mean fnord).

In runsv when you signal a service runsv itself gets killed, and
runsvdir will restart it (you can see that log -service has the same
'uptime' as the supervisioned process).
>=20
> >In grsec I use the chpax utility to bypass this security checks on=20
> >these
> >(and only these) programs.
>=20
> Ouch.  Not a good solution.
>=20
> >Maybe it is worth asking the author of dietlibc..
> >http://www.fefe.de/dietlibc/
>=20
> I have... and am in the middle of a conversation with him.  He's very=20
> interested in seeing this resolved.
Nice.=20
It is not on the dietlibc -list is not it?
(I do not see it there)
Please send me a summary when it gets resolved.

(Maybe here too, I think the guys maybe also interested in this,
and if you already started it here ;-)

Thanks.

--=20
cstamas