Bug 41799 - X (Gnome) session abruptly terminated
Summary: X (Gnome) session abruptly terminated
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: XFree86
Version: 7.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Mike A. Harris
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-05-22 08:29 UTC by Paul Michael Reilly
Modified: 2007-04-18 16:33 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2002-02-09 09:05:13 UTC
Embargoed:


Attachments (Terms of Use)
The X Server log (from /var/log/XFree86.0.log) (46.99 KB, text/plain)
2001-05-23 17:48 UTC, Paul Michael Reilly
no flags Details
The XFree86 config file (16.00 KB, text/plain)
2001-05-23 17:51 UTC, Paul Michael Reilly
no flags Details
Just noticed this in /var/log/messages. Note the gnome-name-server exiting. (334 bytes, text/plain)
2001-05-23 17:59 UTC, Paul Michael Reilly
no flags Details
Ignore last attachment content (didn't save the buffer) :-( (1.84 KB, text/plain)
2001-05-23 18:01 UTC, Paul Michael Reilly
no flags Details

Description Paul Michael Reilly 2001-05-22 08:29:39 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.2-2smp i686; en-US; 0.8.1)
Gecko/20010425

Description of problem:
The currently logged in User is effectively logged out and the login screen
(Gnome) is presented.  This problem is sort of random and occurs when no
user is operating at the console, i.e. the problem is generally discovered
when returning to hack and finding that the session has been killed.  On
one occasion (just now) the problem occurred as I was browsing, more
specifically while halfway through reading a page on the screen.  I have
also heard this problem reported by a co-worker.

I have no clue on how to reproduce this problem.  Suggestions on capturing
information that may lead to reproducability will be gratefully received.

How reproducible:
Didn't try

Steps to Reproduce:
1.Install RHL 7.1
2.Login via Gnome login screen.
3.Wait days and days (~6-14)
4.Observe a fresh login screen even though no logout occurred.
	

Additional info:

I am aware of this problem occurring on RHL 6.2 as well as 7.1.

My system is a dual Xeon with a Viper V550 AGP graphics card.

No error messages or system log entries are generated.

Comment 1 Mike A. Harris 2001-05-22 19:34:58 UTC
Need an X server log from you, and your config file.  Please attach each
separatly via the file attach link below.


Comment 2 Paul Michael Reilly 2001-05-23 17:48:46 UTC
Created attachment 19430 [details]
The X Server log (from /var/log/XFree86.0.log)

Comment 3 Paul Michael Reilly 2001-05-23 17:51:18 UTC
Created attachment 19431 [details]
The XFree86 config file

Comment 4 Paul Michael Reilly 2001-05-23 17:59:45 UTC
Created attachment 19432 [details]
Just noticed this in /var/log/messages.  Note the gnome-name-server exiting.

Comment 5 Paul Michael Reilly 2001-05-23 18:01:12 UTC
Created attachment 19433 [details]
Ignore last attachment content (didn't save the buffer) :-(

Comment 6 Mike A. Harris 2002-02-09 09:05:08 UTC
The X server log you've shown is from XFree86 4.x, however your X config file
is an XFree86 3.3.6 config file.  You need to attach the XFree86 4.x config
file, which is XF86Config-4.

The /var/log/messages file you've attached shows the following:

May 22 03:17:07 hamm rpc.statd[529]: gethostbyname error for
^Xw?^Xw?^Yw?^Yw?^Zw?^Zw?^[w?^[w?%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220

That is an attempt by someone to break into your machine using a remote
buffer overflow attack against the rpc.statd service.  They may or may
not have been successful at breaking in, however to ensure this type
of threat does not occur in the future, I _strongly_ urge you to run
the latest updated packages which Red Hat releases as security and bug
fixes to the distribution.  You can do this by using the "up2date"
command.  Also, you should disable any services running on your machine
that are not needed and/or not used during normal usage of the machine.
rpc.statd is used when using nfs for example, so if you do not use nfs,
be sure to disable all nfs related services.  It is also strongly
recommended to enable a firewall using firewall-config or some other
firewall configuration utility - which if configured properly could
block attacks like this one.

The crashes may or may not be linked to the attack attempt.

We have released many updates to Red Hat Linux since the report was
filed, including an update to XFree86.  If you haven't upgraded already,
please upgrade to XFree86-4.1.0-15 as well as any other errata updates
not already applied.

If this problem persists still, please update this bug report with
your current details, including the XF86Config-4 config file, and
also a new X server log.  If you do have a server crash, make sure you
do _not_ start up XFree86 again before copying the log file, as the
new X server log will have overwrote the prior logfile thus wiping
out any useful crash info.

Thanks.



Comment 7 Mike A. Harris 2002-05-30 06:28:10 UTC
CLosing due to inactivity.  If the problem persists, please file a bug
report with XFree86 directly at xfree86, and carbon copy
xpert.


Note You need to log in before you can comment on or make changes to this bug.