Hi all,
I am a bit confused because my exim 4.34 wants to make use of the
Linux SYS_RESOURCE Capability.
My Question is: Does anybody know if it really needs it? And if yes,
why?
I have a Debian woody box with exim4 backport and grsecurity acl
system running and it was complaining about that issue.
Seems that apache generating an email is causing this.
I had these messages in syslog at exactly the same time.
(Sorry for long lines)
grsec: (www-data:U:/usr/sbin/exim4) use of CAP_SYS_RESOURCE denied for /usr/sbin/exim4[sendmail:4320] uid/euid:33/0 gid/egid:33/33, parent /usr/sbin/apache uid/euid:33/33 gid/egid:33/33
grsec: (mail:U:/usr/sbin/exim4) use of CAP_SYS_RESOURCE denied for /usr/sbin/exim4[exim4:31806] uid/euid:8/0 gid/egid:8/8, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: (www-data:U:/usr/sbin/exim4) use of CAP_SYS_RESOURCE denied for /usr/sbin/exim4[sendmail:4320] uid/euid:33/0 gid/egid:33/33, parent /usr/sbin/apache[apache:29106] uid/euid:33/33 gid/egid:33/33
grsec: (mail:U:/usr/sbin/exim4) use of CAP_SYS_RESOURCE denied for /usr/sbin/exim4[exim4:31806] uid/euid:8/0 gid/egid:8/8, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
>From the grsec documentation:
CAP_SYS_RESOURCE:
· Override resource limits. Set resource limits;
· Override quota limits;
· Override reserved space on ext2 filesystem;
· Modify data journaling mode on ext3 filesystem (uses journaling resources);
NOTE: ext2 honors fsuid when checking for resource overrides,
so you can override using fsuid too;
· Override size restrictions on IPC message queues;
· Allow more than 64hz interrupts from the real?time clock;
· Override max number of consoles on console allocation;
· Override max number of keymaps.
Thanks for any hints
-Marc
--
° <M3rlin-> what is the legal age to buy alcoholic in england ? °
° <p5Ds13a06> you cant buy alcoholics °
° <p5Ds13a06> but if you wink the right way, °
° some of them will follow you home for free °
