Package: libnss-mysql-bg Version: 1.3-2 Severity: normal Hello,
When running certain applications (finger, groupdel etc) which query libnss for details on a box running grsecurity, it can cause grsecurity to detect an attempt to overstep resource limits (and a subsequent segfault in the application in question). An strace of groupdel <user> shows towards the end: read(4, "\376", 1) = 1 geteuid32() = 0 geteuid32() = 0 geteuid32() = 0 geteuid32() = 0 geteuid32() = 0 geteuid32() = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++ And a line appears in the kernel log as follows: grsec: From <ip>: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/groupdel[groupdel:2875] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/strace[strace:17477] uid/euid:0/0 gid/egid:0/0 Without the NSS MySQL support enabled, I can delete the group fine, finger user accounts, etc. I have the following relevant lines in /etc/nsswitch.conf: passwd: compat mysql group: compat shadow: compat mysql Any light you can shed on the matter would be appreciated! Thanks, Chris. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13.1-grsec Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Versions of packages libnss-mysql-bg depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libmysqlclient12 4.0.24-10 mysql database client library ii zlib1g 1:1.2.2-4 compression library - runtime libnss-mysql-bg recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
