Bug 1000752 - [abrt] menu-cache-0.4.1-3.fc20: __gconv_open: Process /usr/libexec/menu-cached was killed by signal 11 (SIGSEGV)
[abrt] menu-cache-0.4.1-3.fc20: __gconv_open: Process /usr/libexec/menu-cache...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: menu-cache (Show other bugs)
20
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Christoph Wickert
Fedora Extras Quality Assurance
abrt_hash:91607a8d28f1b5420735ce5e714...
:
: 958369 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-24 17:57 EDT by Moez Roy
Modified: 2013-12-10 01:56 EST (History)
6 users (show)

See Also:
Fixed In Version: lxpanel-0.6.1-3.fc20
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-10 01:56:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: backtrace (34.83 KB, text/plain)
2013-08-24 17:57 EDT, Moez Roy
no flags Details
File: cgroup (159 bytes, text/plain)
2013-08-24 17:57 EDT, Moez Roy
no flags Details
File: core_backtrace (13.80 KB, text/plain)
2013-08-24 17:57 EDT, Moez Roy
no flags Details
File: dso_list (2.16 KB, text/plain)
2013-08-24 17:57 EDT, Moez Roy
no flags Details
File: environ (932 bytes, text/plain)
2013-08-24 17:57 EDT, Moez Roy
no flags Details
File: exploitable (82 bytes, text/plain)
2013-08-24 17:57 EDT, Moez Roy
no flags Details
File: limits (1.29 KB, text/plain)
2013-08-24 17:57 EDT, Moez Roy
no flags Details
File: maps (11.28 KB, text/plain)
2013-08-24 17:57 EDT, Moez Roy
no flags Details
File: open_fds (215 bytes, text/plain)
2013-08-24 17:57 EDT, Moez Roy
no flags Details
File: proc_pid_status (1.05 KB, text/plain)
2013-08-24 17:57 EDT, Moez Roy
no flags Details
File: var_log_messages (332 bytes, text/plain)
2013-08-24 17:57 EDT, Moez Roy
no flags Details

  None (edit)
Description Moez Roy 2013-08-24 17:57:09 EDT
Version-Release number of selected component:
menu-cache-0.4.1-3.fc20

Additional info:
reporter:       libreport-2.1.6
backtrace_rating: 4
cmdline:        /usr/libexec/menu-cached
crash_function: __gconv_open
executable:     /usr/libexec/menu-cached
kernel:         3.11.0-0.rc6.git4.1.fc21.x86_64
runlevel:       N 5
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #3 __gconv_open at gconv_open.c:282
 #4 iconv_open at iconv_open.c:71
 #5 try_conversion at gconvert.c:199
 #6 g_iconv_open at gconvert.c:251
 #7 open_converter at gconvert.c:338
 #8 g_convert at gconvert.c:575
 #9 g_convert_with_fallback at gconvert.c:671
 #10 strdup_convert at gmessages.c:688
 #11 g_print at gmessages.c:1466
 #12 g_dbus_connection_real_closed at gdbusconnection.c:806

Potential duplicate: bug 958369
Comment 1 Moez Roy 2013-08-24 17:57:12 EDT
Created attachment 789936 [details]
File: backtrace
Comment 2 Moez Roy 2013-08-24 17:57:15 EDT
Created attachment 789937 [details]
File: cgroup
Comment 3 Moez Roy 2013-08-24 17:57:17 EDT
Created attachment 789938 [details]
File: core_backtrace
Comment 4 Moez Roy 2013-08-24 17:57:19 EDT
Created attachment 789939 [details]
File: dso_list
Comment 5 Moez Roy 2013-08-24 17:57:21 EDT
Created attachment 789940 [details]
File: environ
Comment 6 Moez Roy 2013-08-24 17:57:24 EDT
Created attachment 789941 [details]
File: exploitable
Comment 7 Moez Roy 2013-08-24 17:57:26 EDT
Created attachment 789942 [details]
File: limits
Comment 8 Moez Roy 2013-08-24 17:57:28 EDT
Created attachment 789943 [details]
File: maps
Comment 9 Moez Roy 2013-08-24 17:57:30 EDT
Created attachment 789944 [details]
File: open_fds
Comment 10 Moez Roy 2013-08-24 17:57:32 EDT
Created attachment 789945 [details]
File: proc_pid_status
Comment 11 Moez Roy 2013-08-24 17:57:34 EDT
Created attachment 789946 [details]
File: var_log_messages
Comment 12 Christoph Wickert 2013-09-27 09:42:46 EDT
*** Bug 958369 has been marked as a duplicate of this bug. ***
Comment 13 Adam Williamson 2013-11-06 00:16:01 EST
You did not provide any reproduction information for this crash, and I've never seen it. Why would it constitute a blocker?
Comment 14 Vincent Danen 2013-11-06 12:26:22 EST
Client crashes are not typically regarded as security flaws if the only issue is a crash.  Removing the security bits.
Comment 15 Mike Ruckman 2013-11-06 12:38:14 EST
Discussed in 2013-11-06 Blocker Review Meeting [1]. Voted a RejectedBlocker because all [2] these crashes (reported by abrt) don't have reproducers and aren't in crucial components. Please re-propose them later when reproducers are known and we can reconsider blocker status.

[1] http://meetbot.fedoraproject.org/fedora-blocker-review/2013-11-06/
[2] bug 1000669 bug 1000752 bug 1000756 bug 1007121 bug 1015347 bug 1016935
Comment 16 Moez Roy 2013-11-07 04:27:57 EST
(In reply to Adam Williamson from comment #13)
> You did not provide any reproduction information for this crash, and I've
> never seen it. Why would it constitute a blocker?

It happens on LXDE desktop. Work on it for a while and you get this crash.
Comment 17 Moez Roy 2013-11-07 05:32:42 EST
(In reply to Vincent Danen from comment #14)
> Client crashes are not typically regarded as security flaws if the only
> issue is a crash.  Removing the security bits.

Well I am confused? When exactly is a crash considered as a Security bug?

My understanding is that Crash is the same Denial of Service (DoS). And once you do get a crash there is a high possibility to use that crash as a launching pad for executing arbitrary code or for privilege escalation etc etc?
Comment 18 Adam Williamson 2013-11-07 05:44:54 EST
"My understanding is that Crash is the same Denial of Service (DoS)."

Um, no, not unless the crashing application is somehow simultaneously accessible by a malicious actor.

"And once you do get a crash there is a high possibility to use that crash as a launching pad for executing arbitrary code or for privilege escalation etc etc?"

No, not in the case of 'any old crash'. Certain specific types of crash are theoretically avenues of attack in this way, though we have various techniques to mitigate that risk these days.
Comment 19 Vincent Danen 2013-11-13 18:30:42 EST
(In reply to quickbooks.office from comment #17)
> (In reply to Vincent Danen from comment #14)
> > Client crashes are not typically regarded as security flaws if the only
> > issue is a crash.  Removing the security bits.
> 
> Well I am confused? When exactly is a crash considered as a Security bug?
> 
> My understanding is that Crash is the same Denial of Service (DoS). And once
> you do get a crash there is a high possibility to use that crash as a
> launching pad for executing arbitrary code or for privilege escalation etc
> etc?

Adam explained it quite well, but the bottom line is this:

- did _you_ cause the crash?  Did you only DoS yourself?  Then not security.
- did something you downloaded or something somebody else did cause the crash?  Does it affect someone else's ability to connect to a service?  Then it could very well be.

Bottom line is if you do something and you crash your desktop, it's not a security issue.  You could just as easily trip over the computer and unplug it and DoS yourself, but that's not a security issue, that's an accident.

Now, if you visit my web site and it causes your computer to crash, that would be a different story.

And no, a crash does not automatically mean that arbitrary code execution is even remotely on the horizon.
Comment 20 Christoph Wickert 2013-11-14 08:45:23 EST
It's not a DoS and no security issue, but it's annoying and fully reproducible. 
Just open "Applications" in pcmanfm or pcmanfm-qt. There are probably more crash reports related to this.

The problem was fixed in 0.5.1 which is in rawhide already. I will therefor request a buildroot overwrite and a freeze exception, however I need to update menu-cache and rebuild libfm and then pcmanfm (not pcmanfm-qt). This is a double buildroot overwrite and requires more testing, but I would appreciate if you support the freeze exception, Adam.
Comment 21 Adam Williamson 2013-11-14 13:56:14 EST
You don't need a freeze exception unless you're planning to land it after Nov 26. We're not frozen until then. http://fedorapeople.org/groups/schedule/f-20/f-20-devel-tasks.html
Comment 22 Fedora Update System 2013-11-15 18:04:01 EST
lxpanel-0.6.1-1.fc20,lxlauncher-0.2.2-4.fc20,pcmanfm-1.1.2-3.D20130830gitfc8adaab77.fc20,libfm-1.1.2.2-3.fc20,menu-cache-0.5.1-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/lxpanel-0.6.1-1.fc20,lxlauncher-0.2.2-4.fc20,pcmanfm-1.1.2-3.D20130830gitfc8adaab77.fc20,libfm-1.1.2.2-3.fc20,menu-cache-0.5.1-1.fc20
Comment 23 Fedora Update System 2013-11-17 02:00:40 EST
Package lxpanel-0.6.1-1.fc20, lxlauncher-0.2.2-4.fc20, pcmanfm-1.1.2-3.D20130830gitfc8adaab77.fc20, libfm-1.1.2.2-3.fc20, menu-cache-0.5.1-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing lxpanel-0.6.1-1.fc20 lxlauncher-0.2.2-4.fc20 pcmanfm-1.1.2-3.D20130830gitfc8adaab77.fc20 libfm-1.1.2.2-3.fc20 menu-cache-0.5.1-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-21536/lxpanel-0.6.1-1.fc20,lxlauncher-0.2.2-4.fc20,pcmanfm-1.1.2-3.D20130830gitfc8adaab77.fc20,libfm-1.1.2.2-3.fc20,menu-cache-0.5.1-1.fc20
then log in and leave karma (feedback).
Comment 24 Fedora Update System 2013-12-10 01:56:59 EST
lxpanel-0.6.1-3.fc20, lxlauncher-0.2.2-4.fc20, pcmanfm-1.1.2-3.D20130830gitfc8adaab77.fc20, libfm-1.1.2.2-3.fc20, menu-cache-0.5.1-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.