Bug 1069632
| Summary: | Chkrootkit - "Stack Smashing" | ||
|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | GV <rhel> |
| Component: | chkrootkit | Assignee: | manuel wolfshant <manuel.wolfshant> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | el6 | CC: | manuel.wolfshant |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | chkrootkit-0.49-3.el5 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 626067 | Environment: | |
| Last Closed: | 2014-03-17 05:58:59 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
GV
2014-02-25 12:39:36 UTC
(In reply to Gabriel VLASIU from comment #0) > I see bug #626067 (fedora 13) also in centos 6. Hello I need a reproducer please. You are the first one reporting issues in the last 3.5 years wolfy [root@gv ~]# /usr/lib64/chkrootkit-0.49/chkutmp *** stack smashing detected ***: /usr/lib64/chkrootkit-0.49/chkutmp terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x30a3f02827] /lib64/libc.so.6(__fortify_fail+0x0)[0x30a3f027f0] /usr/lib64/chkrootkit-0.49/chkutmp[0x400d80] /usr/lib64/chkrootkit-0.49/chkutmp[0x400dd3] /lib64/libc.so.6(__libc_start_main+0xfd)[0x30a3e1ed1d] /usr/lib64/chkrootkit-0.49/chkutmp[0x4008a9] ======= Memory map: ======== 00400000-00402000 r-xp 00000000 08:03 539307 /usr/lib64/chkrootkit-0.49/chkutmp 00601000-00602000 rw-p 00001000 08:03 539307 /usr/lib64/chkrootkit-0.49/chkutmp 01a07000-01a28000 rw-p 00000000 00:00 0 [heap] 30a3600000-30a3620000 r-xp 00000000 08:03 529089 /lib64/ld-2.12.so 30a381f000-30a3820000 r--p 0001f000 08:03 529089 /lib64/ld-2.12.so 30a3820000-30a3821000 rw-p 00020000 08:03 529089 /lib64/ld-2.12.so 30a3821000-30a3822000 rw-p 00000000 00:00 0 30a3e00000-30a3f8b000 r-xp 00000000 08:03 529090 /lib64/libc-2.12.so 30a3f8b000-30a418a000 ---p 0018b000 08:03 529090 /lib64/libc-2.12.so 30a418a000-30a418e000 r--p 0018a000 08:03 529090 /lib64/libc-2.12.so 30a418e000-30a418f000 rw-p 0018e000 08:03 529090 /lib64/libc-2.12.so 30a418f000-30a4194000 rw-p 00000000 00:00 0 30a7200000-30a7216000 r-xp 00000000 08:03 529100 /lib64/libgcc_s-4.4.7-20120601.so.1 30a7216000-30a7415000 ---p 00016000 08:03 529100 /lib64/libgcc_s-4.4.7-20120601.so.1 30a7415000-30a7416000 rw-p 00015000 08:03 529100 /lib64/libgcc_s-4.4.7-20120601.so.1 7f61bda7f000-7f61bda82000 rw-p 00000000 00:00 0 7f61bda9c000-7f61bda9e000 rw-p 00000000 00:00 0 7ffff9460000-7ffff95db000 rw-p 00000000 00:00 0 [stack] 7ffff95ff000-7ffff9600000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted kernel 2.6.32-431.5.1.el6.x86_64 # rpm -q glibc glibc-2.12-1.132.el6.x86_64 glibc-2.12-1.132.el6.i686 [wolfy@wolfy chkrootkit]$ sudo /usr/lib64/chkrootkit-0.49/chkutmp The tty of the following user process(es) were not found in /var/run/utmp ! ! RUID PID TTY CMD ! root 25192 tty7 /usr/bin/X -nr -nolisten tcp :0 vt7 -auth /var/run/kdm/A:0-oidrU9 [wolfy@wolfy chkrootkit]$ rpm -q glibc glibc-2.12-1.132.el6.x86_64 glibc-2.12-1.132.el6.i686 I am still on 2.6.32-431.3.1.el6.x86_64 . I will verify soon on the most recent kernel but I have a strong feeling that is not the culprit. I really have no idea how to proceed from here. I am open to suggestions I have several centos 6.5 systems (x86_64). Only one have this problem. And I think I know why: 1. Start chkutmp (lotus note stopped): [root@gv ~]# /usr/lib64/chkrootkit-0.49/chkutmp The tty of the following user process(es) were not found in /var/run/utmp ! ! RUID PID TTY CMD ! root 2246 tty7 /usr/bin/X -nr -nolisten tcp :0 vt7 -auth /var/run/kdm/A:0-iNMf19 2. start lotus notes and run again chkutmp: [root@gv ~]# /usr/lib64/chkrootkit-0.49/chkutmp *** stack smashing detected ***: /usr/lib64/chkrootkit-0.49/chkutmp terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x30a3f02827] /lib64/libc.so.6(__fortify_fail+0x0)[0x30a3f027f0] /usr/lib64/chkrootkit-0.49/chkutmp[0x400d80] /usr/lib64/chkrootkit-0.49/chkutmp[0x400dd3] /lib64/libc.so.6(__libc_start_main+0xfd)[0x30a3e1ed1d] /usr/lib64/chkrootkit-0.49/chkutmp[0x4008a9] ======= Memory map: ======== 00400000-00402000 r-xp 00000000 08:03 539307 /usr/lib64/chkrootkit-0.49/chkutmp 00601000-00602000 rw-p 00001000 08:03 539307 /usr/lib64/chkrootkit-0.49/chkutmp 01f92000-01fb3000 rw-p 00000000 00:00 0 [heap] 30a3600000-30a3620000 r-xp 00000000 08:03 529089 /lib64/ld-2.12.so 30a381f000-30a3820000 r--p 0001f000 08:03 529089 /lib64/ld-2.12.so 30a3820000-30a3821000 rw-p 00020000 08:03 529089 /lib64/ld-2.12.so 30a3821000-30a3822000 rw-p 00000000 00:00 0 30a3e00000-30a3f8b000 r-xp 00000000 08:03 529090 /lib64/libc-2.12.so 30a3f8b000-30a418a000 ---p 0018b000 08:03 529090 /lib64/libc-2.12.so 30a418a000-30a418e000 r--p 0018a000 08:03 529090 /lib64/libc-2.12.so 30a418e000-30a418f000 rw-p 0018e000 08:03 529090 /lib64/libc-2.12.so 30a418f000-30a4194000 rw-p 00000000 00:00 0 30a7200000-30a7216000 r-xp 00000000 08:03 529100 /lib64/libgcc_s-4.4.7-20120601.so.1 30a7216000-30a7415000 ---p 00016000 08:03 529100 /lib64/libgcc_s-4.4.7-20120601.so.1 30a7415000-30a7416000 rw-p 00015000 08:03 529100 /lib64/libgcc_s-4.4.7-20120601.so.1 7f573a94e000-7f573a951000 rw-p 00000000 00:00 0 7f573a96b000-7f573a96d000 rw-p 00000000 00:00 0 7fff15600000-7fff1577b000 rw-p 00000000 00:00 0 [stack] 7fff157ff000-7fff15800000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted # ps auxww .... gabriel 29135 4.8 1.0 232892 82296 ? Ssl 15:25 0:01 /opt/ibm/lotus/notes/notes /authenticate gabriel 29136 0.0 0.0 16420 2356 ? S 15:25 0:00 nsdexec 29135 /home/gabriel/lotus/notes/data gabriel 29142 0.0 0.0 3496 848 ? S 15:25 0:00 sametime_idlemon 20 10 gabriel 29146 10.0 1.8 569092 145396 ? Sl 15:25 0:02 /opt/ibm/lotus/notes/framework/rcp/eclipse/plugins/com.ibm.rcp.base_6.2.3.20110915-1350/linux/x86/notes2 --launcher.suppressErrors -nosplash -nl en_US -dir ltr -NPARAMS /authenticate -RPARAMS -name IBM Lotus Notes -personality com.ibm.rcp.platform.personality -product com.ibm.rcp.personality.framework.RCPProduct:com.ibm.notes.branding.notes -data /home/gabriel/lotus/notes/data/workspace -configuration /home/gabriel/lotus/notes/data/workspace/.config -plugincustomization /opt/ibm/lotus/notes/framework/rcp/plugin_customization.ini -vm /opt/ibm/lotus/notes/framework/../jvm/bin -startup /opt/ibm/lotus/notes/framework/rcp/eclipse/plugins/com.ibm.rcp.base_6.2.3.20110915-1350/launcher.jar -vmargs -Djava.security.policy=/opt/ibm/lotus/notes/framework/../java.policy -Dorg.eclipse.swt.fixCitrix=false -Dosgi.framework.extensions=com.ibm.rcp.core.logger.frameworkhook,com.ibm.rds,com.ibm.cds -Xscmx42m -Xshareclasses:name=xpdplat_%g.jvm,controlDir=/home/gabriel/lotus/notes/data/workspace/.config/org.eclipse.osgi,groupAccess,keep,singleJVM,nonfatal -Xgcpolicy:gencon -Xjit:noResumableTrapHandler -Xmaxt0.6 -Xmca8k -Xminf0.1 -Xmn7m -Xms48m -Xmx256m -Xnolinenumbers -Xverify:none -Xquickstart -Xscmaxaot12m -Xtrace:none -Xzero -Dcom.ibm.tools.attach.enable=no -Drcp.home=/opt/ibm/lotus/notes/framework -Drcp.data=/home/gabriel/lotus/notes/data/workspace -Dosgi.splashPath=platform:/base/../../shared/eclipse/plugins/com.ibm.notes.branding,platform:/base/../../shared/eclipse/plugins/com.ibm.notes.branding.nl1,platform:/base/../../shared/eclipse/plugins/com.ibm.notes.branding.nl2,platform:/base/../../shared/eclipse/plugins/com.ibm.notes.branding.nl3 -Dcom.ibm.rcp.install.id=1386159366 -Drcp.install.config=multiuser -Declipse.registry.nulltoken=true -Dcom.ibm.pvc.webcontainer.useLocalAddress=true -Dautopd.logfile.generations=3 -Dorg.apache.xerces.xni.parser.XMLParserConfiguration=org.apache.xerces.parsers.XIncludeAwareParserConfiguration -Dcom.ibm.pvc.webcontainer.http.address=localhost -Dosgi.nl.user=true -Dautopd.instance.area=/home/gabriel/lotus/notes/data/workspace/autopd -Dorg.eclipse.swt.browser.XULRunnerPath=/opt/ibm/lotus/notes/framework/rcp/eclipse/plugins/com.ibm.rcp.xulrunner.runtime.linux.x86_6.2.3.20110915-1350/xulrunner -Djava.util.logging.config.class=com.ibm.rcp.core.internal.logger.boot.LoggerConfig -Dcom.ibm.pvc.webcontainer.port=0,59449 -Dcom.ibm.pvc.webcontainer.vhost.configfile=/opt/ibm/lotus/notes/framework/shared/eclipse/plugins/com.ibm.collaboration.realtime.webapi_8.5.1.20110812-1126/virtualhost.properties -Dderby.stream.error.file=/home/gabriel/lotus/notes/data/workspace/logs/derby.log -Djava.security.properties=file:/opt/ibm/lotus/notes/framework/rcp/eclipse/plugins/com.ibm.rcp.base_6.2.3.20110915-1350/rcp.security.properties -Djava.protocol.handler.pkgs=com.ibm.net.ssl.www.protocol -Dosgi.hook.configurators.exclude=org.eclipse.core.runtime.internal.adaptor.EclipseLogHook -Drcp.osgi.install.area=/opt/ibm/lotus/notes/framework/rcp/eclipse -Xbootclasspath/a:/opt/ibm/lotus/notes/framework/shared/eclipse/plugins/com.ibm.collaboration.realtime.stjavatk_8.5.1.20110812-1126/sslite140-v3.16.jar:/opt/ibm/lotus/notes/framework/rcp/eclipse/plugins/com.ibm.rcp.base_6.2.3.20110915-1350/rcpbootcp.jar I guess the last process (pid 29146) is causing the segfault. Hmm.. It could be that the environment gets smashed.. but that cmdline is only 3245 chars long What does xargs --show-limits come back with ? # xargs --show-limits Your environment variables take up 1947 bytes POSIX upper limit on argument length (this system): 2617445 POSIX smallest allowable upper limit on argument length (all systems): 4096 Maximum length of command we could actually use: 2615498 Size of command buffer we are actually using: 131072 I just rebuild chkrootkit-0.49-7.fc19 rpm (http://kojipkgs.fedoraproject.org//packages/chkrootkit/0.49/7.fc19/src/chkrootkit-0.49-7.fc19.src.rpm) and chkutmp does not crash anymore. It seems that chkrootkit-0.49-chkutmp-outofbounds.patch works fine on fedora and centos. The patch is already included in CentOS 6. Not really. CentOS 6 patch is 389 bytes. Fedora 19 patch is 2006.bytes. CentOS 6 path is old and incomplete. Please check the two patch files. Thank you. good catch, thanks chkrootkit-0.49-3.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/chkrootkit-0.49-3.el5 chkrootkit-0.49-3.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/chkrootkit-0.49-3.el6 chkrootkit-0.49-3.el6 works fine. Thank you. In this case please be as kind as to update its karma once it gets pushed to testing ( https://admin.fedoraproject.org/updates/chkrootkit-0.49-3.el6 ) Done. Package chkrootkit-0.49-3.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing chkrootkit-0.49-3.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0677/chkrootkit-0.49-3.el6 then log in and leave karma (feedback). chkrootkit-0.49-3.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. chkrootkit-0.49-3.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. |