Currently on my hardened/linux/amd64/no-multilib system, emerging proftpd with an SSP-enabled gcc profile will break proftpd. The daemon will run fine, but will die just after client authentication (signal 11). I did not change gcc since the last working proftpd, but I did change glibc: Thu Jul 29 05:22:21 2010 >>> dev-db/mysql-5.0.90-r2 Mon Nov 22 12:21:48 2010 >>> sys-devel/gcc-4.4.4-r2 Mon Nov 22 17:16:38 2010 >>> sys-libs/glibc-2.11.2-r3 Mon Nov 22 18:12:56 2010 >>> dev-libs/openssl-1.0.0b-r1 Mon Nov 22 19:36:41 2010 >>> net-ftp/proftpd-1.3.3c (everything was working fine here) Mon Dec 27 11:24:48 2010 >>> dev-libs/openssl-1.0.0c Fri Jan 7 14:10:20 2011 >>> dev-db/mysql-5.0.91 Mon Jan 31 16:16:50 2011 >>> net-ftp/proftpd-1.3.3c Mon Jan 31 16:19:46 2011 >>> net-ftp/proftpd-1.3.3d (both versions won't work now) I did some tests and found out that proftpd will crash if emerged with x86_64-pc-linux-gnu-4.4.4 x86_64-pc-linux-gnu-4.4.4-hardenednopie but runs smoothly if emerged with x86_64-pc-linux-gnu-4.4.4-hardenednossp x86_64-pc-linux-gnu-4.4.4-vanilla Compiler and toolchain are the same as the old, working, proftpd but I did upgrade MySQL and some other stuff in between. These are my USE flags for proftpd: [ebuild R ] net-ftp/proftpd-1.3.3d USE="acl caps ctrls hardened mysql ncurses nls pam ssl -authfile -ban -case -clamav -deflate -doc -exec -ident -ifsession -ipv6 -kerberos -ldap -postgres -radius -ratio -readme -rewrite (-selinux) -sftp -shaper -sitemisc -softquota -tcpd -trace -vroot -xinetd" 0 kB
*** Bug 353323 has been marked as a duplicate of this bug. ***
Can you please try without SSP? By selecting the hardenednossp GCC profile. Also please post the backtrace. Take a look at http://www.gentoo.org/proj/en/qa/backtraces.xml
(In reply to comment #2) > Can you please try without SSP? By selecting the hardenednossp GCC profile. As I wrote above, I already tried and it works correctly. Actually this is the version I'm running now. > Also please post the backtrace. Take a look at > http://www.gentoo.org/proj/en/qa/backtraces.xml I'll do that in the next 'late evening updates' session or as soon as I find time to put up a new amd64 test system, this one is sorta-production... (sorry for the double-posting, my browser fsck'ed up)
(In reply to comment #3) > (In reply to comment #2) > > Can you please try without SSP? By selecting the hardenednossp GCC profile. > As I wrote above, I already tried and it works correctly. Actually this is the > version I'm running now. > Oops, overlooked... %) > > Also please post the backtrace. Take a look at > > http://www.gentoo.org/proj/en/qa/backtraces.xml > I'll do that in the next 'late evening updates' session or as soon as I find > time to put up a new amd64 test system, this one is sorta-production... > 4.4.4 with SSP works fine here. Please also check the log. > (sorry for the double-posting, my browser fsck'ed up) > No problem, that happens if you refresh/reload the page immediately after filing the bug.
Finally had some time to come back to this. The very same problem still persist with the last stable'd ebuild net-ftp/proftpd-1.3.3e. I also tested with "safe" CFLAGS (used "-O1 -pipe" instead of my usual "-O2 -march=nocona -pipe"), doesn't change anything (still doesn't work when compiled with SSP gcc profile). Reading the gentoo backtrace docs right now, will report again if/when I get more details.
I am sorry but if I didn't miss anything, using gdb on something like proftpd is not something I'm good at. Please remember the whole proftpd is not crashing, just the child answering the single connection. I tried followind Gentoo's "How to get meaningful backtraces in Gentoo", but all I got was a loosy t-shirt with this: (gdb) run Starting program: /usr/sbin/proftpd -n - setting default addresses to A.A.A.A, B.B.B.B, C.C.C.C A.A.A.A - ProFTPD 1.3.3e (maint) (built Thu Jun 16 2011 12:11:00 CEST) standalone mode STARTUP A.A.A.A (X.X.X.X[X.X.X.X]) - FTP session opened. A.A.A.A (X.X.X.X[X.X.X.X]) - ProFTPD terminating (signal 11) A.A.A.A (X.X.X.X[X.X.X.X]) - ProFTPD terminating (signal 11) A.A.A.A (X.X.X.X[X.X.X.X]) - FTP session closed. ...and gdb sits here waiting for something to happen, proftpd still running. If I manually stop it (CTRL-Z or CTRL-C or the like) I can only get a backtrace of the main process being interrupted while in select(), which obviously isn't what we want. Also, I should theoretically not disclose the IPs and other informations about this particolar systems, and I haven't much time to reproduce on other systems. Could anyone else step in and reproduce the problem? Or maybe could SSP just be disabled in the ebuild since proftpd seems to be broken with it?
What comes first to mind is that you try with mysql 5.1 we had some issues with previous 5.1 versión so 5.0 may be affected too.
Please take a look at the proftpd log as well, try to make the daemon verbose or there might be even a debug option. Try to use proftpd with different useflags, start with only "hardened" and go ahead and add the rest after and after. As I said, mine is working fine: # emerge --info proftpd Portage 2.1.9.42 (hardened/linux/amd64, gcc-4.4.5-asneeded, libc-0-r0, 2.6.37-hardened-r7 x86_64) ================================================================= System Settings ================================================================= System uname: Linux-2.6.37-hardened-r7-x86_64-Intel-R-_Core-TM-_i7_CPU_920_@_2.67GHz-with-gentoo-2.0.2 Timestamp of tree: Thu, 16 Jun 2011 09:30:01 +0000 app-shells/bash: 4.1_p9 dev-lang/python: 2.6.6-r2, 2.7.1-r1, 3.1.3-r1 dev-util/cmake: 2.8.4-r1 sys-apps/baselayout: 2.0.2 sys-apps/openrc: 0.8.2-r1 sys-apps/sandbox: 2.4 sys-devel/autoconf: 2.65-r1 sys-devel/automake: 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.5 sys-devel/gcc-config: 1.4.1-r1 sys-devel/libtool: 2.2.10 sys-devel/make: 3.82 sys-kernel/linux-headers: 2.6.36.1 sys-libs/glibc: 2.12.2 virtual/os-headers: 0 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps y --columns" FEATURES="assume-digests binpkg-logs collision-protect distlocks fail-clean fakeroot fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict suidctl unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync" FFLAGS="" GENTOO_MIRRORS="http://gentoo.mneisen.org/ http://mirror.jamit.de/gentoo/ http://mirror.netcologne.de/gentoo/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,now -Wl,--sort-common" MAKEOPTS="-j8" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="--exclude lost+found" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://vireo.gentoo.org/gentoo-portage" USE="X509 acl amd64 animgif audit automap bash-completion bcmath berkdb blksha1 bzip2 caps cgi checkpath chroot clamdtop cleartype cli community corefonts cracklib crypt cscope ctype ctypes-python curl curlwrappers cxx diskio dkim dnsdb dsn eselect exceptions exif exiscan-acl expat extensions extras filter fontconfig ftp fts3 gcrypt gd gdbm geoip gif glib gmp gnutls gpg hardened hash hpn iconv icu idn imap iproute2 ipv6 ithreads jabber jpeg json justify kpoll libssh2 lzma lzo maildir managesieve mdev mhash mktemp mmx mode-paranoid modules multilib mysql mysqli nagios-dns nagios-ntp nagios-ping nagios-ssh ncurses net nethack network-cron nptl nptlonly openmp opensslcrypt pam pcntl pcre pdo perl pic plugins png posix pth python python3 readline reflection reload reload-error-restart rrdcgi sasl secure-delete sensord session sha512 sidebar sieve simplexml smime smp snmp soap sockets spf spl sqlite sqlite3 sse sse2 ssl ssse3 suexec svg swig syslog sysvipc threads threadsafe tokenizer tools truetype unicode unlock-notify urandom vim-syntax web webdav-neon xattr xinetd xml xmlreader xmlrpc xmlwriter xsl zip zlib zsh-completion" APACHE2_MODULES="asis actions alias auth_basic auth_digest authn_dbd authn_default authn_file authz_default authz_groupfile authz_host authz_owner authz_user autoindex cgid dbd deflate dir env expires filter headers include info log_config mime mime_magic negotiation rewrite setenvif so status unique_id userdir usertrack vhost_alias substitute proxy proxy_http" APACHE2_MPMS="worker" ELIBC="glibc" KERNEL="linux" NGINX_MODULES_HTTP="access auth_basic autoindex empty_gif fastcgi map rewrite stub_status perl" RUBY_TARGETS="ruby18" USERLAND="GNU" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS ================================================================= Package Settings ================================================================= net-ftp/proftpd-1.3.3e was built with the following: USE="acl caps hardened ipv6 (multilib) mysql ncurses pam ssl xinetd -authfile -ban -case -clamav -ctrls -deflate -doc -exec -ident -ifsession -kerberos -ldap -nls -postgres -radius -ratio -readme -rewrite (-selinux) -sftp -shaper -sitemisc -softquota -tcpd -trace -vroot" CFLAGS="-march=native -O2 -pipe -DHAVE_OPENSSL"
@Original reporter Please post your "emerge --info" Also if you are using hardened-sources, plase post the corresponding output from dmesg (every segfault which is probably what you experience is logged there by grsec, with a message about what file that crashed and why). Also you can try: "stacktrace -ff -o proftp <command name>" This will create loads of files named proftp.<pid>, one for each process that the command creates. Then pick from you logfiles the PID of the process that crashed, and attach the corresponding proftp.<pid> file to this bug. If you get the crash by starting proftpd from a init script, try run the command that the init script runs.
(In reply to comment #9) > If you get the crash by starting proftpd from a init script, try run the > command that the init script runs. As a follow up on this, if you use gentoos original init script, please do "strace -ff -o proftp /usr/sbin/proftpd"
This bug can be closed, ProFTPd is now working correctly even if compiled with SSP. Both proftpd-1.3.3e (which had the problem) and proftpd-1.3.3g (current stable version in portage) are working correctly even if compiled with SSP. I kept the system regularly updated (to stable versions) and something else must have fixed this. Of course the suspect is on gcc, my previous reports were tested with gcc-4.4.4-r2 up to gcc-4.4.5, but I am now running gcc-4.5.3-r1. Whatever it was, it's now working correctly. Anyway, many thanks go to devs and people who tried to help me sort this out. For the record, I'm running a gentoo hardened profile but I'm not using hardened kernels. It's a Xen domU and it used to run with xen-sources, recently switched to gentoo-sources with the 3.0.x kernel series.
