Bug 89038

Summary: ptrace calls broken in security update kernel-2.4.18-27.7
Product: [Retired] Red Hat Linux Reporter: Chris Gottbrath <chrisg>
Component: kernelAssignee: Arjan van de Ven <arjanv>
Status: CLOSED WONTFIX QA Contact: Brian Brock <bbrock>
Severity: high Docs Contact:
Priority: high    
Version: 7.1CC: abraxis, blake, jaroslaw.polok
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
URL: http://www.ussg.iu.edu/hypermail/linux/kernel/0304.0/0137.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-09-30 15:40:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Gottbrath 2003-04-16 19:50:00 UTC 
As previously reported on kernel mailing list.

http://www.ussg.iu.edu/hypermail/linux/kernel/0304.0/0137.html

The security update causes serious problems with the
TotalView debugger.

Any word on when a fixed set of kernel rpms will be available?

Currently we are instructing our customers as follows, however an RPM update
that applies Alan's suggested fix would be greatly appreciated:


  * A kernel update RPM package was released for RedHat 7.1, 7.2, 7.3,
    and 8.0 to address a vulnerability in ptrace.  This fix introduced
    a new bug in the kernel which causes TotalView to crash and
    introduces other kernel stability problems.  The kernel developers
    have located problem and a new fix should be forthcoming.

    If you are experiencing this problem and build your own Linux
    kernels, the solution is to change the definition of "is_dumpable"
    in include/linux/sched.h from:

      #define is_dumpable(tsk)  ((tsk)->task_dumpable && (tsk)->mm->dumpable)

    to this corrected definition:

      #define is_dumpable(tsk)  ((tsk)->task_dumpable && (tsk)->mm &&
(tsk)->mm->dumpable)


    The affected RedHat RPM packages are listed below and should not
    be installed:

        Red Hat Linux 7.1
        ---------------------------------------
        kernel-2.4.18-27.7.x.src.rpm
        kernel-2.4.18-27.7.x.athlon.rpm
        kernel-smp-2.4.18-27.7.x.athlon.rpm
        kernel-2.4.18-27.7.x.i386.rpm
        kernel-BOOT-2.4.18-27.7.x.i386.rpm
        kernel-doc-2.4.18-27.7.x.i386.rpm
        kernel-source-2.4.18-27.7.x.i386.rpm
        kernel-2.4.18-27.7.x.i586.rpm
        kernel-smp-2.4.18-27.7.x.i586.rpm
        kernel-2.4.18-27.7.x.i686.rpm
        kernel-bigmem-2.4.18-27.7.x.i686.rpm
        kernel-debug-2.4.18-27.7.x.i686.rpm
        kernel-smp-2.4.18-27.7.x.i686.rpm

        Red Hat Linux 7.2
        ---------------------------------------
        kernel-2.4.18-27.7.x.src.rpm
        kernel-2.4.18-27.7.x.athlon.rpm
        kernel-smp-2.4.18-27.7.x.athlon.rpm
        kernel-2.4.18-27.7.x.i386.rpm
        kernel-BOOT-2.4.18-27.7.x.i386.rpm
        kernel-doc-2.4.18-27.7.x.i386.rpm
        kernel-source-2.4.18-27.7.x.i386.rpm
        kernel-2.4.18-27.7.x.i586.rpm
        kernel-smp-2.4.18-27.7.x.i586.rpm
        kernel-2.4.18-27.7.x.i686.rpm
        kernel-bigmem-2.4.18-27.7.x.i686.rpm
        kernel-debug-2.4.18-27.7.x.i686.rpm
        kernel-smp-2.4.18-27.7.x.i686.rpm

        Red Hat Linux 7.3
        ---------------------------------------
        kernel-2.4.18-27.7.x.src.rpm
        kernel-2.4.18-27.7.x.athlon.rpm
        kernel-smp-2.4.18-27.7.x.athlon.rpm
        kernel-2.4.18-27.7.x.i386.rpm
        kernel-BOOT-2.4.18-27.7.x.i386.rpm
        kernel-doc-2.4.18-27.7.x.i386.rpm
        kernel-source-2.4.18-27.7.x.i386.rpm
        kernel-2.4.18-27.7.x.i586.rpm
        kernel-smp-2.4.18-27.7.x.i586.rpm
        kernel-2.4.18-27.7.x.i686.rpm
        kernel-bigmem-2.4.18-27.7.x.i686.rpm
        kernel-debug-2.4.18-27.7.x.i686.rpm
        kernel-smp-2.4.18-27.7.x.i686.rpm

        Red Hat Linux 8.0
        ---------------------------------------
        kernel-2.4.18-27.8.0.src.rpm
        kernel-2.4.18-27.8.0.athlon.rpm
        kernel-smp-2.4.18-27.8.0.athlon.rpm
        kernel-2.4.18-27.8.0.i386.rpm
        kernel-BOOT-2.4.18-27.8.0.i386.rpm
        kernel-doc-2.4.18-27.8.0.i386.rpm
        kernel-source-2.4.18-27.8.0.i386.rpm
        kernel-2.4.18-27.8.0.i586.rpm
        kernel-smp-2.4.18-27.8.0.i586.rpm
        kernel-2.4.18-27.8.0.i686.rpm
        kernel-bigmem-2.4.18-27.8.0.i686.rpm
        kernel-debug-2.4.18-27.8.0.i686.rpm
        kernel-smp-2.4.18-27.8.0.i686.rpm
Comment 1 Chris Gottbrath 2003-04-16 19:56:35 UTC 
Actually I should have said as reported "in the thread" 

http://www.ussg.iu.edu/hypermail/linux/kernel/0304.0/0137.html

the post that is most relevant to our specific problems with this
patch is 

http://www.ussg.iu.edu/hypermail/linux/kernel/0304.0/0601.html

From the users perspective trying to use TotalView on any 
target results in TotalView getting quite violently killed
by the kernel when the kernel oopses trying to fufill a ptrace
call. It is not obvious to users that the problem is a kernel 
bug as opposed to a TotalView bug. 

Thanks,
Chris
Comment 2 Blake Carlson 2003-05-08 19:39:45 UTC 
The secruity update kernel being shipped to address the ptrace exploit is
faulty.  It causes a kernel oops whenever doing a ptrace call on a zombie
process.  While the effect is quite clear in the Etnus TotalView debugger
causing the debugger to crash, the problem ought to be a concern to all users. 
It also causes a stability problem on heavilly loaded machines as documented here:

http://www.ussg.iu.edu/hypermail/linux/kernel/0304.0/0137.html

This ought to be of particular interest to RedHat who wants to provide a stable
and secure platform for all users!

The fix is simple, safe, and correct.  When should we plan to see a kernel
update for the affected RPM kernel packages?

For easy testing, you may download TotalView and a trial license from
http://www.etnus.com to observe the severity of the problem.  Etnus has had
several users report this problem so this a particularly urgent issue in our
opinion.
Comment 3 Chris Gottbrath 2003-05-27 19:52:16 UTC 
HELLOOOOOOOOOOOO!

This is a simple one. Is anyone listening?
Comment 4 Neil Thompson 2003-06-03 07:35:19 UTC 
I'm also having problems with kernel-2.4.20-13.7 on RHL7.3.  I've been trying to
get a core dump out of squid for a while so I can send stacktraces to the squid
developers without success.  gdb also wouldn't allow me to do a backtrace when
running squid under gdb.  I have reverted the two ptrace patches in 2.4.20-13.7
and everything works properly now.  
Of couse, I'm going to have to put them back when I am finished debugging the
squid problem.  This is extremely inconvenient on a production box.
Comment 5 Joe Orton 2003-07-08 16:57:25 UTC 
Fixes are available for 8.0 and 9 at least, see bug 89057, not sure about 7.x.
Comment 6 Jarek Polok 2003-07-09 07:24:03 UTC 
Seems to be fixed for 7.X in the 2.4.20-18.7 kernel update as well ...
Comment 7 Bugzilla owner 2004-09-30 15:40:48 UTC 
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
persists.

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/