On Feb 05, 2005, at 14:25, Csillag Tamás wrote:

>> Hmmm... spoke too soon.  None of the services requiring tcpsvd were
>> installed, so I tried with rsync and if I start supervise on those
>> services, nothing happens.  But if "sh -x run" myself, I can see the
>> services are starting.  Not sure if recompiling ipsvd without dietlibc
>> will help, but it's something I'll have to try.
>>
>>> In grsec I use the chpax utility to bypass this security checks on
>>> these
>>> (and only these) programs.
>>
>> Ouch.  Not a good solution.
>>
>>> Maybe it is worth asking the author of dietlibc..
>>> http://www.fefe.de/dietlibc/
>>
>> I have... and am in the middle of a conversation with him.  He's very
>> interested in seeing this resolved.
>
> Can you tell me what is the result?
> Felix released 0.28 recently, it contains the fixes for that or not?
> (I was unable to figure out from the CHANGES file)

I meant to email the list earlier, but didn't get a chance.  I did 
build dietlibc 0.28 and recompiled runit under it and it seems to work 
ok.  At least the kernel doesn't kill or stall runit anymore.  But I 
had to build without WANT_STACKGAP due to my gcc+SSP compiler (I don't 
know if this will make any difference to runit itself because I can't 
compiled dietlibc 0.28 with gcc+SSP with WANT_STACKGAP enabled).

So far it seems good although I want to keep an eye on it more before I 
put it into production.

-- 
Annvix - Secure Linux Server: http://annvix.org/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C  A2BC 2EBC 5E32 FEE3 0AD4}