Red Hat Bugzilla – Bug 451013
login(1) SIGSEGV if telnet user press CTRL+D
Last modified: 2008-06-12 09:12:49 EDT
Description of problem: If telnet user attempt to login, but press CTRL+D, the telnet session will terminated and the login process got sigsegv. Version-Release number of selected component (if applicable): util-linux-2.13-0.47 How reproducible: Always, if you follow reproduce steps. Steps to Reproduce: 1. Enable telnet-server on RHEL5. 2. From telnet client, connect to the telnet server. Do not input any information such as user name and passwd. 3. On telnet-server box, you find login(1) PID and trace it. # ps ax |grep login # strace -p <login-pid> 3. Press CTRL+D 3 or 4 times, until you terminate the login session. Actual results: 27550 08:18:24.600427 fcntl(4, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 27550 08:18:24.600471 alarm(0) = 1 27550 08:18:24.600508 rt_sigaction(SIGALRM, {0x4026a0, [ALRM], SA_RESTORER, 0x3aa86300a0}, NULL, 8) = 0 27550 08:18:24.600546 alarm(26) = 0 27550 08:18:24.600569 close(4) = 0 27550 08:18:24.600593 socket(PF_NETLINK, SOCK_RAW, 9) = 4 27550 08:18:24.600619 fcntl(4, F_SETFD, FD_CLOEXEC) = 0 27550 08:18:24.600655 open("/etc/passwd", O_RDONLY) = 5 27550 08:18:24.600684 fcntl(5, F_GETFD) = 0 27550 08:18:24.600706 fcntl(5, F_SETFD, FD_CLOEXEC) = 0 27550 08:18:24.600729 fstat(5, {st_mode=S_IFREG|0644, st_size=2454, ...}) = 0 27550 08:18:24.600767 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaaaaac000 27550 08:18:24.600793 read(5, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2454 27550 08:18:24.600840 --- SIGSEGV (Segmentation fault) @ 0 (0) --- I can not find core file. On some system, I can find following log in /var/log/messages. Jun 1 09:02:03 kernel: login[7251]: segfault at 0000000000000000 rip 00002aaaac753bb5 rsp 00007fff9435b8a0 error 4 Jun 1 09:04:13 kernel: login[11271]: segfault at 0000000000000000 rip 00002aaaac753bb5 rsp 00007fff7262db70 error 4 Expected results: login(1) should not record any errors. Additional info: After some steps of troubleshooting, if I remove "util-linux-2.13-audit-login.patch" and compile login(1), then the SIGSEGV was gone. steps (1) install src.rpm (2) Edit SPECS/util-linux.spec Comment out Patch215 and %patch215 lines (3) rpmbuild -bp ./util-linux.spec (4) cd to BUILD/util-linux (5) ./configure --enable-login-utils (6) make clean; make (7) cp login-utils/login /bin/login ; chmod 755 /bin/login (8) Do login test. Impact: Even if the login(1) got sigsegv, if one try another telnet login, xinetd kicks in.telnetd, and then kicks another login(1). So this may not harm our system. Just it doesn't look nice, especially when it logged into messages. Additional info audit-1.3.1-1, audit-libs-1.3.1-1, audit-libs-python-1.3.1-1 audit-libs-devel-1.3.1-1 are installed. And the audit service is set "ON" at the boot time.
https://bugzilla.redhat.com/show_bug.cgi?id=203869 In this case, a red hat engineer reported similar symptom. > Running strace shows the last > call run is read() on /etc/passwd and then SIGSEGV.
*** This bug has been marked as a duplicate of 203869 ***