GNU bug report logs -
#24138
SIGSEGV of useradd (from shadow package)
Previous Next
Reported by: Tomáš Čech <sleep_walker <at> gnu.org>
Date: Wed, 3 Aug 2016 07:03:02 UTC
Severity: normal
Tags: moreinfo
Done: Tomáš Čech <tcech <at> suse.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 24138 in the body.
You can then email your comments to 24138 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#24138; Package
guix.
(Wed, 03 Aug 2016 07:03:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Tomáš Čech <sleep_walker <at> gnu.org>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Wed, 03 Aug 2016 07:03:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
It seems to be easy to crash useradd (from shadow package).
# ls -l $(which useradd)
lrwxrwxrwx 4 root guixbuild 69 Jan 1 1970 /root/.guix-profile/sbin/useradd -> /gnu/store/ylnc73apl1irl0s613rxjl445x2zx8a5-shadow-4.2.1/sbin/useradd
# useradd test
Neoprávněný přístup do paměti (SIGSEGV) (core dumped [obraz paměti uložen])
(139) # gdb $(which useradd) core
GNU gdb (GDB) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /root/.guix-profile/sbin/useradd...(no debugging symbols found)...done.
[New LWP 1603]
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
Core was generated by `useradd test'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f457ee6503c in call_init.part () from /gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/ld-linux-x86-64.so.2
(gdb) bt
#0 0x00007f457ee6503c in call_init.part () from /gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/ld-linux-x86-64.so.2
#1 0x00007f457ee65205 in _dl_init () from /gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/ld-linux-x86-64.so.2
#2 0x00007f457ee696a0 in dl_open_worker () from /gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/ld-linux-x86-64.so.2
#3 0x00007f457ee64f34 in _dl_catch_error () from /gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/ld-linux-x86-64.so.2
#4 0x00007f457ee68d33 in _dl_open () from /gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/ld-linux-x86-64.so.2
#5 0x00007f457e841fb9 in dlopen_doit () from /gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/libdl.so.2
#6 0x00007f457ee64f34 in _dl_catch_error () from /gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/ld-linux-x86-64.so.2
#7 0x00007f457e842589 in _dlerror_run () from /gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/libdl.so.2
#8 0x00007f457e842051 in dlopen@@GLIBC_2.2.5 () from /gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/libdl.so.2
#9 0x00007f457ea49e8d in _pam_load_module () from /gnu/store/2xmwkq2ycwk89xlxnvib5wnjaacfy0rg-linux-pam-1.2.1/lib/libpam.so.0
#10 0x00007f457ea4a4f9 in _pam_add_handler () from /gnu/store/2xmwkq2ycwk89xlxnvib5wnjaacfy0rg-linux-pam-1.2.1/lib/libpam.so.0
#11 0x00007f457ea4ad90 in _pam_parse_conf_file () from /gnu/store/2xmwkq2ycwk89xlxnvib5wnjaacfy0rg-linux-pam-1.2.1/lib/libpam.so.0
#12 0x00007f457ea4b395 in _pam_init_handlers () from /gnu/store/2xmwkq2ycwk89xlxnvib5wnjaacfy0rg-linux-pam-1.2.1/lib/libpam.so.0
#13 0x00007f457ea4cae1 in pam_start () from /gnu/store/2xmwkq2ycwk89xlxnvib5wnjaacfy0rg-linux-pam-1.2.1/lib/libpam.so.0
#14 0x0000000000403351 in main ()
Interesting information about module causing it would be in stackframe
#9 but there are no debugging information available. Adding debug
`output' to linux-pam would diverge me from GuixSD.
from strace:
read(3, "account required pam_deny.so \nau"..., 4096) = 223
open("/gnu/store/2xmwkq2ycwk89xlxnvib5wnjaacfy0rg-linux-pam-1.2.1/lib/security/pam_deny.so", O_RDONLY|O_CLOEXEC) = 5
read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\6\0\0\0\0\0\0"..., 832) = 832
fstat(5, {st_mode=S_IFREG|0555, st_size=6728, ...}) = 0
mmap(NULL, 2100200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7fb8b447c000
mprotect(0x7fb8b447d000, 2093056, PROT_NONE) = 0
mmap(0x7fb8b467c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0) = 0x7fb8b467c000
close(5) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x7fb8b3d1bda8} ---
+++ killed by SIGSEGV (core dumped) +++
# cat /etc/pam.d/useradd
account required pam_unix.so
auth sufficient pam_rootok.so
password required pam_unix.so
session required /gnu/store/4mmn5y6syzv7wwz1y6bl1ab4g0yvkdq1-elogind-219.14/lib/security/pam_elogind.so
session required pam_unix.so
# cat /etc/pam.d/other
account required pam_deny.so
auth required pam_deny.so
password required pam_deny.so
session required /gnu/store/4mmn5y6syzv7wwz1y6bl1ab4g0yvkdq1-elogind-219.14/lib/security/pam_elogind.so
session required pam_deny.so
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#24138; Package
guix.
(Wed, 03 Aug 2016 16:57:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 24138 <at> debbugs.gnu.org (full text, mbox):
Hello!
Tomáš Čech <sleep_walker <at> gnu.org> skribis:
> It seems to be easy to crash useradd (from shadow package).
Is it on GuixSD?
> from strace:
>
> read(3, "account required pam_deny.so \nau"..., 4096) = 223
> open("/gnu/store/2xmwkq2ycwk89xlxnvib5wnjaacfy0rg-linux-pam-1.2.1/lib/security/pam_deny.so", O_RDONLY|O_CLOEXEC) = 5
> read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\6\0\0\0\0\0\0"..., 832) = 832
> fstat(5, {st_mode=S_IFREG|0555, st_size=6728, ...}) = 0
> mmap(NULL, 2100200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7fb8b447c000
> mprotect(0x7fb8b447d000, 2093056, PROT_NONE) = 0
> mmap(0x7fb8b467c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0) = 0x7fb8b467c000
> close(5) = 0
> --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x7fb8b3d1bda8} ---
Could you check in the ‘strace’ output whether PAM modules build with
another libc are being loaded?
Thanks for your report!
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org:
bug#24138; Package
guix.
(Wed, 03 Aug 2016 23:32:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 24138 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Wed, Aug 03, 2016 at 06:56:19PM +0200, Ludovic Courtès wrote:
>Hello!
>
>Tomáš Čech <sleep_walker <at> gnu.org> skribis:
>
>> It seems to be easy to crash useradd (from shadow package).
>
>Is it on GuixSD?
Yes. \o/
>> from strace:
>>
>> read(3, "account required pam_deny.so \nau"..., 4096) = 223
>> open("/gnu/store/2xmwkq2ycwk89xlxnvib5wnjaacfy0rg-linux-pam-1.2.1/lib/security/pam_deny.so", O_RDONLY|O_CLOEXEC) = 5
>> read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\6\0\0\0\0\0\0"..., 832) = 832
>> fstat(5, {st_mode=S_IFREG|0555, st_size=6728, ...}) = 0
>> mmap(NULL, 2100200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7fb8b447c000
>> mprotect(0x7fb8b447d000, 2093056, PROT_NONE) = 0
>> mmap(0x7fb8b467c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0) = 0x7fb8b467c000
>> close(5) = 0
>> --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x7fb8b3d1bda8} ---
>
>Could you check in the ‘strace’ output whether PAM modules build with
>another libc are being loaded?
It doesn't seem to be that case:
# grep linux-pam ~/useradd.strace | grep -v ENOENT
19555 open("/gnu/store/2xmwkq2ycwk89xlxnvib5wnjaacfy0rg-linux-pam-1.2.1/lib/libpam_misc.so.0", O_RDONLY|O_CLOEXEC) = 3
19555 open("/gnu/store/2xmwkq2ycwk89xlxnvib5wnjaacfy0rg-linux-pam-1.2.1/lib/libpam.so.0", O_RDONLY|O_CLOEXEC) = 3
19555 open("/gnu/store/2xmwkq2ycwk89xlxnvib5wnjaacfy0rg-linux-pam-1.2.1/lib/security/pam_unix.so", O_RDONLY|O_CLOEXEC) = 4
19555 open("/gnu/store/2xmwkq2ycwk89xlxnvib5wnjaacfy0rg-linux-pam-1.2.1/lib/security/pam_rootok.so", O_RDONLY|O_CLOEXEC) = 4
19555 stat("/gnu/store/m4xna3zq2il5an61wxbmfv82ndvz70f6-linux-pam-1.2.1/lib", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
19555 open("/gnu/store/2xmwkq2ycwk89xlxnvib5wnjaacfy0rg-linux-pam-1.2.1/lib/security/pam_deny.so", O_RDONLY|O_CLOEXEC) = 5
On the other hand it seems to load part of the libraries from 2.22,
part from 2.23 and that is not healthy.
# grep glibc ~/useradd.strace | grep -v ENOENT
19555 open("/gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
19555 open("/gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
19555 open("/gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
19555 open("/gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/libnss_compat.so.2", O_RDONLY|O_CLOEXEC) = 3
19555 open("/gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/libnsl.so.1", O_RDONLY|O_CLOEXEC) = 3
19555 open("/gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = 3
19555 open("/gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
19555 open("/gnu/store/8m00x5x8ykmar27s9248cmhnkdb2n54a-glibc-2.22/lib/libcrypt.so.1", O_RDONLY|O_CLOEXEC) = 4
19555 stat("/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
19555 open("/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/libm.so.6", O_RDONLY|O_CLOEXEC) = 4
19555 open("/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/librt.so.1", O_RDONLY|O_CLOEXEC) = 4
19555 open("/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 4
It seems to be more serious than I thought:
# login
Neoprávněný přístup do paměti (SIGSEGV) (core dumped [obraz paměti uložen])
S_W
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#24138; Package
guix.
(Fri, 09 Sep 2016 14:30:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 24138 <at> debbugs.gnu.org (full text, mbox):
Hi,
Tomáš Čech <sleep_walker <at> gnu.org> skribis:
> On the other hand it seems to load part of the libraries from 2.22,
> part from 2.23 and that is not healthy.
Indeed, this cannot work. Do you still have this problem? Do you know
why both libc versions were being used (LD_LIBRARY_PATH or some such?)?
TIA,
Ludo’.
Added tag(s) moreinfo.
Request was from
ludo <at> gnu.org (Ludovic Courtès)
to
control <at> debbugs.gnu.org.
(Fri, 09 Sep 2016 14:33:01 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org:
bug#24138; Package
guix.
(Tue, 31 Jan 2017 22:26:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 24138 <at> debbugs.gnu.org (full text, mbox):
Hi Tomáš,
Any updates on this bug, or should we close it?
https://bugs.gnu.org/24138
Thanks in advance! :-)
Ludo’.
ludo <at> gnu.org (Ludovic Courtès) skribis:
> Hi,
>
> Tomáš Čech <sleep_walker <at> gnu.org> skribis:
>
>> On the other hand it seems to load part of the libraries from 2.22,
>> part from 2.23 and that is not healthy.
>
> Indeed, this cannot work. Do you still have this problem? Do you know
> why both libc versions were being used (LD_LIBRARY_PATH or some such?)?
>
> TIA,
> Ludo’.
Reply sent
to
Tomáš Čech <tcech <at> suse.com>:
You have taken responsibility.
(Sat, 04 Feb 2017 14:43:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Tomáš Čech <sleep_walker <at> gnu.org>:
bug acknowledged by developer.
(Sat, 04 Feb 2017 14:43:02 GMT)
Full text and
rfc822 format available.
Message #24 received at 24138-done <at> debbugs.gnu.org (full text, mbox):
On Tue, 31 Jan 2017 23:25:32 +0100,
Ludovic Courtès wrote:
>
> Hi Tomáš,
>
> Any updates on this bug, or should we close it?
I haven't met this bug since. Let's close it.
Thanks.
S_W
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sun, 05 Mar 2017 12:24:03 GMT)
Full text and
rfc822 format available.
This bug report was last modified 7 years and 52 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.