Bug 145258 - exec-shield randomisation breaks ntpd
exec-shield randomisation breaks ntpd
Status: CLOSED DUPLICATE of bug 154759
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Dave Jones
Brian Brock
: 155446 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2005-01-15 21:36 EST by Sammy
Modified: 2015-01-04 17:15 EST (History)
14 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-05-07 21:50:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
ntpd crash output (1.78 KB, text/plain)
2005-01-15 21:51 EST, Sammy
no flags Details

  None (edit)
Description Sammy 2005-01-15 21:36:12 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.3; Linux; X11; en_US) KHTML/3.3.2 (like Gecko)

Description of problem:
ntpd dies immediately after being started with the latest FC4 kernels
(based on 2.6.11-rc1).  It is working fine with 2.6.10-1.1063_FC4smp
kernel. Options that are calculated in the /etc/rc.d/init.d/ntpd file are

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.update to latest kernel
2.restart ntp

Additional info:
Comment 1 Sammy 2005-01-15 21:51:33 EST
Created attachment 109835 [details]
ntpd crash output
Comment 2 Sammy 2005-01-17 09:23:59 EST
I recompiled kernel with -bk4 patch and it stopped crashing. I'll monitor and 
report if there is any change. 
Comment 3 Sammy 2005-01-21 10:23:17 EST
OK....ntpd is crashing again with the latest kernels based on -bk7 and -bk8. 
Comment 4 Sammy 2005-01-21 11:30:58 EST
If I comment the Server lines in 0.pool etc in the ntp.conf file it 
no longer crashes. If I put anyting in there it does. I saw this by 
doing ntpd -D4 and looked were it crashed. 
Comment 5 G.Wolfe Woodbury 2005-01-27 09:00:08 EST
I'm seeing this also under kernel ...1090_FC4 and ...1107_FC4
same symptoms
1090:Dell Lattitude CPi with PII-MMX
1107:AMD K6-2
Comment 6 Alexandre Oliva 2005-02-03 12:09:19 EST
Ditto on 1115, on a Dell Inspiron with a Pentium III 1GHz.

I found that if I start strace -f ntp, it sometimes starts
successfully, other times it crashes after logging the ports it's
listening on, and then issuing the following syscalls:

rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
setsockopt(4, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
setsockopt(5, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
setsockopt(6, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
setsockopt(7, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
setsockopt(8, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
setsockopt(9, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
setsockopt(10, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
rt_sigaction(SIGSYS, {0xa04b2f, [], SA_RESTORER, 0xb68a48}, {SIG_DFL},
8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
adjtimex({modes=61, offset=0, freq=2563440, maxerror=16, esterror=16,
status=64, constant=0, precision=1, tolerance=33554432,
time={1107450206, 864189}}) = 5
rt_sigaction(SIGSYS, {SIG_DFL}, NULL, 8) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
Comment 7 Alexandre Oliva 2005-02-08 01:45:23 EST
Some more info: ntp doesn't always crash at the same spot, but it's
almost always within glibc, in function prologues, at the instruction
that calls __i686.get_pc_thunk.bx.  The stack pointer looks
reasonable, so I'd guess it's something wrong with the TLB handler.
Comment 8 Frank Ch. Eigler 2005-04-13 19:15:00 EDT
Rolling back to the FC3 2.6.10-1.770_FC3 kernel fixes this problem.
Therefore it is unlikely to be related to a concurrently-released glibc FC3 update.
Comment 9 Marco Colombo 2005-04-20 18:39:42 EDT
It seems this bug worked his way into FC3 updates (2.6.11-1.14_FC3).
See: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155446
Can please someone confirm this?
Comment 10 Marco Colombo 2005-04-20 18:42:52 EDT
*** Bug 155446 has been marked as a duplicate of this bug. ***
Comment 11 Tomasz Ostrowski 2005-04-25 03:47:17 EDT
I can confirm that whis bug exists in up2dated FC3. I think it can have
something in common with bug #151262 (duplicate or depend).

There's a workaround for this issue. If an ntpd is started with:
        setarch i386 -L ntpd -u ntp:ntp -p /var/run/ntpd.pid
it doesn't crash.
Comment 12 Tomasz Ostrowski 2005-04-25 11:17:09 EDT
Another workaround:
Disable exec-shield-randomize by
        echo 0 > /proc/sys/kernel/exec-shield-randomize
        echo kernel.exec-shield-randomize = 1 >> /etc/sysctl.conf
Comment 13 Marco Colombo 2005-04-26 07:05:55 EDT
Yet another workaround:

execstack -s /usr/sbin/ntpd

As I understand it, it alters the binary:

rpm -V ntp
..5......   /usr/sbin/ntpd

but the rest of the system is unaffected.

Also, you can undo the change with:

execstack -c /usr/sbin/ntpd

which restores the old binary (rpm -V won't report it as changed).

Thanks to Tomasz for reporting the workarounds (as you may guess, mine
is based on the info he provided, it's just a different way to disable
the exec-shield for ntpd).
Comment 14 Rob Kearey 2005-05-02 20:15:48 EDT
Confirm the workaround works.
Comment 15 Florin Andrei 2005-05-04 15:03:50 EDT
FWIW, I did a fresh install but disabled anacron, so prelink has not been run
yet. I'm on the new kernel, and yet ntpd seems to be working fine.
Comment 16 Hans Ecke 2005-05-05 23:13:06 EDT
I just tested the prelink connection: 
I did a "prelink -uv" on the files that ntpd uses: 
And I still get the same Segmentation fault. 
The I did a "prelink -auv" and ntpd still Segfaults. 
Comment 17 Hans Ecke 2005-05-05 23:15:35 EDT
Could somebody please assign "DUPLICATE" status to two of the three bugs 
#145258 #154759 #151262 ? They are obviously the same problem. 
Comment 18 Warren Togami 2005-05-07 21:50:19 EDT

*** This bug has been marked as a duplicate of 154759 ***

Note You need to log in before you can comment on or make changes to this bug.