Bug 1128637

Summary: GDB auto-loading declined message in crash reports
Product: Red Hat Enterprise Linux 7 Reporter: Steeve Goveas <sgoveas>
Component: abrtAssignee: Jakub Filak <jfilak>
Status: CLOSED ERRATA QA Contact: Martin Kyral <mkyral>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: jan.kratochvil, jberan, jfilak, mkyral, rvokal, sgoveas
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: abrt-2.1.11-18.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 13:26:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1163339    
Bug Blocks:    
Attachments:
Description Flags
A patch fixing this issue
none
A patch fixing this issue none

Description Steeve Goveas 2014-08-11 09:14:06 UTC 
Description of problem:
Warning message of auto-loading declined is received in IPA httpd crash reports.

Version-Release number of selected component (if applicable):
abrt-cli-2.1.11-12.el7

How reproducible:
Always

Steps to Reproduce:
1. Insall and configure IPA
2. Install and Configure abrt with following rules added to "EVENT=post-create analyzer=CCpp" in /etc/libreport/events.d/ccpp_event.conf

            abrt-action-analyze-core -c coredump -o build_ids
            abrt-action-install-debuginfo -y -v
            abrt-action-generate-backtrace -v

3. crash httpd
# kill -SIGSEGV `pidof httpd`

Actual results:
Crash report received with warning message
---------------------------------------------------------------------------
:[New Thread 19163]
:[Thread debugging using libthread_db enabled]
:warning: File "/var/cache/abrt-di/usr/lib/debug/usr/lib64/libpython2.6.so.1.0.debug-gdb.py" auto-loading has been declined by your `auto-load safe-path' set to "/usr/share/gdb/auto-load:/usr/lib/debug:/usr/bin/mono-gdb.py".
:To enable execution of this file add
:	add-auto-load-safe-path /var/cache/abrt-di/usr/lib/debug/usr/lib64/libpython2.6.so.1.0.debug-gdb.py
:line to your configuration file "$HOME/.gdbinit".
:To completely disable this security protection add
:	set auto-load safe-path /
:line to your configuration file "$HOME/.gdbinit".
:For more information about this security protection see the
:"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
:	info "(gdb)Auto-loading safe path"
:Core was generated by `/usr/sbin/httpd'.
:Program terminated with signal 11, Segmentation fault.
:#0  apr_file_write (thefile=0x0, buf=0x7f86fa4994fc, nbytes=0x7fff230d4f28) at file_io/unix/readwrite.c:151
:151	file_io/unix/readwrite.c: No such file or directory.
:	in file_io/unix/readwrite.c
:
:Thread 1 (Thread 0x7f8705f757e0 (LWP 19163)):
---------------------------------------------------------------------------

Expected results:
No warning message

Additional info:
Comment 2 Jakub Filak 2014-08-11 12:25:36 UTC 
Thank you for the report! gdb tries to auto-load /var/cache/abrt-di/usr/lib/debug/usr/lib64/libpython2.6.so.1.0.debug-gdb.py file but the file path is not on the "auto-load safe-path" list. We have disabled auto-loading in upstream and I think we should do the same thing in RHEL.

commit 77a270a948216a8bb5bcc960042aeb467794b593
Author: Jakub Filak <jfilak>
Date:   Mon Jun 9 17:13:09 2014 +0200

    gdb: disable loading of auto-loaded files
    
    https://sourceware.org/gdb/onlinedocs/gdb/Auto_002dloading.html
    
    There are two main reasons for doing so:
    1. we cannot trust anybody
      - the auto-loaded file may change the output format
      - security?
    2. bugs in such a files (#817)


You should be able to work around this bug by adding "add-auto-load-safe-path /var/cache/abrt-di/usr/lib/debug/usr/lib64" to /root/.gdbinit.
Comment 3 Jakub Filak 2014-08-11 17:55:20 UTC 
Steeve, please install the following scratch build, re-test and report the results here.

https://brewweb.devel.redhat.com/taskinfo?taskID=7828521
Comment 4 Steeve Goveas 2014-08-12 10:32:39 UTC 
The new build seems to have resolved the issue. I dont see the warning message anymore in httpd crash report.

# rpm -q  abrt
abrt-2.1.11-12.rhbz1128637.1.el7_0.x86_64

Crash report
----------------
abrt_version:   2.1.11
cmdline:        /usr/sbin/httpd -DFOREGROUND
executable:     /usr/sbin/httpd
hostname:       hp-ms-01-c21.testrelm.test
kernel:         3.10.0-123.el7.x86_64
last_occurrence: 1407836016
pid:            23947
pkg_arch:       x86_64
pkg_epoch:      0
pkg_name:       httpd
pkg_release:    17.el7
pkg_version:    2.4.6
pwd:            /etc/httpd
runlevel:       N 3
time:           Tue 12 Aug 2014 05:33:36 AM EDT
uid:            48
username:       apache

sosreport.tar.xz: Binary file, 5489260 bytes

backtrace:
:[New LWP 23947]
:[Thread debugging using libthread_db enabled]
:Using host libthread_db library "/lib64/libthread_db.so.1".
:Core was generated by `/usr/sbin/httpd -DFOREGROUND'.
:Program terminated with signal 11, Segmentation fault.
:#0  0x00007f9939f44bd7 in semop () at ../sysdeps/unix/syscall-template.S:81
:81	../sysdeps/unix/syscall-template.S: No such file or directory.
:
:Thread 1 (Thread 0x7f993b937840 (LWP 23947)):
:#0  0x00007f9939f44bd7 in semop () at ../sysdeps/unix/syscall-template.S:81
:No locals.
:#1  0x00007f993a645634 in proc_mutex_sysv_acquire (mutex=0x7f993ce54948) at locks/unix/proc_mutex.c:254
:        rc = <optimized out>
Comment 5 Jakub Filak 2014-08-12 10:45:26 UTC 
Created attachment 926020 [details]
A patch fixing this issue
Comment 6 Steeve Goveas 2014-09-01 11:27:08 UTC 
Removing needinfo flag
Comment 9 Jakub Filak 2014-11-12 13:57:00 UTC 
The patch is wrong. ABRT must not turn off GDB auto-load because it turns off the pretty printer. The correct fix is to add /var/cache/abrt-di to safe-path and scripts-directory.

gdb ... -iex 'add-auto-load-safe-path /var/cache/abrt-di' -iex 'set auto-load scripts-directory $debugdir:$datadir/auto-load:/var/cache/abrt-di'

the latter should be only temporary and must be replaced by a gdb's command similar to add-auto-load-safe-path which does not exist yet.
Comment 10 Jakub Filak 2014-11-13 15:58:46 UTC 
How to reproduce the described behaviour using will_segfault:
1. mkdir -p /var/cache/abrt-di/usr/lib/debug/usr/bin && cd /var/cache/abrt-di/usr/lib/debug/usr/bin
2. printf "#"'!'"/usr/bin/python\nprint \"auto-loaded python GDB script\"\n" > will_segfault-gdb.py
3. will_segfault
4. cd /var/tmp/abrt/$problem_dir
5. abrt-action-generate-backtrace
6. grep -q "auto-loaded python GDB script" backtrace && echo "OK"
7. grep -q -v "auto-loading has been declined by your" bactrace && "OK"

Upstream test case: https://github.com/abrt/abrt/blob/master/tests/runtests/ccpp-plugin/runtest.sh#L84
Comment 11 Jakub Filak 2014-11-21 05:50:16 UTC 
Created attachment 959542 [details]
A patch fixing this issue
Comment 15 errata-xmlrpc 2015-03-05 13:26:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0556.html