Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 87541 - nmbd crashes with grsec
Summary: nmbd crashes with grsec
Status: RESOLVED CANTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: AMD64 Linux
: High normal
Assignee: Gentoo's SAMBA Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-04-01 03:59 UTC by Tiago Freire
Modified: 2005-07-25 09:31 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tiago Freire 2005-04-01 03:59:07 UTC 
nmbd daeomn crashed while being accessed by remote machine 192.168.10.30.
kernel log message is as follows: 
[kernel] grsec: From 192.168.10.30: signal 11 sent to /usr/sbin/nmbd[nmbd:15700] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Reproducible: Always
Steps to Reproduce:
1./etc/init.d/samba restart
2.Access samba server from client machine
3.nmbd crashes

Actual Results:  
Crash

Expected Results:  
Work properly

workgroup=GIDBR
server string=Kuarup Linux
printcap name=cups
load printers=yes
printing=cups
printer admin=@adm
log file = /var/log/samba3/log.%m
max log size = 50
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/private/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
dos charset = 850
unix charset = ISO8859-1
remote announce = 192.168.0.200
remote browse sync = 192.168.0.200
domain master=yes
local master = yes
wins support= yes
wins proxy = yes
bind interfaces only = yes
interfaces=127.0.0.1, 192.168.10.7, ppp0
#wins server=192.168.10.7 192.168.0.200
#interfaces=127.0.0.1 ppp0 eth1
[public]
        comment= Arquivo Compartilhados da Galera
        path=/var/files/public
        valid users=afreire,root,tfreire,apastorello,mvbguazzelli,edecarvalho
        public=no
        writable=yes
        printable=no
        write list=root,xxxx...
        force create mode = 770
        create mode = 770
        force directory mode = 770
        directory mode = 770
(and other shares...)
Comment 1 Christian Andreetta (RETIRED) gentoo-dev 2005-04-01 04:51:11 UTC 
'emerge info'?
Comment 2 Tiago Freire 2005-04-01 05:16:52 UTC 
Portage 2.0.51.19 (default-linux/amd64/2004.3, gcc-3.4.3, glibc-2.3.4.20041102-r1, 2.6.11-hardened-r1 x86_64)
=================================================================
System uname: 2.6.11-hardened-r1 x86_64 AMD Athlon(tm) 64 Processor 3000+
Gentoo Base System version 1.4.16
Python:              dev-lang/python-2.3.4-r1 [2.3.4 (#1, Feb  7 2005, 12:46:51)]
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
dev-lang/python:     2.3.4-r1
sys-devel/autoconf:  2.59-r6, 2.13
sys-devel/automake:  1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.4
sys-devel/binutils:  2.15.92.0.2-r1
sys-devel/libtool:   1.5.10-r4
virtual/os-headers:  2.6.8.1-r4
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CFLAGS="-O2 -march=k8 -ftracer -fprefetch-loop-arrays -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=k8 -ftracer -fprefetch-loop-arrays -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo"
LDFLAGS="-Wl,-O1 -Wl,--sort-common"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="amd64 aac aalib acl acpi alsa apache2 arts avi berkdb bidi bitmap-fonts bzlib calendar canna caps cdr cjk crypt cups curl curlwrappers dba dga divx4linux dvd dvdr encode esd ethereal evo fam fbcon flac font-server foomaticdb fortran ftp gd gif gnutls gpm gtk hardenedphp iconv imagemagick imap imlib innodb interbase ipv6 java jp2 jpeg junit kde kdexdeltas lcms ldap libwww lzw lzw-tiff mad maildir mailwrapper mbox mcal mhash mime mmap mng motif mozilla mp3 mpeg mppe-mppc mysql mysqli nas ncurses nls nptl oav odbc offensive ogg oggvorbis openal opengl oss pam pcntl pcre perl php pic plotutils png posix postgres ppds prelude profile python qt quicktime readline samba sasl scanner sdl session shared sharedmem slang sndfile snmp soap sockets sox speex spell spl sqlite ssl svg symlink tcpd theora threads tidy tiff tokenizer truetype truetype-fonts type1-fonts unicode usb userlocales vhosts wddx wmf xine xml2 xmlrpc xmms xpm xprint xrandr xsl xv xvid yahoo zlib"
Unset:  ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, PORTDIR_OVERLAY
Comment 3 Tiago Freire 2005-04-01 05:20:32 UTC 
emerge -pv samba:
net-fs/samba-3.0.10  +acl +cups -debug -doc -kerberos +ldap -libclamav* +mysql +oav +pam +postgres +python -quotas +readline (-selinux) -winbind* -xml +xml2 0 kB
Comment 4 solar (RETIRED) gentoo-dev 2005-04-01 20:29:21 UTC 
be sure that CONFIG_GRKERNSEC_SHM is not set. If =y then samba may not function as 
expected. If it's configured into your kern along with sysctl support 
then try. sysctl -w kernel.grsecurity.destroy_unused_shm=1 ; otherwise check dmesg  
as root and see if anything is up there.
Comment 5 solar (RETIRED) gentoo-dev 2005-04-03 15:12:55 UTC 
sorry I ment kernel.grsecurity.destroy_unused_shm=0
Comment 6 Seemant Kulleen (RETIRED) gentoo-dev 2005-07-18 08:28:45 UTC 
well, tiago?
Comment 7 Seemant Kulleen (RETIRED) gentoo-dev 2005-07-25 09:31:07 UTC 
closing due to lack of responsiveness from the bug reporter.