because of the do_brk() bug, I updated my kernel and choosed to use a security enhanced kernel for my server, that does dhcp amongst other things. I chosed wolk-sources after the gentoo hardened-sources hard-locked up the server. this time it wouldn't lock up, instead just kill dhcp. Here is what I could gather from the log files. It seems to occur when a windows dhcp client goes online (here named 'eva') Dec 8 20:04:31 [dhcpd] DHCPDISCOVER from 00:10:dc:8a:8f:cc (eva) via eth0 Dec 8 20:04:32 [dhcpd] DHCPOFFER on 192.168.0.20 to 00:10:dc:8a:8f:cc (eva) via eth0 Dec 8 20:04:32 [dhcpd] Wrote 0 deleted host decls to leases file. Dec 8 20:04:32 [dhcpd] Wrote 0 new dynamic host decls to leases file. Dec 8 20:04:32 [dhcpd] Wrote 4 leases to leases file. Dec 8 20:04:32 [dhcpd] Can't backup lease database /var/lib/dhcp/dhcpd.leases to /var/lib/dhcp/dhcpd.leases~: Operation not permitted Dec 8 20:04:32 [kernel] grsec: denied hardlink of /var/lib/dhcp/dhcpd.leases (ow ned by 0.0) to /var/lib/dhcp/dhcpd.leases~ for (dhcpd:2086) UID(1034) EUID(1034), parent (init:1) UID(0) EUID(0) Dec 8 20:04:32 [dhcpd] DHCPREQUEST for 192.168.0.20 (192.168.0.10) from 00:10:dc :8a:8f:cc (eva) via eth0 Dec 8 20:04:32 [dhcpd] DHCPACK on 192.168.0.20 to 00:10:dc:8a:8f:cc (eva) via et h0 Dec 8 20:04:56 [kernel] grsec: chdir to /etc/dnscachex/log/main by (multilog:119 55) UID(1013) EUID(1013), parent (supervise:21081) UID(0) EUID(0) - Last output repeated twice - Dec 8 20:09:32 [dhcpd] Wrote 0 deleted host decls to leases file. Dec 8 20:09:32 [dhcpd] Wrote 0 new dynamic host decls to leases file. Dec 8 20:09:32 [dhcpd] Wrote 0 deleted host decls to leases file. Dec 8 20:09:32 [dhcpd] Wrote 0 new dynamic host decls to leases file. now the above 2 log lines will repeat for a couple thousand times, until this happens: Dec 8 20:09:40 [dhcpd] Wrote 0 deleted host decls to leases file. Dec 8 20:09:40 [dhcpd] Wrote 0 new dynamic host decls to leases file. Dec 8 20:09:40 [kernel] grsec: attempted resource overstep by requesting 8388608 for RLIMIT_STACK against limit 8388608 by (dhcpd:2086) UID(1034) EUID(1034), par ent (init:1) UID(0) EUID(0) Dec 8 20:09:40 [dhcpd] Wrote 0 deleted host decls to leases file. Dec 8 20:09:40 [dhcpd] Wrote 0 new dynamic host decls to leases file. Dec 8 20:09:40 [dhcpd] Wrote 0 deleted host decls to leases file. Dec 8 20:09:40 [dhcpd] Wrote 0 new dynamic host decls to leases file. Dec 8 20:09:40 [dhcpd] Wrote 0 deleted host decls to leases file. Dec 8 20:09:40 [dhcpd] Wrote 0 new dynamic host decls to leases file. Dec 8 20:09:40 [kernel] grsec: attempted resource overstep by requesting 8392704 for RLIMIT_STACK against limit 8388608 by (dhcpd:2086) UID(1034) EUID(1034), par ent (init:1) UID(0) EUID(0) After this, dhcp is gone, ps -e |grep dhcp doesn't reveal anything and dhcp clients fail to get an IP address Reproducible: Couldn't Reproduce Steps to Reproduce: 1. Enable grsecurity with even higher-than-maximal custom settings 2. start dhcp 3. let new dhcp clients get their IP addresses Actual Results: It only seems to happen with the windows XP client (eva) but since my linux client is recognized by its MAC address and has a fixated IP address by dhcp, I can't say for sure it is because of that. I am unable to reproduce the error right now (eva is a laptop that's not here) but suffice to say, it happened several times Expected Results: it shouldn't have crashed and given people their ip adresses =p I am using a script to turn new dhcp leases into DNS entries, so unless someone changes the hostname of the system, he'll always be reachable by e.g. eva.local The script is a slightly altered version of this one: http://www.thismetalsky.org/files/dhcp_dns/dhcp_dns/djb_update.pl Emerge info output: Portage 2.0.49-r15 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r3, 2.4.20-wolk4.9s) ================================================================= System uname: 2.4.20-wolk4.9s i686 Pentium II (Deschutes) Gentoo Base System version 1.4.3.10 distcc 2.11.1 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=pentium2 -O3 -pipe -s -fomit-frame-pointer -fstack-protector" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /var/qmail/control /usr/kde/2/share/config /usr/kde/3/share/config /var/bind /usr/X11R6/lib/X11/xkb /usr/kde/3.1/share/config /usr/share/config" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-march=pentium2 -O3 -pipe -s -fomit-frame-pointer -fstack-protector" DISTDIR="/usr/portage/distfiles" FEATURES="ccache -sandbox buildpkg distcc usepkg" GENTOO_MIRRORS="http://gentoo.oregonstate.edu/ http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 oss apm avi crypt cups encode foomaticdb gif gtk2 jpeg gnome libg++ mad mikmod mpeg ncurses nls pdflib png quicktime spell truetype xml2 xmms xv zlib alsa gdbm berkdb slang readline arts tetex svga tcltk java guile X sdl gpm tcpd pam perl python esd imlib oggvorbis gtk qt kde motif opengl mozilla ldap mysql imap libwww maildir sasl ssl tctlk mmx"
it is a grsec thing please go through the documentation and/or disable features of grsec
Negative. See http://bugs.gentoo.org/show_bug.cgi?id=31840 Looks like with grsec just produces a different error message, the bug is still within dhcp.
Ok, eva's around The bug's reproducable. I recompiled the kernel, turned off some GRSec features and various other 'unsafe' and 'experimental' stuff but it still happens. eva.local is turned on and the dhcp daemon dies. GRsec settings: medium, logging all, network all except socket restrictions
Have you tried to disable CONFIG_GRKERNSEC_LINK and maybe CONFIG_GRKERNSEC_CHROOT?
Thank you Willi Mann, That Fixed it =) Works like a charm now