Bug 106664 - httpd segfaults with exec-shield disabled
Summary: httpd segfaults with exec-shield disabled
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: All Linux
high
high
Target Milestone: ---
Assignee: Dave Jones
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords:
: 105772 (view as bug list)
Depends On:
Blocks: CambridgeTarget
TreeView+ depends on / blocked
 
Reported: 2003-10-09 11:50 UTC by Nils Philippsen
Modified: 2015-01-04 22:03 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-11-10 15:37:18 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
LD_DEBUG output of httpd run with exec-shield off (28.47 KB, text/plain)
2003-10-10 14:16 UTC, Nils Philippsen
no flags Details

Description Nils Philippsen 2003-10-09 11:50:17 UTC
Description of problem:

root@gibraltar:~> sysctl -w kernel.exec-shield=0
kernel.exec-shield = 0
root@gibraltar:~> httpd
Segmentation fault
root@gibraltar:~> sysctl -w kernel.exec-shield=1
kernel.exec-shield = 1
root@gibraltar:~> httpd
root@gibraltar:~> killall httpd
root@gibraltar:~> sysctl -w kernel.exec-shield=0
kernel.exec-shield = 0
root@gibraltar:~> httpd
Segmentation fault

Version-Release number of selected component (if applicable):

httpd-2.0.47-7
kernel-2.4.22-1.2087.nptl

How reproducible:

Always

Steps to Reproduce:

See description
    
Actual results:

httpd segfaults

Expected results:

httpd starts

Additional info:

Also look at bug #105772 (same bug with samba)

Comment 1 Joe Orton 2003-10-09 11:56:41 UTC
I can't reproduce with httpd-2.0.47-8, can you update to that and try again?


Comment 4 Nils Philippsen 2003-10-10 11:21:16 UTC
Hmm, still present:

[...]
root@wombat:~> rpm -q glibc httpd; uname -r
glibc-2.3.2-98
httpd-2.0.47-8
2.4.22-1.2087.nptl
root@wombat:~> sysctl -w kernel.exec-shield=0
kernel.exec-shield = 0
root@wombat:~> service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [FAILED]
root@wombat:~> httpd
Segmentation fault
root@wombat:~> sysctl -w kernel.exec-shield=1
kernel.exec-shield = 1
root@wombat:~> service httpd restart
Stopping httpd:                                            [FAILED]
Starting httpd:                                            [  OK  ]
root@wombat:~>
[...]

Any additional info you might need? FYI, the machine should have virtually all
packages installed.

Comment 5 Joe Orton 2003-10-10 11:34:11 UTC
Can you:

strace httpd
rpm -qf /etc/httpd/conf.d/*.conf

I'd ask for a backtrace but gdb doesn't support PIE yet :(

Comment 6 Nils Philippsen 2003-10-10 12:20:11 UTC
Here you are:

[...]
root@wombat:~> sysctl -w kernel.exec-shield=0
kernel.exec-shield = 0
root@wombat:~> service httpd stop
Stopping httpd:                                            [  OK  ]
root@wombat:~> strace httpd
execve("/usr/sbin/httpd", ["httpd"], [/* 28 vars */]) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
root@wombat:~> rpm -qf /etc/httpd/conf.d/*.conf
file /etc/httpd/conf.d/chorios.conf is not owned by any package
file /etc/httpd/conf.d/homedir.conf is not owned by any package
mod_perl-1.99_09-10
php-4.3.3-2
mod_python-3.0.3-3
squirrelmail-1.4.0-1
mod_ssl-2.0.47-8
mod_dav_svn-0.31.0-1
root@wombat:~>
[...]

It is very suspicious to me that it segfaults immediately before even trying to
load libraries etc. Correction to my previous post: prelink is _not_ installed
(I guessed that wrong prelinkage could be the culprit) -- shall I leave it like
that or install it?

Comment 7 Joe Orton 2003-10-10 12:34:20 UTC
You could try something like

LD_DEBUG=all LD_DEBUG_OUTPUT=/tmp/httpd /usr/sbin/httpd

Jakub, any ideas about this?



Comment 8 Nils Philippsen 2003-10-10 14:16:21 UTC
Created attachment 95101 [details]
LD_DEBUG output of httpd run with exec-shield off

Comment 9 Joe Orton 2003-10-10 14:20:08 UTC
That was the file from strace, can you attach the one from httpd too?

Comment 10 Nils Philippsen 2003-10-10 14:41:34 UTC
No, because running it on httpd alone doesn't produce a file.

Comment 11 Joe Orton 2003-10-10 14:48:10 UTC
ld.so problem? toolchain problem? kernel problem?

Comment 12 Joe Orton 2003-10-15 11:10:58 UTC
Calling QA people - can anyone reproduce these problems on Fedora Test 3? I
still can't.  If there is some problem with PIE then we need to get it fixed ASAP.

[root@pepsi root]# rpm -q httpd
httpd-2.0.47-8
[root@pepsi root]# uname -r
2.4.22-1.2088.nptl



Comment 13 Joe Orton 2003-10-15 11:29:17 UTC
Ah ha.  I *can* reproduce this on Test 3 if I "prelink -u /usr/sbin/httpd".

execve("/usr/sbin/httpd", ["/usr/sbin/httpd"], [/* 31 vars */]) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

Interestingly (or maybe it isn't), I *can* start up httpd OK using:

# /lib/ld-linux.so.2 /usr/sbin/httpd

Jakub are you looking into this?

Comment 14 Joe Orton 2003-10-21 12:47:06 UTC
Ingo tracked this down to a kernel problem.

Reproduction case was having:

/lib/ld-linux.so.2 not prelinked
exec-shield off
executable with a large bss

e.g. int foo[30000]; int main() {return 0;}


Comment 15 Joe Orton 2003-10-21 12:47:48 UTC
*** Bug 105772 has been marked as a duplicate of this bug. ***

Comment 16 Dave Jones 2003-10-22 01:24:38 UTC
Fix will be in tomorrows rawhide push.


Comment 17 Nils Philippsen 2003-11-10 15:37:18 UTC
Fixed.


Note You need to log in before you can comment on or make changes to this bug.