From: Vincent Danen <vdanen@annvix.org>
Cc: <supervision@list.skarnet.org><supervision@list.skarnet.org>
<supervision@list.skarnet.org>
Subject: Re: runit running under linux 2.4 with openwall patches
Date: Tue, 25 Jan 2005 21:31:48 -0700 [thread overview]
Message-ID: <31302029-6F53-11D9-9341-000A9598BFB2@annvix.org> (raw)
In-Reply-To: <20050126004448.GI10265@digitus>
[-- Attachment #1: Type: text/plain, Size: 1526 bytes --]
On Jan 25, 2005, at 17:44, Csillag Tamás wrote:
>>> Yes, it's dietlibc. Dietlibc executes code from the stack during
>>> system calls,
>>> afaict.
>>
>> Well, it's definitely dietlibc. I compiled runit with glibc
>> (statically) and it works just fine. Very strange.
> I got the same with grsecurity (www.grsecurity.org).
> Well it did not stated exactly in the log that the stack operation is
> the
> cause of killing that process.
>
> It could happen for *all* dietlibc linked program.
> (I experienced in: runsv svlogd fnord tcpsvd ... )
Odd thing here is that I tried a few other apps that were
dietlibc-compiled and didn't see a problem.
Hmmm... spoke too soon. None of the services requiring tcpsvd were
installed, so I tried with rsync and if I start supervise on those
services, nothing happens. But if "sh -x run" myself, I can see the
services are starting. Not sure if recompiling ipsvd without dietlibc
will help, but it's something I'll have to try.
> In grsec I use the chpax utility to bypass this security checks on
> these
> (and only these) programs.
Ouch. Not a good solution.
> Maybe it is worth asking the author of dietlibc..
> http://www.fefe.de/dietlibc/
I have... and am in the middle of a conversation with him. He's very
interested in seeing this resolved.
--
Annvix - Secure Linux Server: http://annvix.org/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4}
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 186 bytes --]
next prev parent reply other threads:[~2005-01-26 4:31 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-20 22:14 Vincent Danen
2005-01-20 22:28 ` Charlie Brady
2005-01-20 22:52 ` Vincent Danen
2005-01-21 19:32 ` Gerrit Pape
2005-01-25 4:51 ` Vincent Danen
2005-01-25 10:58 ` Torne Wuff
2005-01-25 19:54 ` Vincent Danen
2005-01-25 23:33 ` Vincent Danen
2005-01-26 0:44 ` Csillag Tamás
2005-01-26 4:31 ` Vincent Danen [this message]
2005-01-26 8:52 ` Csillag Tamás
2005-01-27 19:52 ` Charlie Brady
2005-01-26 12:07 ` Milan P. Stanic
[not found] ` <20050205212555.GI20427@digitus>
2005-02-05 23:14 ` Vincent Danen
2005-03-14 14:11 ` Csillag Tamás
2005-03-14 17:40 ` Gerrit Pape
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=31302029-6F53-11D9-9341-000A9598BFB2@annvix.org \
--to=vdanen@annvix.org \
--cc=supervision@list.skarnet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).