Whenever I run grpconv, grpck (without options), or groupadd (with options), the executables exit with "Segmentation fault" error. Examples: (nogroup is an actual group) # groupdel nogroup Segmentation fault (this is ok) # groupdel cvs groupdel: cannot remove user's primary group. (no group called test in /etc/group) # groupadd test Segmentation fault (no group test or group-id 1003 in /etc/group) # groupadd -g 1003 test Segmentation fault (this is ok) # groupadd Usage: groupadd [-g gid [-o]] [-f] group # grpconv Segmentation fault # grpconv --help Segmentation fault # grpck Segmentation fault (this is ok) # grpck /etc/group # echo $? 0 My group file is fairly short, so it should not be a problem: # wc -l /etc/group 54 lines Although, my passwd file is very long, could that cause seg.faults? # wc -l /etc/passwd 6805 lines Reproducible: Always Steps to Reproduce: 1. Upgrade to latest sys-apps/shadow-4.0.7-r1 2. Try running any of grp* or group* executables Actual Results: Requested changes to /etc/group Expected Results: Segmentation faults without changes to /etc/group # emerge --info Portage 2.0.51.22-r1 (default-linux/x86/2005.0, gcc-3.3.4, glibc-2.3.5-r0, 2.6.5 i686) ================================================================= System uname: 2.6.5 i686 Intel(R) Xeon(TM) CPU 2.40GHz Gentoo Base System version 1.6.12 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] dev-lang/python: 2.2.3-r6, 2.3.5 sys-apps/sandbox: 1.2.8 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.16 sys-devel/libtool: 1.5.18 virtual/os-headers: 2.6.11 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-mcpu=pentium3 -O3 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /etc/conf.d /etc/init.d /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/applications /usr/share/config /usr/share/gnome/apps /var/qmail/control" CONFIG_PROTECT_MASK="/etc/X11/app-defaults /etc/X11/mwm /etc/X11/proxymngr /etc/X11/rstart /etc/X11/xdm /etc/afs/afsws /etc/dev.d /etc/gconf /etc/ggi /etc/gimp /etc/gnome-vfs-2.0 /etc/mono /etc/openldap /etc/sound /etc/ssl /etc/terminfo /etc/texmf/web2c /etc/udev /etc/vim /usr/lib/X11/xkb /usr/share/texmf /usr/share/texmf/dvips/config /etc/env.d" CXXFLAGS="-mcpu=pentium3 -O3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig buildpkg candy ccache clean collision-protect distlocks moo sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="http://mirror.clarkson.edu/pub/distributions/gentoo http://csociety-ftp.ecn.purdue.edu/pub/gentoo/ http://gentoo.oregonstate.edu/ http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j16" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://mirror.clarkson.edu/gentoo-portage" USE="x86 X X509 aalib accessibility acl afs alsa avi bash-completion berkdb bitmap-fonts bonobo bzip2 cdr crypt cscope cups curl dbus dga directfb divx4linux djvu doc dvd dvdr dvi eds emacs emboss esd evo fam fbcon flac flash font-server foomaticdb fortran gb gcj gd gdbm ggi gif gnome gpm gstreamer gtk gtk2 gtkhtml guile hal hardened howl imagemagick imap imlib java javacomm javascript jpeg junit kerberos lcms ldap lesstif libg++ libgda libwww mad mailwrapper mbox mmx mono motif moznoirc mp3 mpeg ncurses nls nntp nocardbus nptl nsplugin nvidia objc odbc ogg oggvorbis opengl oss pam pda pdflib perl plotutils png python quicktime readline real ruby samba sdl slang slp spell sqlite sse ssl svga symlink t1lib tcltk tcpd tetex threads tiff truetype truetype-fonts type1-fonts vidix vorbis win32codecs wmf xine xml xml2 xprint xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS I am glad to provide any additional information.
Compiled shadow with debug in USE flags. Tried to debug with gdb: # gdb GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu"...(no debugging symbols found) Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) exec /usr/sbin/groupadd (gdb) run Starting program: /usr/sbin/groupadd (no debugging symbols found) . . . (no debugging symbols found) Usage: groupadd [-g gid [-o]] [-f] group Program exited with code 02. (gdb) run test Starting program: /usr/sbin/groupadd test (no debugging symbols found) . . . (no debugging symbols found) Program received signal SIGSEGV, Segmentation fault. 0x400d6fbb in strlen () from /lib/tls/libc.so.6 (gdb) backtrace #0 0x400d6fbb in strlen () from /lib/tls/libc.so.6 #1 0x400d6d45 in strdup () from /lib/tls/libc.so.6 #2 0x0804afd8 in ?? () #3 0x656c6167 in ?? () #4 0x0804eda6 in ?? () #5 0x0804eda7 in ?? () #6 0x080637c8 in ?? () #7 0x0804e8e0 in ?? () #8 0x0000e000 in ?? () #9 0xbfffe8f8 in ?? () #10 0x0804b5ae in ?? () #11 0x08058dc4 in ?? () #12 0x0000000a in ?? () #13 0x0805f4d8 in ?? () #14 0xbfffe908 in ?? () #15 0x400f55b1 in getgrnam () from /lib/tls/libc.so.6 (gdb) exec /usr/sbin/grpconv (gdb) run Starting program: /usr/sbin/grpconv Using host libthread_db library "/lib/tls/libthread_db.so.1". (no debugging symbols found) . . . (no debugging symbols found) Program received signal SIGSEGV, Segmentation fault. 0x400cbfbb in strlen () from /lib/tls/libc.so.6 (gdb)
# strace groupadd test . . . open("/etc/gshadow", O_RDWR|O_LARGEFILE) = 5 fstat64(5, {st_mode=S_IFREG|0400, st_size=56306, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40265000read(5, "root:::root\nbin:::root,bin,daemo"..., 4096) = 4096 read(5, "ralj,besawjm,besawkb,besawmm,bes"..., 4096) = 4096 read(5, "harltcp,chasecd,chasedg,chaserw,"..., 4096) = 4096 read(5, ",demidese,demockep,dempsems,demp"..., 4096) = 4096 read(5, "tday,flackma,flanagtc,fletchre,f"..., 4096) = 4096 read(5, "ej,hamiltgr,hamiltsm,hamlinja,ha"..., 4096) = 4096 read(5, "b,johnsoel,johnsohm,johnsojk,joh"..., 4096) = 4096 read(5, "lees,leesh,leetn,leeyb,lefauvej,"..., 4096) = 4096 read(5, "nair12,mcnallab,mcnallcw,mcnallm"..., 4096) = 4096 read(5, "linskja,olinskyl,oliverdt,oliver"..., 4096) = 4096 read(5, "ndalld,randalms,randy,rangans,ra"..., 4096) = 4096 read(5, "dk,sementmr,semerana,semionps,se"..., 4096) = 4096 read(5, "suttonsm,svendsee,svendsse,svenk"..., 4096) = 4096 read(5, "tzkm,weizhang,welchar,welchcj,we"..., 4096) = 3058 brk(0x80a0000) = 0x80a0000 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++ This showed that one of my groups in /etc/gshadow had too many user for shadow to handle. As I needed that group only once, a long time ago, I deleted it. That solved the problem.
we should probably fix the segfault ...
i cant get it to segfault over here ... how many users did you have in that one big group ?
There were 6925 users in group called 'games'. All of the users' names were 8 characters long. I created the list by redirecting the output of a script like this: #!/bin/bash for user in `cat /etc/passwd.afs | awk 'BEGIN {FS=:} {print $1}'` do echo -n "${user}," done echo -e "\b " exit 0 ... into a file. Then cutting and pasting the resulting line into /etc/group
I have recreated an /etc/gruop with one groups containing about 7,000 users. The length of /etc/group is 57,844 characters. Here are a few stack traces after segmentation faults: Running: /usr/sbin/grpconv /etc/group Program received signal SIGSEGV, Segmentation fault. 0x400f4b0a in _mcleanup () from /lib/libc.so.6 (gdb) bt #0 0x400f4b0a in _mcleanup () from /lib/libc.so.6 #1 0x400f533f in mcount () from /lib/libc.so.6 #2 0x0804a7fb in gshadow_dup (ent=0x8058b64) at sgroupio.c:61 #3 0x0804bbc5 in commonio_open (db=0x804e6a0, mode=2) at commonio.c:481 #4 0x0804ab7b in sgr_open (mode=66) at sgroupio.c:148 #5 0x08049433 in main (argc=1, argv=0xbfffd9a4) at grpconv.c:75 Running: /usr/sbin/grpck Program received signal SIGSEGV, Segmentation fault. 0x400f4b0a in _mcleanup () from /lib/libc.so.6 (gdb) bt #0 0x400f4b0a in _mcleanup () from /lib/libc.so.6 #1 0x400f533f in mcount () from /lib/libc.so.6 #2 0x0804ba6b in gshadow_dup (ent=0x8059b84) at sgroupio.c:61 #3 0x0804ce35 in commonio_open (db=0x804f6c0, mode=2) at commonio.c:481 #4 0x0804bdeb in sgr_open (mode=2) at sgroupio.c:148 #5 0x08049b9c in main (argc=1, argv=0xbfffd4a4) at grpck.c:267 Running: /usr/sbin/groupadd hello Program received signal SIGSEGV, Segmentation fault. 0x400ffb0a in _mcleanup () from /lib/libc.so.6 (gdb) bt #0 0x400ffb0a in _mcleanup () from /lib/libc.so.6 #1 0x4010033f in mcount () from /lib/libc.so.6 #2 0x0804c26f in gshadow_dup (ent=0x805ae04) at sgroupio.c:61 #3 0x0804d639 in commonio_open (db=0x8050920, mode=2) at commonio.c:481 #4 0x0804c5ef in sgr_open (mode=2) at sgroupio.c:148 #5 0x0804a28b in open_files () at groupadd.c:450 #6 0x0804a58d in main (argc=2, argv=0xbffff014) at groupadd.c:576 It seems that all segmentation faults happen due to /lib/libc.so.6, which is owned by glibc.
related bug filed at redhat: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125510
and actually it's already fixed in shadow-4.0.10 * lib/gshadow.c, NEWS: rewrited group count to dynamic (by John Newbigin <jnewbigin@ict.swin.edu.au >).
