Bug 150902 - nss library crashes when run under chroot
nss library crashes when run under chroot
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: glibc (Show other bugs)
4.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-11 15:10 EST by Joe Pruett
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: 2.3.4-2.9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-30 15:26:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Joe Pruett 2005-03-11 15:10:25 EST
Description of problem: when glibc tries to load nss libraries in a chroot
environment where those libraries don't exist, the library segfaults.  this is
showing up when running an rsync server that has chroot enabled (default), files
owned by non root (otherwise getpwuid isn't called), and a remote client that
enables -o (to preserve ownership).


Version-Release number of selected component (if applicable):
glibc-2.3.4-2

How reproducible:
every time.


Steps to Reproduce:
1. chroot
2. call getpwuid
3.
  
Actual results:
segfault

Expected results:
getpwuid should return null to indicate that it can't map the uid.

Additional info:

c code to exhibit problem (must be run as root for chroot to work):

#include <sys/types.h>
#include <pwd.h>

main()
{
        struct passwd *p;

        chroot("/tmp");
        chdir("/");
        p = getpwuid(666);
        if (p) {
                printf("%s\n", p->pw_name);
        }
        exit(0);
}

strace of invocation:
execve("./test", ["./test"], [/* 37 vars */]) = 0
uname({sys="Linux", node="jupiter.spiretech.com", ...}) = 0
brk(0)                                  = 0xa03e000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=115297, ...}) = 0
old_mmap(NULL, 115297, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fe3000
close(3)                                = 0
open("/lib/tls/libc.so.6", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 ov\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1212936, ...}) = 0
old_mmap(0x752000, 1215644, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x752000
old_mmap(0x875000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x123000) = 0x875000
old_mmap(0x879000, 7324, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x879000
close(3)                                = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fe2000
mprotect(0x875000, 4096, PROT_READ)     = 0
mprotect(0x74a000, 4096, PROT_READ)     = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fe2940, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}) = 0
munmap(0xb7fe3000, 115297)              = 0
chroot("/tmp")                          = 0
chdir("/")                              = 0
brk(0)                                  = 0xa03e000
brk(0xa05f000)                          = 0xa05f000
socket(PF_FILE, SOCK_STREAM, 0)         = 3
fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT
(No such file or directory)
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT
(No such file or directory)
close(3)                                = 0
open("/etc/nsswitch.conf", O_RDONLY)    = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = -1 ENOENT (No such file or directory)
open("/lib/tls/i686/sse2/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
stat64("/lib/tls/i686/sse2", 0xbff98984) = -1 ENOENT (No such file or directory)
open("/lib/tls/i686/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/lib/tls/i686", 0xbff98984)     = -1 ENOENT (No such file or directory)
open("/lib/tls/sse2/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/lib/tls/sse2", 0xbff98984)     = -1 ENOENT (No such file or directory)
open("/lib/tls/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/lib/tls", 0xbff98984)          = -1 ENOENT (No such file or directory)
open("/lib/i686/sse2/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/lib/i686/sse2", 0xbff98984)    = -1 ENOENT (No such file or directory)
open("/lib/i686/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/lib/i686", 0xbff98984)         = -1 ENOENT (No such file or directory)
open("/lib/sse2/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/lib/sse2", 0xbff98984)         = -1 ENOENT (No such file or directory)
open("/lib/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib", 0xbff98984)              = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/i686/sse2/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
stat64("/usr/lib/tls/i686/sse2", 0xbff98984) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/i686/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file
or directory)
stat64("/usr/lib/tls/i686", 0xbff98984) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/sse2/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file
or directory)
stat64("/usr/lib/tls/sse2", 0xbff98984) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/usr/lib/tls", 0xbff98984)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i686/sse2/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
stat64("/usr/lib/i686/sse2", 0xbff98984) = -1 ENOENT (No such file or directory)
open("/usr/lib/i686/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/usr/lib/i686", 0xbff98984)     = -1 ENOENT (No such file or directory)
open("/usr/lib/sse2/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/usr/lib/sse2", 0xbff98984)     = -1 ENOENT (No such file or directory)
open("/usr/lib/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat64("/usr/lib", 0xbff98984)          = -1 ENOENT (No such file or directory)
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV (core dumped) +++
Comment 1 Jakub Jelinek 2005-03-11 15:29:10 EST
This is already fixed in glibc-2.3.4-2.4 and onwards.  Current RHEL4 U1
candidate glibc is 2.3.4-2.7.

Note You need to log in before you can comment on or make changes to this bug.