On 20 Mar 2013 at 10:11, Alex Efros wrote: > Hi! > > On Wed, Mar 20, 2013 at 09:25:07AM +0200, Alex Efros wrote: > > https://bugs.gentoo.org/show_bug.cgi?id=462430
next time add me to the bug if you expect an answer instead of spamming every possible forum. > > Any ideas which grsec/pax option may result in this (subj) behavior? > > Looks like PAX_RANDMMAP is broken (or improved too much). from the 3.7.4 changelog: - added countermeasure against attacks that reduce ASLR by exhausting the address space on 32 bit userland see kingcope's post for the windows version http://kingcope.wordpress.com/2013/01/24/attacking-the-windows-78-address-space-randomization/ > If trivial tools like tcpserver on 32-bit system instead of 2MB will > randomly use up to 300MB just as result of RANDMMAP - this isn't good. > Even if it doesn't really allocate all these memory it still break > things like ulimit/softlimit. these artificial random gaps don't actually consume RAM, only virtual address space and applications trying to account for their address space needs while also second guessing the kernel are simply buggy. nevertheless to reduce the pain i've fixed the gap accounting in that these areas are not taken into account when mmap checks RLIMIT_AS, so it should be fine now (did you even search the gentoo bugzilla or the grsec forums for similar issues? i thought so). you'll need to update to 3.8.3 though because 3.7 is no longer supported.
