syslog-ng --no-caps option causes segmentation fault if compiled with caps support on gentoo hardened system It is quite possible, that it is hardened gentoo specific bug. I could not reproduce it on non-hardened system. This is from the build log: syslog-ng Open Source Edition 3.1.2 configured Compiler options: compiler : x86_64-pc-linux-gnu-gcc -std=gnu99 compiler options : -O2 -pipe -fforce-addr -mtune=nocona -march=nocona -Wall -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/eventlog -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 linker flags : -Wl,-O1 -Wl,--as-needed prefix : /usr linking mode : dynamic Features: Sun STREAMS support : no Sun Door support : no Debug symbols : no GCC profiling : no Memtrace : no IPV6 support : no spoof-source support : no tcp-wrapper support : yes SSL support : yes SQL support : no Linux capability support : yes PCRE support : yes Env wrapper support : no >>> Source configured. System parameters: # syslog-ng --version syslog-ng 3.1.2 Installer-Version: 3.1.2 Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.1#master#8bf13c304b6ab5fc1a372b49d55c78370efe14ca Compile-Date: Dec 15 2010 21:10:17 Enable-Threads: off Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-Sun-STREAMS: off Enable-Sun-Door: off Enable-IPv6: off Enable-Spoof-Source: off Enable-TCP-Wrapper: on Enable-SSL: on Enable-SQL: off Enable-Linux-Caps: on Enable-Pcre: on # # # gcc -v Using built-in specs. Target: x86_64-pc-linux-gnu Configured with: /var/tmp/portage/sys-devel/gcc-4.4.4-r2/work/gcc-4.4.4/configure --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/4.4.4 --includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/4.4.4/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.4.4 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.4.4/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.4.4/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/4.4.4/include/g++-v4 --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --disable-altivec --disable-fixed-point --without-ppl --without-cloog --disable-nls --with-system-zlib --disable-werror --enable-secureplt --enable-multilib --enable-libmudflap --disable-libssp --enable-esp --enable-libgomp --with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/4.4.4/python --enable-checking=release --disable-libgcj --enable-languages=c,c++ --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --with-bugurl=http://bugs.gentoo.org/ --with-pkgversion='Gentoo Hardened 4.4.4-r2 p1.2, pie-0.4.5' Thread model: posix gcc version 4.4.4 (Gentoo Hardened 4.4.4-r2 p1.2, pie-0.4.5) # glibc - 2.11.2-r3 Example: $ $ /usr/sbin/syslog-ng -F -v -d --no-caps Segmentation fault $ $ strace /usr/sbin/syslog-ng -F -v -d --no-caps execve("/usr/sbin/syslog-ng", ["/usr/sbin/syslog-ng", "-F", "-v", "-d", "--no-caps"], [/* 33 vars */]) = 0 brk(0) = 0x3cdf13cf10 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3752a0cc000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=51584, ...}) = 0 mmap(NULL, 51584, PROT_READ, MAP_PRIVATE, 3, 0) = 0x3752a0bf000 close(3) = 0 open("/usr/lib/libglib-2.0.so.0", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320{\1\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=981792, ...}) = 0 mmap(NULL, 3079320, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37529bc2000 mprotect(0x37529cb0000, 2097152, PROT_NONE) = 0 mmap(0x37529eb0000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xee000) = 0x37529eb0000 close(3) = 0 open("/usr/lib/libevtlog.so.0", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\31\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=18184, ...}) = 0 mmap(NULL, 2113664, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x375299bd000 mprotect(0x375299c1000, 2093056, PROT_NONE) = 0 mmap(0x37529bc0000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x37529bc0000 close(3) = 0 open("/usr/lib/libssl.so.1.0.0", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0Pa\1\0\0\0\0\0"..., 832) = 832 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3752a0be000 fstat(3, {st_mode=S_IFREG|0555, st_size=386928, ...}) = 0 mmap(NULL, 2482512, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3752975e000 mprotect(0x375297b5000, 2093056, PROT_NONE) = 0 mmap(0x375299b4000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x56000) = 0x375299b4000 close(3) = 0 open("/usr/lib/libcrypto.so.1.0.0", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@U\6\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0555, st_size=1845904, ...}) = 0 mmap(NULL, 3956384, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37529398000 mprotect(0x37529538000, 2093056, PROT_NONE) = 0 mmap(0x37529737000, 147456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19f000) = 0x37529737000 mmap(0x3752975b000, 11936, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3752975b000 close(3) = 0 open("/lib/libwrap.so.0", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@1\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=35552, ...}) = 0 mmap(NULL, 2132968, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3752918f000 mprotect(0x37529197000, 2093056, PROT_NONE) = 0 mmap(0x37529396000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x37529396000 close(3) = 0 open("/lib/libcap.so.2", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\26\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=18408, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3752a0bd000 mmap(NULL, 2113856, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37528f8a000 mprotect(0x37528f8e000, 2093056, PROT_NONE) = 0 mmap(0x3752918d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x3752918d000 close(3) = 0 open("/lib/libpcre.so.0", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\30\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=198368, ...}) = 0 mmap(NULL, 2293824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37528d59000 mprotect(0x37528d89000, 2093056, PROT_NONE) = 0 mmap(0x37528f88000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2f000) = 0x37528f88000 close(3) = 0 open("/lib/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0~\354\1\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1354792, ...}) = 0 mmap(NULL, 3463976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37528a0b000 mprotect(0x37528b4f000, 2097152, PROT_NONE) = 0 mmap(0x37528d4f000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x144000) = 0x37528d4f000 mmap(0x37528d54000, 19240, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x37528d54000 close(3) = 0 open("/lib/libdl.so.2", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\r\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=14320, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3752a0bc000 mmap(NULL, 2109600, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37528807000 mprotect(0x37528809000, 2097152, PROT_NONE) = 0 mmap(0x37528a09000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37528a09000 close(3) = 0 open("/lib/libz.so.1", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p \0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=87936, ...}) = 0 mmap(NULL, 2183312, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x375285f1000 mprotect(0x37528606000, 2093056, PROT_NONE) = 0 mmap(0x37528805000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14000) = 0x37528805000 close(3) = 0 open("/lib/libattr.so.1", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\25\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=22360, ...}) = 0 mmap(NULL, 2117664, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x375283eb000 mprotect(0x375283ef000, 2097152, PROT_NONE) = 0 mmap(0x375285ef000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x375285ef000 close(3) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3752a0bb000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3752a0ba000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3752a0b9000 arch_prctl(ARCH_SET_FS, 0x3752a0ba700) = 0 mprotect(0x375285ef000, 4096, PROT_READ) = 0 mprotect(0x37528805000, 4096, PROT_READ) = 0 mprotect(0x37528a09000, 4096, PROT_READ) = 0 mprotect(0x37528d4f000, 16384, PROT_READ) = 0 mprotect(0x37528f88000, 4096, PROT_READ) = 0 mprotect(0x3752918d000, 4096, PROT_READ) = 0 mprotect(0x37529396000, 4096, PROT_READ) = 0 mprotect(0x37529737000, 106496, PROT_READ) = 0 mprotect(0x375299b4000, 16384, PROT_READ) = 0 mprotect(0x37529bc0000, 4096, PROT_READ) = 0 mprotect(0x37529eb0000, 4096, PROT_READ) = 0 mprotect(0x3cdf136000, 8192, PROT_READ) = 0 mprotect(0x3752a0ce000, 4096, PROT_READ) = 0 munmap(0x3752a0bf000, 51584) = 0 brk(0) = 0x3cdf13cf10 brk(0x3cdf15df10) = 0x3cdf15df10 brk(0x3cdf15e000) = 0x3cdf15e000 setrlimit(RLIMIT_NOFILE, {rlim_cur=4*1024, rlim_max=4*1024}) = 0 setsid() = 13612 prctl(PR_SET_KEEPCAPS, 1) = 0 capget(0x20080522, 0, NULL) = -1 EFAULT (Bad address) --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++ Segmentation fault $ # emerge --info Portage 2.1.9.24 (hardened/linux/amd64, gcc-4.4.4, glibc-2.11.2-r3, 2.6.32-hardened-r29-0 x86_64) ================================================================= System uname: Linux-2.6.32-hardened-r29-0-x86_64-Intel-R-_Xeon-R-_CPU_X5450_@_3.00GHz-with-gentoo-1.12.14 Timestamp of tree: Fri, 03 Dec 2010 10:00:23 +0000 app-shells/bash: 4.1_p7 dev-lang/python: 2.6.5-r3, 3.1.2-r4 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 1.12.14-r1 sys-apps/sandbox: 2.3-r1 sys-devel/autoconf: 2.65-r1 sys-devel/automake: 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.4-r2 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.10 sys-devel/make: 3.81-r2 virtual/os-headers: 2.6.30-r1 (sys-kernel/linux-headers) ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -fforce-addr -mtune=nocona -march=nocona" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe -fforce-addr -mtune=nocona -march=nocona" DISTDIR="/var/db/portage_distfiles" FEATURES="assume-digests binpkg-logs distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j8" PKGDIR="/var/db/portage_packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/var/db/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl acpi amd64 audit bash-completion berkdb bzip2 caps chroot cli cracklib crypt cups cxx dri gdbm gnutls hardened iconv justify logrotate mhash mktemp mmx modules mudflap multilib ncurses nptl nptlonly openmp pam pcre perl pic pppd python readline session sse sse2 ssl sysfs tcpd urandom vhosts xattr xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-2" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nouveau nv r128 radeon savage sis tdfx trident vesa via vmware voodoo" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY # app-admin/syslog-ng-3.1.2 USE="caps hardened pcre ssl tcpd -ipv6 (-selinux) -spoof-source -sql -static" Here is a bugreport in the official syslog-ng bugzilla: https://bugzilla.balabit.com/show_bug.cgi?id=105
can't reproduce with current stable 3.2.5: [ebuild R ] app-admin/syslog-ng-3.2.5 USE="caps hardened -ipv6 -pcre (-selinux) -spoof-source -sql -ssl -tcpd" 0 kB # /usr/sbin/syslog-ng -F -v -d --no-caps Trying to open module; module='syslogformat', filename='/usr/lib/syslog-ng/libsyslogformat.so' Trying to open module; module='basicfuncs', filename='/usr/lib/syslog-ng/libbasicfuncs.so' Trying to open module; module='afsocket', filename='/usr/lib/syslog-ng/libafsocket.so' Trying to open module; module='affile', filename='/usr/lib/syslog-ng/libaffile.so' Trying to open module; module='afprog', filename='/usr/lib/syslog-ng/libafprog.so' Trying to open module; module='afuser', filename='/usr/lib/syslog-ng/libafuser.so' Trying to open module; module='dbparser', filename='/usr/lib/syslog-ng/libdbparser.so' Trying to open module; module='csvparser', filename='/usr/lib/syslog-ng/libcsvparser.so' Running application hooks; hook='1' Running application hooks; hook='3' syslog-ng starting up; version='3.2.5' ^CTermination requested via signal, terminating; syslog-ng shutting down; version='3.2.5' Fixed Nov 13, 2011, in syslog-ng itself, as can be seen in https://github.com/balabit/syslog-ng-3.3/commit/b9b0e5d0207c06b5a7b59aafe7db457c217b070d and the patch at https://lists.balabit.hu/pipermail/syslog-ng/2011-November/017671.html, around 10 months after closing the bug RESOLVED INVALID in his bug tracker.
