Bug 1467808
Summary: | Segfault when starting epel | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Jurgen Goedbloed <rh-bugzilla> |
Component: | nrpe | Assignee: | Stephen John Smoogen <smooge> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | epel7 | CC: | athmanem, b.heden, jose.p.oliveira.oss, kmf, ondrejj, rhbugs, smooge, smooge, s, swilkerson |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | nrpe-3.1.1-6.fc24 nrpe-3.1.1-6.fc25 nrpe-3.2.0-6.el7 nrpe-3.2.0-6.el6 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-11-16 15:47:42 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jurgen Goedbloed
2017-07-05 08:26:46 UTC
libnss_files-2.17.so is in glibc. Please run "rpm -q glibc" and "rpm -V glibc" and report the outputs from those (the latter should not output anything). Also make sure you are running the latest kernel, kernel-3.10.0-514.26.2.el7.x86_64. If this problem is related to the stack clash vulnerability, 3.10.0-514.26.2 was the first kernel to have the proper fix. glibc version: glibc-2.17-157.el7_3.4.x86_64 rpm -V glibc gives no output (In reply to Anssi Johansson from comment #1) > libnss_files-2.17.so is in glibc. Please run "rpm -q glibc" and "rpm -V > glibc" and report the outputs from those (the latter should not output > anything). [root@virt3 ~]# rpm -q glibc glibc-2.17-157.el7_3.4.x86_64 [root@virt3 ~]# rpm -V glibc [root@virt3 ~]# No output from the last command. > Also make sure you are running the latest kernel, > kernel-3.10.0-514.26.2.el7.x86_64. If this problem is related to the stack > clash vulnerability, 3.10.0-514.26.2 was the first kernel to have the proper > fix. I have installed the latest kernel: [root@virt3 ~]# uname -r 3.10.0-514.26.2.el7.x86_64 Still, when starting nrpe, I get the same segfault. I'm unable to reproduce the problem myself. If you can, it would help if you could set up a 2nd fresh installation of CentOS and test the steps to reproduce on that system. I am also unable to reproduce this bug on 2 different EL7 systems using RHEL and CentOS. However I did find a similar bug being seen by people who are using Centreon https://github.com/NagiosEnterprises/nagioscore/issues/59 Are there any extra variables set for these systems? > Are there any extra variables set for these systems?
No, not that I know.
But I discovered that when I install nrpe and don't change the config file, nrpe just starts. But what I did was take the config file from nrpe 2.17 and use it for nrpe 3.1.1 wich seems to trigger the segfault.
Let me examine the config file to see what line(s) cause the segfault.
(In reply to Jurgen Goedbloed from comment #5) > Let me examine the config file to see what line(s) cause the segfault. OK I got it. Leaving out the nrpe_user line in nrpe.cfg triggers a segfault. In version 2.17 this was no problem. Is this related to the RPM package or a bug in nrpe itself? This looks to be a problem in nrpe itself vs with the package. OK I have been able to replicate this on EL7 but it does not happen on Fedora 25. Starting program: /sbin/nrpe -d -f -c /etc/nagios/nrpe.cfg [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x00007ffff533bed8 in _nss_files_getpwnam_r (name=0x0, result=0x7ffff735c260 <resbuf.9824>, buffer=0x62d930 "root", buflen=1024, errnop=0x7ffff7fea7c0) at nss_files/files-pwd.c:32 32 DB_LOOKUP (pwnam, '.', 0, ("%s", name), (gdb) where #0 0x00007ffff533bed8 in _nss_files_getpwnam_r (name=0x0, result=0x7ffff735c260 <resbuf.9824>, buffer=0x62d930 "root", buflen=1024, errnop=0x7ffff7fea7c0) at nss_files/files-pwd.c:32 #1 0x00007ffff705c7dd in __getpwnam_r (name=name@entry=0x0, resbuf=resbuf@entry=0x7ffff735c260 <resbuf.9824>, buffer=0x62d930 "root", buflen=1024, result=result@entry=0x7fffffffd960) at ../nss/getXXbyYY_r.c:266 #2 0x00007ffff705c17f in getpwnam (name=name@entry=0x0) at ../nss/getXXbyYY.c:116 #3 0x00000000004093a2 in clean_environ (keep_env_vars=<optimized out>, nrpe_user=0x0) at ./utils.c:327 #4 0x0000000000407567 in set_stdio_sigs () at ./nrpe.c:652 #5 0x0000000000408479 in run_src () at ./nrpe.c:577 #6 0x0000000000403bf5 in main (argc=5, argv=0x7fffffffe3e8) at ./nrpe.c:203 Problem is here: pw = (struct passwd *)getpwnam(nrpe_user); if (pw == NULL) { char *end = NULL; uid_t uid = strtol(nrpe_user, &end, 10); if (uid > 0) pw = (struct passwd *)getpwuid(uid); if (pw == NULL || *end != '\0') return OK; } https://github.com/NagiosEnterprises/nrpe/issues/146 Thanks for the catch on this. nrpe-3.1.1-4.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f8ea02db72 The build 3.1.1-4 backports a fix from upstream. It seemed to work for me but I would like extra testing (EPEL-7 package is building) I expect it will show up in epel-testing this weekend. nrpe-3.1.1-4.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-86db243830 nrpe-3.1.1-4.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f8ea02db72 nrpe-3.1.1-6.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d9d9c0909 nrpe-3.1.1-6.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec253d8f54 nrpe-3.1.1-6.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-18adf0fe26 nrpe-3.1.1-6.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1f50be4847 nrpe-3.1.1-6.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. nrpe-3.1.1-6.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. nrpe-3.2.0-6.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-030b96c51c nrpe-3.2.0-6.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bb989d629b nrpe-3.2.0-6.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-030b96c51c nrpe-3.2.0-6.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. nrpe-3.2.0-6.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. |