Bug 1467808 - Segfault when starting epel
Segfault when starting epel
Status: CLOSED ERRATA
Product: Fedora EPEL
Classification: Fedora
Component: nrpe (Show other bugs)
epel7
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: Stephen John Smoogen
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-05 04:26 EDT by Jurgen Goedbloed
Modified: 2017-11-16 11:52 EST (History)
10 users (show)

See Also:
Fixed In Version: nrpe-3.1.1-6.fc24 nrpe-3.1.1-6.fc25 nrpe-3.2.0-6.el7 nrpe-3.2.0-6.el6
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-11-16 10:47:42 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jurgen Goedbloed 2017-07-05 04:26:46 EDT
Description of problem:

I have installed nrpe from the epel repository on CentOS 7. When I start the nrpe daemon it chrashes immediately. Error in syslog:

segfault at 0 ip 00007f9d25bf3ed8 sp 00007ffc42f71f90 error 4 in libnss_files-2.17.so[7f9d25bee000+c000]

Version-Release number of selected component (if applicable):

nrpe: nrpe-3.1.1-1.el7.x86_64
OS: CentOS 7.3.1611 (up to date with all updates)

How reproducible:

Steps to Reproduce:
1. Update all packages on CentOS (yum -y update)
2. Install epel repository
3. Install nrpe (yum -y install nrpe)
4. Start up nrpe (service nrpe start)

Actual results:

NRPE daemon crashes immediately

Expected results:

NRPE daemon would run fine without problems

Additional info:

This happens since the update to nrpe 3.1.1. The old version, nrpe-2.15.7 worked fine.
Comment 1 Anssi Johansson 2017-07-05 04:44:27 EDT
libnss_files-2.17.so is in glibc. Please run "rpm -q glibc" and "rpm -V glibc" and report the outputs from those (the latter should not output anything).

Also make sure you are running the latest kernel, kernel-3.10.0-514.26.2.el7.x86_64. If this problem is related to the stack clash vulnerability, 3.10.0-514.26.2 was the first kernel to have the proper fix.
Comment 2 Jurgen Goedbloed 2017-07-05 05:19:40 EDT
glibc version:  glibc-2.17-157.el7_3.4.x86_64
rpm -V glibc gives no output
(In reply to Anssi Johansson from comment #1)
> libnss_files-2.17.so is in glibc. Please run "rpm -q glibc" and "rpm -V
> glibc" and report the outputs from those (the latter should not output
> anything).

[root@virt3 ~]# rpm -q glibc
glibc-2.17-157.el7_3.4.x86_64
[root@virt3 ~]# rpm -V glibc
[root@virt3 ~]# 

No output from the last command.

> Also make sure you are running the latest kernel,
> kernel-3.10.0-514.26.2.el7.x86_64. If this problem is related to the stack
> clash vulnerability, 3.10.0-514.26.2 was the first kernel to have the proper
> fix.

I have installed the latest kernel:

[root@virt3 ~]# uname -r
3.10.0-514.26.2.el7.x86_64

Still, when starting nrpe, I get the same segfault.
Comment 3 Anssi Johansson 2017-07-05 05:50:57 EDT
I'm unable to reproduce the problem myself. If you can, it would help if you could set up a 2nd fresh installation of CentOS and test the steps to reproduce on that system.
Comment 4 Stephen John Smoogen 2017-07-05 14:11:03 EDT
I am also unable to reproduce this bug on 2 different EL7 systems using RHEL and CentOS. However I did find a similar bug being seen by people who are using Centreon 

https://github.com/NagiosEnterprises/nagioscore/issues/59 

Are there any extra variables set for these systems?
Comment 5 Jurgen Goedbloed 2017-07-05 16:51:04 EDT
> Are there any extra variables set for these systems?

No, not that I know.
But I discovered that when I install nrpe and don't change the config file, nrpe just starts. But what I did was take the config file from nrpe 2.17 and use it for  nrpe 3.1.1 wich seems to trigger the segfault.

Let me examine the config file to see what line(s) cause the segfault.
Comment 6 Jurgen Goedbloed 2017-07-05 17:22:00 EDT
(In reply to Jurgen Goedbloed from comment #5)

> Let me examine the config file to see what line(s) cause the segfault.

OK I got it. Leaving out the nrpe_user line in nrpe.cfg triggers a segfault.
In version 2.17 this was no problem.

Is this related to the RPM package or a bug in nrpe itself?
Comment 7 Stephen John Smoogen 2017-07-05 17:39:28 EDT
This looks to be a problem in nrpe itself vs with the package.
Comment 8 Stephen John Smoogen 2017-07-05 17:52:06 EDT
OK I have been able to replicate this on EL7 but it does not happen on Fedora 25. 

Starting program: /sbin/nrpe -d -f -c /etc/nagios/nrpe.cfg
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff533bed8 in _nss_files_getpwnam_r (name=0x0, result=0x7ffff735c260 <resbuf.9824>, buffer=0x62d930 "root", buflen=1024, errnop=0x7ffff7fea7c0)
    at nss_files/files-pwd.c:32
32	DB_LOOKUP (pwnam, '.', 0, ("%s", name),
(gdb) where
#0  0x00007ffff533bed8 in _nss_files_getpwnam_r (name=0x0, result=0x7ffff735c260 <resbuf.9824>, buffer=0x62d930 "root", buflen=1024, errnop=0x7ffff7fea7c0)
    at nss_files/files-pwd.c:32
#1  0x00007ffff705c7dd in __getpwnam_r (name=name@entry=0x0, resbuf=resbuf@entry=0x7ffff735c260 <resbuf.9824>, buffer=0x62d930 "root", buflen=1024, 
    result=result@entry=0x7fffffffd960) at ../nss/getXXbyYY_r.c:266
#2  0x00007ffff705c17f in getpwnam (name=name@entry=0x0) at ../nss/getXXbyYY.c:116
#3  0x00000000004093a2 in clean_environ (keep_env_vars=<optimized out>, nrpe_user=0x0) at ./utils.c:327
#4  0x0000000000407567 in set_stdio_sigs () at ./nrpe.c:652
#5  0x0000000000408479 in run_src () at ./nrpe.c:577
#6  0x0000000000403bf5 in main (argc=5, argv=0x7fffffffe3e8) at ./nrpe.c:203
Comment 9 Stephen John Smoogen 2017-07-05 18:05:47 EDT
Problem is here: 

        pw = (struct passwd *)getpwnam(nrpe_user);
        if (pw == NULL) {
                char    *end = NULL;
                uid_t   uid = strtol(nrpe_user, &end, 10);
                if (uid > 0)
                        pw = (struct passwd *)getpwuid(uid);
                if (pw == NULL || *end != '\0')
                        return OK;
        }

https://github.com/NagiosEnterprises/nrpe/issues/146

Thanks for the catch on this.
Comment 10 Fedora Update System 2017-07-07 16:47:51 EDT
nrpe-3.1.1-4.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f8ea02db72
Comment 11 Stephen John Smoogen 2017-07-07 16:51:11 EDT
The build 3.1.1-4 backports a fix from upstream. It seemed to work for me but I would like extra testing (EPEL-7 package is building) I expect it will show up in epel-testing this weekend.
Comment 12 Fedora Update System 2017-07-09 00:47:51 EDT
nrpe-3.1.1-4.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-86db243830
Comment 13 Fedora Update System 2017-07-09 00:48:20 EDT
nrpe-3.1.1-4.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f8ea02db72
Comment 14 Fedora Update System 2017-07-12 11:52:56 EDT
nrpe-3.1.1-6.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d9d9c0909
Comment 15 Fedora Update System 2017-07-12 12:24:42 EDT
nrpe-3.1.1-6.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec253d8f54
Comment 16 Fedora Update System 2017-07-12 21:46:02 EDT
nrpe-3.1.1-6.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-18adf0fe26
Comment 17 Fedora Update System 2017-07-12 21:50:13 EDT
nrpe-3.1.1-6.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1f50be4847
Comment 18 Fedora Update System 2017-07-23 17:50:40 EDT
nrpe-3.1.1-6.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 19 Fedora Update System 2017-07-23 18:54:12 EDT
nrpe-3.1.1-6.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Comment 20 Fedora Update System 2017-08-04 16:18:37 EDT
nrpe-3.2.0-6.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-030b96c51c
Comment 21 Fedora Update System 2017-08-06 22:49:13 EDT
nrpe-3.2.0-6.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bb989d629b
Comment 22 Fedora Update System 2017-08-07 03:49:24 EDT
nrpe-3.2.0-6.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-030b96c51c
Comment 23 Fedora Update System 2017-11-16 10:47:42 EST
nrpe-3.2.0-6.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
Comment 24 Fedora Update System 2017-11-16 11:52:52 EST
nrpe-3.2.0-6.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.