Re: [Help-gnunet] 0.6.6a gnunetd and grsecurity

help-gnunet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnunet] 0.6.6a gnunetd and grsecurity

From:	Christian Grothoff
Subject:	Re: [Help-gnunet] 0.6.6a gnunetd and grsecurity
Date:	Sun, 13 Feb 2005 23:03:16 -0500
User-agent:	KMail/1.7.2

On Sunday 13 February 2005 22:13, A.C. wrote:
> Hi list,
>
> I want to try the new gnunet 0.6.6a release but, can't get it running on
> a machine with a 2.4.28 kernel.org kernel with grsecurity.net 2.0
> patches.

Hmm.  I can say this: GNUnet does run on a recent 2.6 kernel with grsecurity 
(without chpax).  Now, grsecurity has many, many options, and in particular 
if you go towards access control lists, you can easily setup things in ways 
that will interfere (i.e., disallow bind() or even socket()).  So this is not 
saying that it'll work with just any config.

gnunet never requires root and should not be run as root.  

> gnunetd will be terminated with:
>
> Feb 14 03:40:58 lxbox kernel: grsec: From 192.168.20.33: signal 11 sent
> to /usr/local/bin/gnunetd[gnunetd:11379] uid/euid:0/0 gid/egid:0/0,
> parent /usr/local/bin/gnunetd[gnunetd:3519] uid/euid:0/0 gid/egid:0/0
>
> Feb 14 03:40:58 lxbox kernel: grsec: From 192.168.20.33: attempted
> resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by
> /usr/local/bin/gnunetd[gnunetd:11379] uid/euid:0/0 gid/egid:0/0, parent
> /usr/local/bin/gnunetd[gnunetd:3519] uid/euid:0/0 gid/egid:0/0
>
> I tryed:
> - running as user
> - running as root
> - all grsecurity features step-by-step with chpax switched off:
>   from PeMRxS (default) to pEmrxs

Well, a quick google search yeilds:
http://www.vanheusden.com/Linux/tt.html

> Any recommendations ?

Well, it looks that all that happened was that gnunetd had a segmentation 
fault or core dumped for some other reason (i.e. call to abort()) and your 
system (grsecurity/ulimit) disabled core dumps.  You may want to enable core 
dumps, increase your log-level and figure out what the core dump is about 
(and then report to Mantis, ideally with stack traces and whatever else you 
may have).  But it is not a grsecurity problem per-se.

> B.t.w compiling on suse 8.2 is not working out of the box.
> The requestet autoconf and gtk2 version level is a litle bit to high.
> (config.log attached)
> And the gtk app is only running without "About"

Well, if I recall the latest bump in gtk version requirements was partially 
because of the about dialog. I don't think you need _any_ version of autoconf 
installed if you use the GNUnet source Tar-GZ, the autotools are only 
required if you use code directly from subversion.

Christian

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnunet] GNUnet 0.6.6a released, Christian Grothoff, 2005/02/09
- [Help-gnunet] 0.6.6a gnunetd and grsecurity, A . C ., 2005/02/13
  - Re: [Help-gnunet] 0.6.6a gnunetd and grsecurity, Christian Grothoff <=

Prev by Date: [Help-gnunet] 0.6.6a gnunetd and grsecurity
Next by Date: Re: [Help-gnunet] downloads and CPU
Previous by thread: [Help-gnunet] 0.6.6a gnunetd and grsecurity
Next by thread: [Help-gnunet] OK to use a FQDN for 'IP' in gnunet.conf?
Index(es):
- Date
- Thread