Bug 200039

Summary: RHEL AS3 Update 8 - SEGV in glibc when /usr/bin/id checks /etc/{passwd,group}
Product: Red Hat Enterprise Linux 3 Reporter: UQ Business School <bugzilla>
Component: glibcAssignee: Jakub Jelinek <jakub>
Status: CLOSED WONTFIX QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: drepper.fsp, jrb
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-04-18 15:01:46 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
glibc-bz661.patch none

Description UQ Business School 2006-07-24 20:08:29 EDT 
Description of problem:

/usr/bin/id is getting segmentation violations and dropping core for some, but
not all users.  The error is reproducable.  For some users, "id" always works
perfectly. For others, it always drops core.

A check of the core shows that the error is occurring in /lib/tls/libc.so.6
The specific function seems to be known_compare().


Version-Release number of selected component (if applicable):

We have 2 servers running Red Hat Enterprise Linux AS release 3.

Both systems have all account info stored locally (ie. /etc/passwd, /etc/group).   
Both systems have very similar (but not identical) passwd and group files.

Earlier this week, a large number of updates became available (through Update
8), and we installed them.  Amongst the updates was  glibc-2.3.2-95.44.

Prior to the update, this error did not occur.
Since the update, id is misbehaving on both systems.


How reproducible:

Run "id" on certain users.

Because this does not occur on all users, this is probably not easily
reproducable.  It is presumably triggered by something in our /etc/passwd and
/etc/group files.


Steps to Reproduce:
  
Actual results:

Expected results:


The following commands were done by the root user on the machine "hammer".
It shows the results of id commands for certain users, and the contents of
/etc/group for those users. 

hammer / 250 # egrep piggott /etc/group
webupdt:x:751:andy,morgan,gaunt,ganavkir,pgray,piggott,lamb,vanitha,tester,jdickenson,craswell,wallace,hall,noordink,alpert
weball:x:752:andy,morgan,piggott,tester,jdickenson,andrewm
piggott:x:1203:

hammer / 251 # id piggott
uid=1203(piggott) gid=1203(piggott) groups=1203(piggott),751(webupdt),752(weball)

hammer / 252 # egrep morgan /etc/group
webdir:x:742:andy,morgan,noordink,andrewm
webupdt:x:751:andy,morgan,gaunt,ganavkir,pgray,piggott,lamb,vanitha,tester,jdickenson,craswell,wallace,hall,noordink,alpert
weball:x:752:andy,morgan,piggott,tester,jdickenson,andrewm
morgan:x:1302:

hammer / 253 # id morgan
Segmentation fault (core dumped)

hammer / 254 # ls core*
  76 core.15349    76 core.15606

hammer / 255 # file core*
core.15349: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style,
from 'id'
core.15606: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style,
from 'id'

hammer / 256 # gdb /usr/bin/id core.15349
GNU gdb Red Hat Linux (6.3.0.0-1.132.EL3rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
(no debugging symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".

Core was generated by `id morgan'.
Program terminated with signal 11, Segmentation fault.
Error while mapping shared library sections:
mo: Success.
Reading symbols from /lib/tls/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
Error while reading shared library symbols:
mo: No such file or directory.

#0  0x00d77abd in tsearch () from /lib/tls/libc.so.6
(gdb) where
#0  0x00d77abd in tsearch () from /lib/tls/libc.so.6
#1  0x00d8ac1f in __nss_lookup_function () from /lib/tls/libc.so.6
#2  0x00d8aa83 in __nss_next () from /lib/tls/libc.so.6
#3  0x00d44891 in getgrgid_r@@GLIBC_2.1.2 () from /lib/tls/libc.so.6
#4  0x00d44091 in getgrgid () from /lib/tls/libc.so.6
#5  0x0804971b in ?? ()
#6  0x00000516 in ?? ()
#7  0x00000516 in ?? ()
#8  0x00000005 in ?? ()
#9  0xbfffaf70 in ?? ()
#10 0x00000400 in ?? ()
#11 0xbfffaf68 in ?? ()
#12 0x00dd3bf8 in buffer_size.0 () from /lib/tls/libc.so.6
#13 0x00000004 in ?? ()
#14 0x082fdde0 in ?? ()
#15 0x00dd3bf8 in buffer_size.0 () from /lib/tls/libc.so.6
#16 0xbfffafb8 in ?? ()
#17 0x080490f7 in ?? ()
#18 0xbffff838 in ?? ()
#19 0xbfffb044 in ?? ()
#20 0x0804a875 in _IO_stdin_used ()
#21 0x0804a8c0 in _IO_stdin_used ()
#22 0x00000000 in ?? ()
(gdb) quit


hammer / 267 # egrep andy /etc/group
andy:x:666:
nagios:x:664:andy
cvs:x:705:andy,amccrystal,apache
webdir:x:742:andy,morgan,noordink,andrewm
weballssl:x:750:andy
webupdt:x:751:andy,morgan,gaunt,ganavkir,pgray,piggott,lamb,vanitha,tester,jdickenson,craswell,wallace,hall,noordink,alpert
weball:x:752:andy,morgan,piggott,tester,jdickenson,andrewm
webctall:x:753:andy
webintra:x:761:andy,stacy,jess,scotth
webuqbsdotcom:x:767:andy
webenterprize:x:768:andy
webbusinessforensics:x:769:andy

hammer / 268 # id andy
Segmentation fault (core dumped)

hammer / 269 # gdb /usr/bin/id core.19157
GNU gdb Red Hat Linux (6.3.0.0-1.132.EL3rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
(no debugging symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".

Core was generated by `id andy'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/tls/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib/libnss_files.so.2
#0  0x00a076d0 in known_compare ()
   from /lib/tls/libc.so.6
(gdb) where
#0  0x00a076d0 in known_compare () from /lib/tls/libc.so.6
#1  0x009f3af4 in tsearch () from /lib/tls/libc.so.6
#2  0x00a06c1f in __nss_lookup_function () from /lib/tls/libc.so.6
#3  0x009bf912 in getgrouplist () from /lib/tls/libc.so.6
#4  0x08049337 in ?? ()
#5  0xbfffd83a in ?? ()
#6  0x0000029a in ?? ()
#7  0x086abde0 in ?? ()
#8  0xbfff7ed4 in ?? ()
#9  0x00000000 in ?? ()
(gdb) quit


hammer / 281 # id
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)

hammer / 282 # id root
Segmentation fault (core dumped)

hammer / 283 # egrep root /etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
disk:x:6:root
wheel:x:10:root


Additional info:

The following web site may be useful:
http://lists.debian.org/debian-glibc/2004/04/msg00282.html

It is an article titled "Bug#245029: libc6: SIGSEGV in
getgrouplist()/getpwnam()"  which may help with this issue.
Comment 1 Jakub Jelinek 2006-08-03 12:02:39 EDT 
Created attachment 133563 [details]
glibc-bz661.patch

Patch that should cure this.
Comment 4 Ulrich Drepper 2009-04-18 15:01:46 EDT 
We haven't pushed a glibc with this change and at this point it is unlikely to happen.  WONTFIX