Bug 451013 - login(1) SIGSEGV if telnet user press CTRL+D
login(1) SIGSEGV if telnet user press CTRL+D
Status: CLOSED DUPLICATE of bug 203869
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: util-linux (Show other bugs)
5.1
All Linux
low Severity low
: rc
: ---
Assigned To: Karel Zak
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-12 07:52 EDT by masanari iida
Modified: 2008-06-12 09:12 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-12 09:12:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description masanari iida 2008-06-12 07:52:29 EDT
Description of problem:
If telnet user attempt to login, but press CTRL+D,
the telnet session will terminated and the login process
got sigsegv.

Version-Release number of selected component (if applicable):
util-linux-2.13-0.47

How reproducible:
Always, if you follow reproduce steps.


Steps to Reproduce:
1. Enable telnet-server on RHEL5.
2. From telnet client, connect to the telnet server.
Do not input any information such as user name and passwd.

3. On telnet-server box,  you find login(1) PID and trace it.
# ps ax |grep login 
# strace -p <login-pid>

3. Press CTRL+D 3 or 4 times, until you terminate the login session.

  
Actual results:

27550 08:18:24.600427 fcntl(4, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET,
start=0, len=0}) = 0
27550 08:18:24.600471 alarm(0)          = 1
27550 08:18:24.600508 rt_sigaction(SIGALRM, {0x4026a0, [ALRM], SA_RESTORER,
0x3aa86300a0}, NULL, 8) = 0
27550 08:18:24.600546 alarm(26)         = 0
27550 08:18:24.600569 close(4)          = 0
27550 08:18:24.600593 socket(PF_NETLINK, SOCK_RAW, 9) = 4
27550 08:18:24.600619 fcntl(4, F_SETFD, FD_CLOEXEC) = 0
27550 08:18:24.600655 open("/etc/passwd", O_RDONLY) = 5
27550 08:18:24.600684 fcntl(5, F_GETFD) = 0
27550 08:18:24.600706 fcntl(5, F_SETFD, FD_CLOEXEC) = 0
27550 08:18:24.600729 fstat(5, {st_mode=S_IFREG|0644, st_size=2454, ...}) = 0
27550 08:18:24.600767 mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaaaaac000
27550 08:18:24.600793 read(5, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2454
27550 08:18:24.600840 --- SIGSEGV (Segmentation fault) @ 0 (0) ---

I can not find core file.
On some system, I can find following log in /var/log/messages.

 Jun  1 09:02:03 kernel: login[7251]: segfault at 0000000000000000 rip
00002aaaac753bb5 rsp 00007fff9435b8a0 error 4
 Jun  1 09:04:13 kernel: login[11271]: segfault at 0000000000000000 rip
00002aaaac753bb5 rsp 00007fff7262db70 error 4


Expected results:
login(1) should not record any errors.


Additional info:

After some steps of troubleshooting, if I remove
 "util-linux-2.13-audit-login.patch" and compile login(1),
then the SIGSEGV was gone.

steps
(1) install src.rpm
(2) Edit SPECS/util-linux.spec
    Comment out Patch215 and %patch215 lines
(3) rpmbuild -bp ./util-linux.spec
(4) cd to BUILD/util-linux
(5) ./configure --enable-login-utils
(6) make clean; make
(7) cp login-utils/login  /bin/login ; chmod 755 /bin/login
(8) Do login test.

Impact:
Even if the login(1) got sigsegv, if one try another telnet login,
xinetd kicks in.telnetd, and then kicks another login(1).
So this may not harm our system.
Just it doesn't look nice, especially when it logged into messages.

Additional info
audit-1.3.1-1, audit-libs-1.3.1-1, audit-libs-python-1.3.1-1
audit-libs-devel-1.3.1-1 are installed.
And the audit service is set "ON" at the boot time.
Comment 1 masanari iida 2008-06-12 08:12:28 EDT
https://bugzilla.redhat.com/show_bug.cgi?id=203869
In this case, a red hat engineer reported similar symptom.

> Running strace shows the last
> call run is read() on /etc/passwd and then SIGSEGV.

Comment 2 Karel Zak 2008-06-12 09:12:49 EDT

*** This bug has been marked as a duplicate of 203869 ***

Note You need to log in before you can comment on or make changes to this bug.