Bug 200327 – /usr/bin/id segfaults

Bug 200327 - /usr/bin/id segfaults

Summary:	/usr/bin/id segfaults

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	coreutils (Show other bugs)
Sub Component:
Version:	3.8
Hardware:	All Linux

Priority	medium Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Tim Waugh
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:	Regression

Duplicates:	200569 200604 201811 201955 499382 (view as bug list)
Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2006-07-26 17:00 EDT by Kostas Georgiou
Modified:	2009-05-11 02:38 EDT (History)
CC List:	20 users (show)

See Also:
Fixed In Version:	RHBA-2006-0670
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2006-09-11 11:25:37 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2006:0670	normal	SHIPPED_LIVE	coreutils bug fix update	2006-09-11 00:00:00 EDT

Groups: None (edit)

Description Kostas Georgiou 2006-07-26 17:00:38 EDT

coreutils-4.5.3-28.1 uses getgrouplist (no idea why since #169464 is closed).

Unfortunately getgrouplist is broken under glibc 2.3.2 and overwrites memory
(man getgrouplist under BUGS). One of out init.d scripts started failing with
segfaults just after update8 since it was using /usr/bin/id username. By
stopping nscd even /usr/bin/id root fails!

I know it's glibc's fault so the bug should probably be reassigned there but...

Comment 1 Kyle Powell 2006-07-31 16:57:07 EDT

*** Bug 200569 has been marked as a duplicate of this bug. ***

Comment 2 Kyle Powell 2006-07-31 16:57:57 EDT

*** Bug 200604 has been marked as a duplicate of this bug. ***

Comment 23 Tim Waugh 2006-08-09 04:12:43 EDT

*** Bug 201811 has been marked as a duplicate of this bug. ***

Comment 28 Tim Waugh 2006-08-10 07:04:18 EDT

*** Bug 201955 has been marked as a duplicate of this bug. ***

Comment 32 Anchor Systems Managed Hosting 2006-08-20 20:23:59 EDT

Here's a backtrace.

# id jaq
Segmentation fault

# gdb id
GNU gdb Red Hat Linux (6.3.0.0-1.132.EL3rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
(no debugging symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".

(gdb) run jaq
Starting program: /usr/bin/id jaq
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)

Program received signal SIGSEGV, Segmentation fault.
0x00c3f5b8 in malloc_consolidate () from /lib/tls/libc.so.6
(gdb) bt
#0  0x00c3f5b8 in malloc_consolidate () from /lib/tls/libc.so.6
#1  0x00c3ed59 in _int_malloc () from /lib/tls/libc.so.6
#2  0x00c3e0fd in malloc () from /lib/tls/libc.so.6
#3  0x001ea85f in _nss_ldap_sasl_interact () from /lib/libnss_ldap.so.2
#4  0x001ea997 in _nss_ldap_sasl_interact () from /lib/libnss_ldap.so.2
#5  0x001e936c in _nss_ldap_sasl_interact () from /lib/libnss_ldap.so.2
#6  0x001e926b in _nss_ldap_sasl_interact () from /lib/libnss_ldap.so.2
#7  0x001e79b1 in _nss_ldap_sasl_interact () from /lib/libnss_ldap.so.2
#8  0x001e7c7e in _nss_ldap_sasl_interact () from /lib/libnss_ldap.so.2
#9  0x001e8e66 in _nss_ldap_sasl_interact () from /lib/libnss_ldap.so.2
#10 0x001d6fc5 in _nss_ldap_sasl_interact () from /lib/libnss_ldap.so.2
#11 0x001d6e97 in _nss_ldap_sasl_interact () from /lib/libnss_ldap.so.2
#12 0x001d7d78 in _nss_ldap_sasl_interact () from /lib/libnss_ldap.so.2
#13 0x001cc24a in _nss_ldap_ent_context_release () from /lib/libnss_ldap.so.2
#14 0x001cc140 in _nss_ldap_ent_context_release () from /lib/libnss_ldap.so.2
#15 0x001cc7db in _nss_ldap_search_s () from /lib/libnss_ldap.so.2
#16 0x001ce16a in _nss_ldap_initgroups_dyn () from /lib/libnss_ldap.so.2
#17 0x00c7395f in getgrouplist () from /lib/tls/libc.so.6
#18 0x08049337 in ?? ()
#19 0xbffffc08 in ?? ()
#20 0x00009088 in ?? ()
#21 0x0919b858 in ?? ()
#22 0xbfffb5c4 in ?? ()
---Type <return> to continue, or q <return> to quit---
#23 0x00000000 in ?? ()

Comment 33 Rudolf Natiku 2006-08-29 05:29:15 EDT

Also "groups root" is not working

Comment 34 Robert Allerstorfer 2006-08-30 03:55:29 EDT

(In reply to comment #33)
> Also "groups root" is not working 

The 'groups' command is a sh script that relies on the 'id' binary. My
workaround was to replace the /usr/bin/id binary coming with
coreutils-4.5.3-28.1 by the one  included in the previous coreutils package
available for RHEL3, version 4.5.3-28.

I'm just wondering why there is no official statement or hotfix from RedHat,
since this is the Enterprise product customers have to pay a lot for.

Comment 35 Peter J. Holzer 2006-08-30 04:18:50 EDT

(In reply to comment #34)
> I'm just wondering why there is no official statement or hotfix from RedHat,
> since this is the Enterprise product customers have to pay a lot for.

Tim Waugh changed the status to "MODIFIED" on August 7th. So I guess he has
written a fix but for some reason testing takes a long time.

Comment 39 Donald Lambert 2006-09-08 08:04:55 EDT

I have put in a support call to redhat for this.  The engineers do have a fix.
When they will make it publicly available is another story. 
The current release I have been given is now up to -4.  The current available
coreutils in the channel is -1.

Comment 41 Robert Allerstorfer 2006-09-09 04:58:25 EDT

(In reply to comment #35)
> Tim Waugh changed the status to "MODIFIED" on August 7th. So I guess he has
> written a fix but for some reason testing takes a long time. 

Since the status has been updated from "MODIFIED" to "ON_QA" recently (on Sep.
8, 2006), it seems that a fixed coreutils package will be officially released soon.

Comment 44 Red Hat Bugzilla 2006-09-11 11:25:37 EDT

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0670.html

Comment 52 Ondrej Vasik 2009-05-11 02:38:59 EDT

*** Bug 499382 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

cbowen
csnook
dlmeyer
donald.lambert
drepper
ebrown
hjp
jakub
jan.iven
jn
knarasim
laroche
managed
martin.donnelly
meyering
mzappadu
netllama
roland
tao
tlc-servizi