| Summary: | media-sound/teamspeak-server-bin-3.0.8 with hardened-sources-3.10.11 - denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /opt/teamspeak3-server/sbin/ts3server-bin | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | jack_mort <jackmort37> |
| Component: | Current packages | Assignee: | No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed> |
| Status: | RESOLVED OBSOLETE | ||
| Severity: | normal | CC: | ablepharus, genzilla |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
jack_mort
2013-09-12 17:46:31 UTC
startup logfile from teamspeak : 2013-09-12 17:46:41.750794|INFO |ServerLibPriv | | TeamSpeak 3 Server 3.0.8 (2013-08-05 13:00:22) 2013-09-12 17:46:41.751022|INFO |ServerLibPriv | | SystemInformation: Linux 3.10.11-hardened #1 SMP Thu Sep 12 18:34:44 CEST 2013 i686 Binary: 32bit 2013-09-12 17:46:41.756173|INFO |DatabaseQuery | | dbPlugin name: MySQL plugin, (c)TeamSpeak Systems GmbH 2013-09-12 17:46:41.756251|INFO |DatabaseQuery | | dbPlugin version: 1 emerge --info : Portage 2.2.2 (hardened/linux/x86, gcc-4.7.3, glibc-2.17, 3.10.11-hardened i686) ================================================================= System uname: Linux-3.10.11-hardened-i686-Pentium-R-_Dual-Core_CPU_E5700_@_3.00GHz-with-gentoo-2.2 KiB Mem: 4105860 total, 2854300 free KiB Swap: 153596 total, 153596 free Timestamp of tree: Wed, 11 Sep 2013 16:00:01 +0000 ld GNU ld (GNU Binutils) 2.23.2 ccache version 3.1.9 [enabled] app-shells/bash: 4.2_p45 dev-java/java-config: 2.2.0 dev-lang/python: 2.7.5-r2, 3.2.5-r2, 3.3.2-r2 dev-util/ccache: 3.1.9 dev-util/cmake: 2.8.11.1 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.12 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.69 sys-devel/automake: 1.12.6, 1.13.4, 1.14 sys-devel/binutils: 2.23.2 sys-devel/gcc: 4.7.3 sys-devel/gcc-config: 1.8 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.11 (virtual/os-headers) sys-libs/glibc: 2.17 Repositories: gentoo overlay_jackmort Installed sets: @system ACCEPT_KEYWORDS="x86 ~x86" ACCEPT_LICENSE="* -@EULA dlj-1.1" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-march=i686 -O2 -pipe" FEATURES="assume-digests binpkg-logs buildsyspkg ccache config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-march=i686 -O2 -pipe" GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://gentoo.inode.at/ http://mirrors.sec.informatik.tu-darmstadt.de/gentoo" LANG="fr_FR.UTF-8" LC_ALL="fr_FR.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/standard" USE="acl acpi apache2 bzip2 caps ccache cli cracklib cxx dbus device-mapper dri gnutls hardened iconv ipv6 jpeg logrotate mmx modules mudflap mysql mysqli ncurses nls nptl openmp pam pax_kernel pcre php pic png readline samba session smp snmp sse sse2 sse3 ssl syslog tcpd threads truetype unicode urandom usb vhosts x86 xattr xinetd xml zlib" ABI_X86="32" ALSA_CARDS="emu10k1" APACHE2_MODULES="access actions alias auth_basic auth_digest authn_anon authn_core authn_dbd authn_dbm authn_default authn_file authz_core authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi compat dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif slotmem_shm so socache_shmcb speling status unique_id unixd userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" DRACUT_MODULES="lvm mdraid syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="fr" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-4" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby19 ruby18" USERLAND="GNU" VIDEO_CARDS="intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, SYNC, USE_PYTHON Before we contact the hardened team I would like to know whether this is a hardened issue or an issue with teamspeak-server-bin; so, could you try to reproduce this on =sys-kernel/vanilla-sources-3.10.11 to verify whether it works there or not? Thank you in advance. (In reply to jack_mort from comment #0) > denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 > for /opt/teamspeak3-server/sbin/ts3server-bin[ts3server-bin:7206] > uid/euid:120/120 gid/egid:1016/1016, parent /sbin/init[init:1] uid/euid:0/0 > gid/egid:0/0 Oh, wait a moment, I missed the error in your description; grsec does that. Never mind trying on vanilla, I have CC hardened to get some advice on what to do with this; I'm not sure if this is a bug in grsec, or some kind of flag I have to set on the executable. (In reply to Tom Wijsman (TomWij) from comment #3) > (In reply to jack_mort from comment #0) > > denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 > > for /opt/teamspeak3-server/sbin/ts3server-bin[ts3server-bin:7206] > > uid/euid:120/120 gid/egid:1016/1016, parent /sbin/init[init:1] uid/euid:0/0 > > gid/egid:0/0 > > Oh, wait a moment, I missed the error in your description; grsec does that. > > Never mind trying on vanilla, I have CC hardened to get some advice on what > to do with this; I'm not sure if this is a bug in grsec, or some kind of > flag I have to set on the executable. Grsec is telling that it is try to create a core dump file but it not allowed by the limit set in limits.conf. In short the ts3server-bin is segfaulting and it try to make core dump and that fail and don't have anything with Grsec. It is only telling what is happing. (In reply to Magnus Granberg from comment #4) > Grsec is telling that it is try to create a core dump file but it not allowed > by the limit set in limits.conf. In short the ts3server-bin is segfaulting > and > it try to make core dump and that fail and don't have anything with Grsec. > It is only telling what is happing. Thanks for detailing that. I'll CC you again if we discover it otherwise. So, jack_mort, let's get back to comment #2; can you either try a vanilla kernel or try to set limits.conf in such a way that it allows the core dump? The core dump will tell us what is happening. For more information regarding the core dump you can see http://www.gentoo.org/proj/en/qa/backtraces.xml as for how grsec works you might find information in https://wiki.gentoo.org/wiki/Hardened_Gentoo Thank you in advance. Hi, Thanks for the updates ! I raised limits to 4096 for teamspeak RLMIT_CORE. It still won't start. Next I'll try vanilla-sources and keep you informed of the result. Hi, Little update here : tried to get a core dump but can't seem to get one. I've enabled all options detailed in the backtraces "howto" but... Where is the dump, that's the quetion. Strange thing is that when I try to start out of the init.d script, it seems to start. I have to try to get the right parameters to use mysql backend and see if it could be related (I only tried starting with default params). Another update : - tried siwtching to hardened-sources-3.11.1 and same problem (among others, so switched back to 3.10.11-r1). - I found the way to launch TS3 with mysql directly (out of init.d script) and I get this error : 2013-09-21 13:34:13.393547|INFO |DatabaseQuery | | dbPlugin version: 1 terminate called after throwing an instance of 'std::logic_error' what(): basic_string::_S_construct null not valid Abandon Strange thing is I don't even get it when running init.d script... Next step : switch to non hardened kernel. I will keep you informed ! Ping, have you tried non-hardened? Sorry been a bit busy these past days. I'm compiling kernel for gentoo-sources right now. Hope I'll be able to try it in few hours or at least tomorrow... And I'll keep you informed ! Hi, Sorry guys, I couldn't reboot the server last week. I just rebooted into non-hardened (gentoo-sources) and still the same crash with same error. So... my first idea was bad, it seems to be fully related to teamspeak itself ! Can you try 3.0.10.1 to see if it is still happening there? Already tried. Same error. I opened a thread in teamspeak forums, no answer... expect remove everything and retry (which I had already done before posting in the forum). I just think they don't care about MySQL support... and I'll have to switch to sqlite... Can you still reproduce this with 3.0.10.3? (In reply to jack_mort from comment #6) > I raised limits to 4096 for teamspeak RLMIT_CORE. It still won't start. > Next I'll try vanilla-sources and keep you informed of the result. Can you try again to obtain the core dump on non-hardened? Hi, Teamspeak has dropped support of MySQL bakend in favor of MariaDB. I switched my old broken TS3 server left alone for all this time to MariaDB, and it started like a breeze. This bug is now obsolete and won't by fixed anyway. Thanks for your time. |
