Red Hat Bugzilla – Bug 200039
RHEL AS3 Update 8 - SEGV in glibc when /usr/bin/id checks /etc/{passwd,group}
Last modified: 2009-04-18 15:01:46 EDT
Description of problem: /usr/bin/id is getting segmentation violations and dropping core for some, but not all users. The error is reproducable. For some users, "id" always works perfectly. For others, it always drops core. A check of the core shows that the error is occurring in /lib/tls/libc.so.6 The specific function seems to be known_compare(). Version-Release number of selected component (if applicable): We have 2 servers running Red Hat Enterprise Linux AS release 3. Both systems have all account info stored locally (ie. /etc/passwd, /etc/group). Both systems have very similar (but not identical) passwd and group files. Earlier this week, a large number of updates became available (through Update 8), and we installed them. Amongst the updates was glibc-2.3.2-95.44. Prior to the update, this error did not occur. Since the update, id is misbehaving on both systems. How reproducible: Run "id" on certain users. Because this does not occur on all users, this is probably not easily reproducable. It is presumably triggered by something in our /etc/passwd and /etc/group files. Steps to Reproduce: Actual results: Expected results: The following commands were done by the root user on the machine "hammer". It shows the results of id commands for certain users, and the contents of /etc/group for those users. hammer / 250 # egrep piggott /etc/group webupdt:x:751:andy,morgan,gaunt,ganavkir,pgray,piggott,lamb,vanitha,tester,jdickenson,craswell,wallace,hall,noordink,alpert weball:x:752:andy,morgan,piggott,tester,jdickenson,andrewm piggott:x:1203: hammer / 251 # id piggott uid=1203(piggott) gid=1203(piggott) groups=1203(piggott),751(webupdt),752(weball) hammer / 252 # egrep morgan /etc/group webdir:x:742:andy,morgan,noordink,andrewm webupdt:x:751:andy,morgan,gaunt,ganavkir,pgray,piggott,lamb,vanitha,tester,jdickenson,craswell,wallace,hall,noordink,alpert weball:x:752:andy,morgan,piggott,tester,jdickenson,andrewm morgan:x:1302: hammer / 253 # id morgan Segmentation fault (core dumped) hammer / 254 # ls core* 76 core.15349 76 core.15606 hammer / 255 # file core* core.15349: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style, from 'id' core.15606: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style, from 'id' hammer / 256 # gdb /usr/bin/id core.15349 GNU gdb Red Hat Linux (6.3.0.0-1.132.EL3rh) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"... (no debugging symbols found) Using host libthread_db library "/lib/tls/libthread_db.so.1". Core was generated by `id morgan'. Program terminated with signal 11, Segmentation fault. Error while mapping shared library sections: mo: Success. Reading symbols from /lib/tls/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/tls/libc.so.6 Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 Error while reading shared library symbols: mo: No such file or directory. #0 0x00d77abd in tsearch () from /lib/tls/libc.so.6 (gdb) where #0 0x00d77abd in tsearch () from /lib/tls/libc.so.6 #1 0x00d8ac1f in __nss_lookup_function () from /lib/tls/libc.so.6 #2 0x00d8aa83 in __nss_next () from /lib/tls/libc.so.6 #3 0x00d44891 in getgrgid_r@@GLIBC_2.1.2 () from /lib/tls/libc.so.6 #4 0x00d44091 in getgrgid () from /lib/tls/libc.so.6 #5 0x0804971b in ?? () #6 0x00000516 in ?? () #7 0x00000516 in ?? () #8 0x00000005 in ?? () #9 0xbfffaf70 in ?? () #10 0x00000400 in ?? () #11 0xbfffaf68 in ?? () #12 0x00dd3bf8 in buffer_size.0 () from /lib/tls/libc.so.6 #13 0x00000004 in ?? () #14 0x082fdde0 in ?? () #15 0x00dd3bf8 in buffer_size.0 () from /lib/tls/libc.so.6 #16 0xbfffafb8 in ?? () #17 0x080490f7 in ?? () #18 0xbffff838 in ?? () #19 0xbfffb044 in ?? () #20 0x0804a875 in _IO_stdin_used () #21 0x0804a8c0 in _IO_stdin_used () #22 0x00000000 in ?? () (gdb) quit hammer / 267 # egrep andy /etc/group andy:x:666: nagios:x:664:andy cvs:x:705:andy,amccrystal,apache webdir:x:742:andy,morgan,noordink,andrewm weballssl:x:750:andy webupdt:x:751:andy,morgan,gaunt,ganavkir,pgray,piggott,lamb,vanitha,tester,jdickenson,craswell,wallace,hall,noordink,alpert weball:x:752:andy,morgan,piggott,tester,jdickenson,andrewm webctall:x:753:andy webintra:x:761:andy,stacy,jess,scotth webuqbsdotcom:x:767:andy webenterprize:x:768:andy webbusinessforensics:x:769:andy hammer / 268 # id andy Segmentation fault (core dumped) hammer / 269 # gdb /usr/bin/id core.19157 GNU gdb Red Hat Linux (6.3.0.0-1.132.EL3rh) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"... (no debugging symbols found) Using host libthread_db library "/lib/tls/libthread_db.so.1". Core was generated by `id andy'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/tls/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/tls/libc.so.6 Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /lib/libnss_files.so.2... (no debugging symbols found)...done. Loaded symbols for /lib/libnss_files.so.2 #0 0x00a076d0 in known_compare () from /lib/tls/libc.so.6 (gdb) where #0 0x00a076d0 in known_compare () from /lib/tls/libc.so.6 #1 0x009f3af4 in tsearch () from /lib/tls/libc.so.6 #2 0x00a06c1f in __nss_lookup_function () from /lib/tls/libc.so.6 #3 0x009bf912 in getgrouplist () from /lib/tls/libc.so.6 #4 0x08049337 in ?? () #5 0xbfffd83a in ?? () #6 0x0000029a in ?? () #7 0x086abde0 in ?? () #8 0xbfff7ed4 in ?? () #9 0x00000000 in ?? () (gdb) quit hammer / 281 # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) hammer / 282 # id root Segmentation fault (core dumped) hammer / 283 # egrep root /etc/group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm adm:x:4:root,adm,daemon disk:x:6:root wheel:x:10:root Additional info: The following web site may be useful: http://lists.debian.org/debian-glibc/2004/04/msg00282.html It is an article titled "Bug#245029: libc6: SIGSEGV in getgrouplist()/getpwnam()" which may help with this issue.
Created attachment 133563 [details] glibc-bz661.patch Patch that should cure this.
We haven't pushed a glibc with this change and at this point it is unlikely to happen. WONTFIX