Using vixie-cron-3.0.1-r5 (currently in ~x86, x86 package exhibits same issues).  After building and running on a kernel with grsecurity enabled, segfaults are logged to syslog when the root/system crontab is run.  This is a periodic, reproducible error every time the root/system crontab is run.  Mail from root/system crontabs is not sent but commands are run.

Example output from grsecurity:

Aug 24 23:45:01 xx kernel: grsec: From xx: signal 11 sent to /usr/sbin/cron[cron:27980] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/cron[cron:7560] uid/euid:0/0 gid/egid:0/0

Note that grsecurity is only logging.  PaX is not enabled, nor are ACLs.  Without grsecurity in the kernel, the same behaviour is exhibited by cron (a la no sending mail for root/system crontabs).

To debug, cron was built with:

# FEATURES="nostrip" CFLAGS="-g3 -ggdb -fno-omit-frame-pointer" emerge vixie-cron

glibc and pam (as the "pam" USE flag is enabled) were rebuilt using the same FEATURES and CFLAGS above, with the "debug" USE flag added also.

My cron binary and the core files should be available attached.  The output from a gdb backtrace on the produced corefile (from when cron segfaults) should also be attached.


The problem appears to be with something calling fdopen(), which then calls malloc().  To test the malloc() issue, vixie-cron was run under efence using:

# LD_PRELOAD=libefence.so.0.0 /usr/sbin/cron

When running under efence, cron exhibits apparent "normal" behaviour and email from root/system crontabs is sent successfully.  However, a core is still dumped which should also be available attached, along with the backtrace from gdb on this corefile.  Whilst the efence corefile seems to point at an error with PAM, building vixie-cron with USE="-pam" still produces the same issues.


Running cron under strace does not seem to segfault or dump core and does send mail correctly.  However, the following message is observed in syslog, only when running cron under strace:

CRON[14513]: (root) MAIL (mailed 4 bytes of output but got status 0xffffffff )


This problem has existed for a number of versions of vixie-cron on this system but was not noticed at the time.  vixie-cron runs on a number of other systems this author runs with no apparent issues similar to this.

Reproducible: Always
Steps to Reproduce:
1. Run vixie-cron using /etc/init.d/vixie-cron start, script modified with `ulimit -c unlimited` before start-stop-daemon
2. Sit back and wait for it to dump core

Actual Results:  
 

Expected Results:  
 

simba root # emerge info 
Portage 2.0.50-r9 (default-x86-1.4, gcc-3.3.3, glibc-2.3.3.20040420-r1, 
2.4.27-grsec-2.0.1) 
================================================================= 
System uname: 2.4.27-grsec-2.0.1 i686 Pentium III (Coppermine) 
Gentoo Base System version 1.4.16 
ccache version 2.3 [enabled] 
Autoconf: sys-devel/autoconf-2.59-r4 
Automake: sys-devel/automake-1.8.5-r1 
ACCEPT_KEYWORDS="x86" 
AUTOCLEAN="yes" 
CFLAGS="-O3 -march=pentium3 -funroll-loops -pipe" 
CHOST="i686-pc-linux-gnu" 
COMPILER="gcc3" 
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" 
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" 
CXXFLAGS="-O3 -march=pentium3 -funroll-loops -pipe" 
DISTDIR="/usr/portage/distfiles" 
FEATURES="autoaddcvs ccache sandbox" 
GENTOO_MIRRORS="http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/ 
http://ftp.heanet.ie/pub/gentoo/" 
MAKEOPTS="-j2" 
PKGDIR="/packages" 
PORTAGE_TMPDIR="/var/tmp" 
PORTDIR="/usr/portage" 
PORTDIR_OVERLAY="/usr/local/portage" 
SYNC="rsync://rsync.gentoo.org/gentoo-portage" 
USE="apache apache2 apm arts avi berkdb crypt curl encode exiscan exiscan-acl 
flash foomaticdb gd gdbm gif gpm gtk2 imap imlib innodb java jpeg justify ldap libg++ 
libwww mad mailboxlist maildir mcal memlimit mikmod motif mpeg mysql ncurses nls 
oggvorbis opengl oss pam pdflib perl png python quicktime readline sdl slang spell ssl 
svga truetype x86 xml2 xv zlib"