| Summary: | gringotts 1.2.8 doesn't start | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Arno <gentoo> |
| Component: | Current packages | Assignee: | Leonardo Boshell (RETIRED) <leonardop> |
| Status: | RESOLVED UPSTREAM | ||
| Severity: | normal | CC: | fmouse-gentoo, gentoo-bugs, gentoo.bugs.10, gustav.schaffter |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | x86 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Arno
2004-10-29 14:22:50 UTC
Here, something really weird happens. It segfaults inmediatly if I start it like $ gringotts but it works if I start it with $ strace gringotts (!!!) Rebuilt it and that didn't help. Not with any of my compilers (gcc-3 .4.1 and 3.3.4-r1). Also, tried to move its config files away and start it like it was never started before; still segfaults on start, and correctly works opening a empty gringotts data file if straced. For now, been using it with strace with paranoid backuping of the data files (one backup/modification, backups saved in separated files named with an incremental number) same here. I also run it with strace (even though without any special back-up procedures). $ emerge --info Portage 2.0.51-r3 (default-x86-2004.2, gcc-3.3.4, glibc-2.3.4.20040808-r1, 2.6.9 i686) ================================================================= System uname: 2.6.9 i686 Intel(R) Pentium(R) 4 Mobile CPU 1.80GHz Gentoo Base System version 1.4.16 distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] ccache version 2.3 [enabled] Autoconf: sys-devel/autoconf-2.59-r5 Automake: sys-devel/automake-1.8.5-r1 Binutils: sys-devel/binutils-2.14.90.0.8-r1 Headers: sys-kernel/linux-headers-2.4.19-r1,sys-kernel/linux-headers-2.4.21-r1 Libtools: sys-devel/libtool-1.5.2-r5 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=pentium4 -mcpu=pentium4 -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium4 -mcpu=pentium4 -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs candy ccache distcc distlocks emergemail fixpackages nostrip sandbox" GENTOO_MIRRORS="http://gentoo.osuosl.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.i-no.de/gentoo-portage" USE="X Xaw3d aalib acpi alsa amd apm arts artswrappersuid avi berkdb bitmap-fonts bonobo cdr chroot crypt cups dga directfb doc dvd emacs encode ethereal f77 faad fbcon foomaticdb fortran freetds gd gdbm gif gphoto2 gpm gtk gtk2 gtkhtml guile hbci imap imlib innodb ipalias irda jabber java jikes jpeg kde kerberos lcms ldap leim libg++ libgda libwww mad maildir mikmod mmx mng motif mozilla moznocompose moznoirc moznomail moznoxft mozsvg mpeg mssql mysql ncurses nls noamazon oav odbc oggvorbis opengl operanom2 oss pam pcmcia pda pdflib perl pic png pnp postgres python qt quicktime quotes radeon readline ruby samba sasl scanner sdl slang smime speex spell sse ssl svg svga tcltk tcpd tetex tiff truetype trusted type1 unicode usb vim-with-x wmf x86 xine xml xml2 xmms xv xvid zlib video_cards_radeon linguas_de_CH linguas_de" I can confirm that, without strace I get the same error message and with strace it works. I have _exactly_ the same behaviour in debian/unstable Having done some research regarding this issue, this is what I found: The problem is caused, apparently, by a bug/feature in some glibc incarnations, where a process with an effective uid of 0 (root) calling getpwuid_r() after mlockall() produces an error condition. This affects gringotts because it's installed suid by default, apparently because the author wanted to provide the benefits of calling mlockall() from inside the program. That is why running gringotts through another binary (gdb, strace, et al) can be used as a workaround. It could help to just do ``chmod u-s /usr/bin/gringotts'' too. Given the situation, it seems like there's nothing we can do, other than working around the glibc issue. Please take a look at gringotts-1.2.8-r1, which implements a local USE flag: `suid', to enable/disable the suid binary. If no other funny effects are reported, I will then close this as CANTFIX. Thank you all for your help. Hi, disabling mlockall takes a lot of security from gringotts, so this is not an optimal solution. Leonardo, do you have a source/URL for your mentioned problems wrt. mlockall and getpwduid_r? I was not able to find something on the glibc mailing list or with google. Regards, Bastian Same situation here. The messages I get are: $ gringotts (process:23824): GLib-WARNING **: getpwuid_r(): failed due to unknown user id (1000) Gringotts version 1.2.8 (libGringotts 1.2.1) (c) 2002 Germano Rizzo <mano78@users.sourceforge.net> released under GNU General Public License (GPL) v.2 or later See COPYING or go to http://www.gnu.org/copyleft/gpl.html (process:23824): Gtk-WARNING **: Locale not supported by C library. Using the fallback 'C' locale. (gringotts:23824): Gdk-WARNING **: locale not supported by Xlib (gringotts:23824): Gdk-WARNING **: can not set locale modifiers (process:23824): GLib-ERROR (recursed) **: gmem.c:173: failed to allocate 64 bytes aborting... Aborted Odd thing, though. If I run it as root with the -s option it works OK. Good thing, too! I have a bunch of passwords in it that I'd be SOL if I couldn't get to! Kinda makes me NERVOUS when this sort of thing happens ;-) $ emerge info Portage 2.0.51-r3 (default-linux/x86/2004.0, gcc-3.3.4, glibc-2.3.4.20040808-r1, 2.6.9-gentoo-r1 i686) ================================================================= System uname: 2.6.9-gentoo-r1 i686 Intel(R) Pentium(R) 4 CPU 2.60GHz Gentoo Base System version 1.4.16 ccache version 2.3 [enabled] Autoconf: sys-devel/autoconf-2.59-r5 Automake: sys-devel/automake-1.8.5-r1 Binutils: sys-devel/binutils-2.15.90.0.1.1-r3 Headers: sys-kernel/linux-headers-2.4.19-r1,sys-kernel/linux-headers-2.4.21-r1 Libtools: sys-devel/libtool-1.5.2-r7 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -mcpu=pentium4 -march=pentium4 -fprefetch-loop-arrays -pipe" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.1/share/config /usr/kde/3.2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -mcpu=pentium4 -march=pentium4 -fprefetch-loop-arrays -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms" GENTOO_MIRRORS="ftp://gentoo.noved.org/ http://gentoo.noved.org/ ftp://ftp.ussg.iu.edu/pub/linux/gentoo" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X Xaw3d acl acpi alsa apache2 apm arts avi berkdb bindist bitmap-fonts bonobo cdr crypt cups curl doc dvd dvdr encode esd evo f77 fam fastcgi flac flash foomaticdb fortran gdbm gif gnome gpm gps gstreamer gtk gtk2 gtkhtml guile imagemagick imap imlib ipv6 java jikes jpeg junit libg++ libwww mad maildir mcal mikmod motif mozilla mpeg mysql nas ncurses nls oggvorbis opengl oss pam pdflib perl plotutils png ppds python quicktime readline samba sasl scanner sdl slang slp snmp spell sse ssl svga tcltk tcpd tetex tiff truetype usb x86 xml xml2 xmms xosd xv zeo zlib" I just got this problem too. I think it is related to the 2.6.9 kernel (gentoo-dev-sources). If i boot 2.6.9-r9, gringotts is broken, if i boot 2.6.8-r10 gringotts is fine. app-crypt/gringotts-1.2.8-r1 (w/o suid use flag) works ok now (with gentoo-dev-sources-2.6.9-r9), thanks. Sorry for the late reply. Bastian: I understand your point, but after all, this is a case where dealing with security issues on a GUI-based program represents trade-offs like this one. I think using mlockall() the way it's used in gringotts was a clever design decision by the developer, but as you can see, it brings consequences. Everybody: Thanks for the input. Closing as an upstream issue for now, but feel free to let me know if you come up with a better solution. *** Bug 77640 has been marked as a duplicate of this bug. *** |
