Bug 106664 - httpd segfaults with exec-shield disabled
httpd segfaults with exec-shield disabled
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
All Linux
high Severity high
: ---
: ---
Assigned To: Dave Jones
Brian Brock
:
: 105772 (view as bug list)
Depends On:
Blocks: CambridgeTarget
  Show dependency treegraph
 
Reported: 2003-10-09 07:50 EDT by Nils Philippsen
Modified: 2015-01-04 17:03 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-11-10 10:37:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
LD_DEBUG output of httpd run with exec-shield off (28.47 KB, text/plain)
2003-10-10 10:16 EDT, Nils Philippsen
no flags Details

  None (edit)
Description Nils Philippsen 2003-10-09 07:50:17 EDT
Description of problem:

root@gibraltar:~> sysctl -w kernel.exec-shield=0
kernel.exec-shield = 0
root@gibraltar:~> httpd
Segmentation fault
root@gibraltar:~> sysctl -w kernel.exec-shield=1
kernel.exec-shield = 1
root@gibraltar:~> httpd
root@gibraltar:~> killall httpd
root@gibraltar:~> sysctl -w kernel.exec-shield=0
kernel.exec-shield = 0
root@gibraltar:~> httpd
Segmentation fault

Version-Release number of selected component (if applicable):

httpd-2.0.47-7
kernel-2.4.22-1.2087.nptl

How reproducible:

Always

Steps to Reproduce:

See description
    
Actual results:

httpd segfaults

Expected results:

httpd starts

Additional info:

Also look at bug #105772 (same bug with samba)
Comment 1 Joe Orton 2003-10-09 07:56:41 EDT
I can't reproduce with httpd-2.0.47-8, can you update to that and try again?
Comment 4 Nils Philippsen 2003-10-10 07:21:16 EDT
Hmm, still present:

[...]
root@wombat:~> rpm -q glibc httpd; uname -r
glibc-2.3.2-98
httpd-2.0.47-8
2.4.22-1.2087.nptl
root@wombat:~> sysctl -w kernel.exec-shield=0
kernel.exec-shield = 0
root@wombat:~> service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [FAILED]
root@wombat:~> httpd
Segmentation fault
root@wombat:~> sysctl -w kernel.exec-shield=1
kernel.exec-shield = 1
root@wombat:~> service httpd restart
Stopping httpd:                                            [FAILED]
Starting httpd:                                            [  OK  ]
root@wombat:~>
[...]

Any additional info you might need? FYI, the machine should have virtually all
packages installed.
Comment 5 Joe Orton 2003-10-10 07:34:11 EDT
Can you:

strace httpd
rpm -qf /etc/httpd/conf.d/*.conf

I'd ask for a backtrace but gdb doesn't support PIE yet :(
Comment 6 Nils Philippsen 2003-10-10 08:20:11 EDT
Here you are:

[...]
root@wombat:~> sysctl -w kernel.exec-shield=0
kernel.exec-shield = 0
root@wombat:~> service httpd stop
Stopping httpd:                                            [  OK  ]
root@wombat:~> strace httpd
execve("/usr/sbin/httpd", ["httpd"], [/* 28 vars */]) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
root@wombat:~> rpm -qf /etc/httpd/conf.d/*.conf
file /etc/httpd/conf.d/chorios.conf is not owned by any package
file /etc/httpd/conf.d/homedir.conf is not owned by any package
mod_perl-1.99_09-10
php-4.3.3-2
mod_python-3.0.3-3
squirrelmail-1.4.0-1
mod_ssl-2.0.47-8
mod_dav_svn-0.31.0-1
root@wombat:~>
[...]

It is very suspicious to me that it segfaults immediately before even trying to
load libraries etc. Correction to my previous post: prelink is _not_ installed
(I guessed that wrong prelinkage could be the culprit) -- shall I leave it like
that or install it?
Comment 7 Joe Orton 2003-10-10 08:34:20 EDT
You could try something like

LD_DEBUG=all LD_DEBUG_OUTPUT=/tmp/httpd /usr/sbin/httpd

Jakub, any ideas about this?

Comment 8 Nils Philippsen 2003-10-10 10:16:21 EDT
Created attachment 95101 [details]
LD_DEBUG output of httpd run with exec-shield off
Comment 9 Joe Orton 2003-10-10 10:20:08 EDT
That was the file from strace, can you attach the one from httpd too?
Comment 10 Nils Philippsen 2003-10-10 10:41:34 EDT
No, because running it on httpd alone doesn't produce a file.
Comment 11 Joe Orton 2003-10-10 10:48:10 EDT
ld.so problem? toolchain problem? kernel problem?
Comment 12 Joe Orton 2003-10-15 07:10:58 EDT
Calling QA people - can anyone reproduce these problems on Fedora Test 3? I
still can't.  If there is some problem with PIE then we need to get it fixed ASAP.

[root@pepsi root]# rpm -q httpd
httpd-2.0.47-8
[root@pepsi root]# uname -r
2.4.22-1.2088.nptl

Comment 13 Joe Orton 2003-10-15 07:29:17 EDT
Ah ha.  I *can* reproduce this on Test 3 if I "prelink -u /usr/sbin/httpd".

execve("/usr/sbin/httpd", ["/usr/sbin/httpd"], [/* 31 vars */]) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

Interestingly (or maybe it isn't), I *can* start up httpd OK using:

# /lib/ld-linux.so.2 /usr/sbin/httpd

Jakub are you looking into this?
Comment 14 Joe Orton 2003-10-21 08:47:06 EDT
Ingo tracked this down to a kernel problem.

Reproduction case was having:

/lib/ld-linux.so.2 not prelinked
exec-shield off
executable with a large bss

e.g. int foo[30000]; int main() {return 0;}
Comment 15 Joe Orton 2003-10-21 08:47:48 EDT
*** Bug 105772 has been marked as a duplicate of this bug. ***
Comment 16 Dave Jones 2003-10-21 21:24:38 EDT
Fix will be in tomorrows rawhide push.
Comment 17 Nils Philippsen 2003-11-10 10:37:18 EST
Fixed.

Note You need to log in before you can comment on or make changes to this bug.