When I try to run compiled sarg on hardened gentoo for amd64 platform it gets SIGSEGV Reproducible: Always Steps to Reproduce: 1. emerge sarg 2. ulimit -c unlimited - to make sure we have no core limit 3. run sarg Actual Results: in dmesg I'v got: sarg[19004]: segfault at 0000000001d2dc50 rip 0000381d50e883b0 rsp 00007b94185b2e70 error 4 grsec: From 192.168.xx.yy: signal 11 sent to /usr/sbin/sarg[sarg:19004] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:15918] uid/euid:0/0 gid/egid:0/0 strace output - when I don't have Language set in sarg.conf: munmap(0x3a250c505000, 4096) = 0 open("/usr/local/sarg/languages/Polish", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=2832, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3a250c505000 read(3, "# by Wszebor Boksa <boksa@koncep"..., 4096) = 2832 read(3, "", 4096) = 0 close(3) = 0 munmap(0x3a250c505000, 4096) = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV (core dumped) +++ strace output - when I have Language set in sarg.conf: rt_sigaction(SIGINT, {SIG_IGN}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGQUIT, {SIG_IGN}, {SIG_DFL}, 8) = 0 rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 fork() = 19222 wait4(19222, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 19222 rt_sigaction(SIGINT, {SIG_DFL}, NULL, 8) = 0 rt_sigaction(SIGQUIT, {SIG_DFL}, NULL, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 --- SIGCHLD (Child exited) @ 0 (0) --- access("/tmp", R_OK) = 0 access("/tmp/sarg", R_OK) = -1 ENOENT (No such file or directory) mkdir("/tmp/sarg", 0755) = 0 getrlimit(RLIMIT_NOFILE, {rlim_cur=8*1024, rlim_max=8*1024}) = 0 setrlimit(RLIMIT_NOFILE, {rlim_cur=20000, rlim_max=20000}) = 0 access("/var/log/squid/access.log", R_OK) = 0 open("/var/log/squid/access.log", O_RDONLY) = 3 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV (core dumped) +++ Expected Results: running application without SIGSEGV Portage 2.1.2.2 (hardened/amd64, gcc-3.4.6, glibc-2.3.6-r5, 2.6.23-hardened-r12 x86_64) ================================================================= System uname: 2.6.23-hardened-r12 x86_64 AMD Athlon(tm) 64 Processor 3000+ Gentoo Base System release 1.12.9 Timestamp of tree: Tue, 17 Jun 2008 01:45:01 +0000 app-shells/bash: 3.1_p17 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 sys-apps/baselayout: 1.12.9 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-mtune=k8 -O2 -pipe -fforce-addr" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo" CXXFLAGS="-mtune=k8 -O2 -pipe -fforce-addr" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://src.gentoo.pl " PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl acpi adns amd64 apache2 bash-completion berkdb bzip2 cdr cgi clamav cracklib crypt dvdr expat ftp geoip gmp gnutls hardened hddtemp justify krb4 ldap lm_sensors logrotate lua lzo mbox memlimit midi mmap mysql mysqli ncurses networkmanager nls nptl nptlonly pam pcntl pcre perl php pic posix prelude python readline recode skey slang slp snmp sockets sse2 ssl tcl tcpd tidy urandom vim-syntax xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i810 mach64 mga neomagic nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Thank you for report Szpak. What version of sarg do you use? Also without backtrace you report is not very useful. Please, read: http://www.gentoo.org/proj/en/qa/backtraces.xml and get it to us.
Version: sarg-2.2.5 Mar-03-2008 by Pedro Lineu Orso Backtrace: Using host libthread_db library "/lib/libthread_db.so.1". Failed to read a valid object file image from memory. Core was generated by `sarg'. Program terminated with signal 11, Segmentation fault. #0 0x000036b7d8b7a3b0 in _start () from /lib64/ld-linux-x86-64.so.2 Thread 1 (process 23935): #0 0x000036b7d8b7a3b0 in _start () from /lib64/ld-linux-x86-64.so.2 No symbol table info available. #1 0x0000000000000000 in ?? () No symbol table info available.
Output from gdb_get_backtrace: Using host libthread_db library "/lib/libthread_db.so.1". Failed to read a valid object file image from memory. Core was generated by `sarg'. Program terminated with signal 11, Segmentation fault. #0 0x000036b7d8b7a3b0 in _start () from /lib64/ld-linux-x86-64.so.2 Thread 1 (process 23935): #0 0x000036b7d8b7a3b0 in _start () from /lib64/ld-linux-x86-64.so.2 No symbol table info available. #1 0x0000000000000000 in ?? () No symbol table info available. Sarg version: SARG Version: 2.2.5 Mar-03-2008 also happends with 2.2.4 Additional grsecurity config from .config: CONFIG_PAX=y CONFIG_PAX_SOFTMODE=y CONFIG_PAX_EI_PAX=y CONFIG_PAX_PT_PAX_FLAGS=y # CONFIG_PAX_NO_ACL_FLAGS is not set CONFIG_PAX_HAVE_ACL_FLAGS=y # CONFIG_PAX_HOOK_ACL_FLAGS is not set CONFIG_PAX_NOEXEC=y CONFIG_PAX_PAGEEXEC=y CONFIG_PAX_EMUTRAMP=y CONFIG_PAX_MPROTECT=y # CONFIG_PAX_NOELFRELOCS is not set CONFIG_PAX_ASLR=y CONFIG_PAX_RANDUSTACK=y CONFIG_PAX_RANDMMAP=y CONFIG_PAX_MEMORY_SANITIZE=y CONFIG_GRKERNSEC=y # CONFIG_GRKERNSEC_LOW is not set # CONFIG_GRKERNSEC_MEDIUM is not set # CONFIG_GRKERNSEC_HIGH is not set CONFIG_GRKERNSEC_HARDENED=y # CONFIG_GRKERNSEC_CUSTOM is not set CONFIG_GRKERNSEC_KMEM=y # CONFIG_GRKERNSEC_IO is not set CONFIG_GRKERNSEC_PROC_MEMMAP=y CONFIG_GRKERNSEC_BRUTE=y CONFIG_GRKERNSEC_MODSTOP=y CONFIG_GRKERNSEC_HIDESYM=y CONFIG_GRKERNSEC_ACL_HIDEKERN=y CONFIG_GRKERNSEC_ACL_MAXTRIES=3 CONFIG_GRKERNSEC_ACL_TIMEOUT=30 CONFIG_GRKERNSEC_PROC=y CONFIG_GRKERNSEC_PROC_USER=y CONFIG_GRKERNSEC_PROC_ADD=y CONFIG_GRKERNSEC_LINK=y CONFIG_GRKERNSEC_FIFO=y CONFIG_GRKERNSEC_CHROOT=y CONFIG_GRKERNSEC_CHROOT_MOUNT=y CONFIG_GRKERNSEC_CHROOT_DOUBLE=y CONFIG_GRKERNSEC_CHROOT_PIVOT=y CONFIG_GRKERNSEC_CHROOT_CHDIR=y CONFIG_GRKERNSEC_CHROOT_CHMOD=y CONFIG_GRKERNSEC_CHROOT_FCHDIR=y CONFIG_GRKERNSEC_CHROOT_MKNOD=y CONFIG_GRKERNSEC_CHROOT_SHMAT=y CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y CONFIG_GRKERNSEC_CHROOT_CAPS=y # CONFIG_GRKERNSEC_AUDIT_GROUP is not set # CONFIG_GRKERNSEC_EXECLOG is not set CONFIG_GRKERNSEC_RESLOG=y # CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set # CONFIG_GRKERNSEC_AUDIT_CHDIR is not set # CONFIG_GRKERNSEC_AUDIT_MOUNT is not set # CONFIG_GRKERNSEC_AUDIT_IPC is not set CONFIG_GRKERNSEC_SIGNAL=y CONFIG_GRKERNSEC_FORKFAIL=y CONFIG_GRKERNSEC_TIME=y CONFIG_GRKERNSEC_PROC_IPADDR=y # CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set CONFIG_GRKERNSEC_EXECVE=y CONFIG_GRKERNSEC_SHM=y CONFIG_GRKERNSEC_DMESG=y # CONFIG_GRKERNSEC_TPE is not set CONFIG_GRKERNSEC_RANDNET=y # CONFIG_GRKERNSEC_SOCKET is not set CONFIG_GRKERNSEC_SYSCTL=y CONFIG_GRKERNSEC_SYSCTL_ON=y CONFIG_GRKERNSEC_FLOODTIME=10 CONFIG_GRKERNSEC_FLOODBURST=4
This backtrace does not helps still. Try to run (gdb) thread apply all bt from debugger. Also it's possible that strace could be useful here.
There is a strace in description, and backtrace log is make with: thread apply all bt I can send core file and notstripped executable. And one more thing bug is reproductible on other amd64 systems too. I tried it under vmware and on normal pc.
Created attachment 157701 [details] Compiled binary and coredump amd64-hardened
Eh, I though I wrote you, but seems that I forgive. Please run strace with -f option. Also could you try to localize and create smallest possible access.log which allows you to reproduce the crash?
Created attachment 157729 [details] output from strace -f /usr/sbin/sarg
Simplest access.log file: 1213789032.682 658 192.168.250.93 TCP_MISS/200 2317 GET http://bugs.gentoo.org/index.cgi? - DIRECT/85.17.225.93 text/html but I think it doesn't depend on what's inside. Problem must be before reading the file.
Bug is reproductible only on hardened amd64 gentoo there is no error on x86
Please try sarg-2.2.5-r1.ebuild. If it does not fixes the problem I need backtrace to investigate this issue. You last backtrace is useless and it looks like you need to rebuild glibc with debugging symbols enabled too.
Closing per comment #11.
