Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 768615

Summary: net-dns/unbound-1.13.0 crashes on glibc-2.33 in initgroups() after a chroot()
Product: Gentoo Linux Reporter: Sergei Trofimovich (RETIRED) <slyfox>
Component: Current packagesAssignee: Marc Schiffbauer <mschiff>
Status: RESOLVED FIXED    
Severity: normal CC: sam, whissi
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/NLnetLabs/unbound/issues/418
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 768369    

Description Sergei Trofimovich (RETIRED) gentoo-dev 2021-02-04 07:56:47 UTC
Minimized example is at upstream glibc bug: https://sourceware.org/PR27343

But I'm not sure what unbound does is legitimate. chroot() outside / renders nss functions unusable like initgroups(). At beast it would fail to populate any data.

Should initgroups be called before chroot()? gdb backtrace to ease tracking down source location:

# LANG=C gdb --quiet --args /usr/sbin/unbound -d
Reading symbols from /usr/sbin/unbound...
Reading symbols from /usr/lib/debug//usr/sbin/unbound.debug...
(gdb) run
Starting program: /usr/sbin/unbound -d
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
internal_getgrouplist (user=0x555555678550 "unbound", group=group@entry=987, size=size@entry=0x7fffffffe3a8, groupsp=groupsp@entry=0x7fffffffe3b0, limit=limit@entry=65536) at initgroups.c:91
91      initgroups.c: No such file or directory.
(gdb) bt
#0  internal_getgrouplist (user=0x555555678550 "unbound", group=group@entry=987, size=size@entry=0x7fffffffe3a8, groupsp=groupsp@entry=0x7fffffffe3b0, limit=limit@entry=65536)
    at initgroups.c:91
#1  0x00007ffff7a0423a in initgroups (user=<optimized out>, group=987) at initgroups.c:205
#2  0x0000555555560839 in perform_setup (need_pidfile=1, cfgfile=<synthetic pointer>, debug_mode=1, cfg=0x555555677f60, daemon=0x55555564d2d0) at daemon/unbound.c:622
#3  run_daemon (need_pidfile=1, debug_mode=1, cmdline_verbose=0, cfgfile=0x5555555fd5a4 "/unbound.conf") at daemon/unbound.c:699
#4  main (argc=<optimized out>, argv=<optimized out>) at daemon/unbound.c:808
Comment 1 Sergei Trofimovich (RETIRED) gentoo-dev 2021-02-05 08:45:42 UTC
Unbound upstream discussion (no conclusion yet): https://github.com/NLnetLabs/unbound/issues/418
Comment 2 Andreas K. Hüttel archtester gentoo-dev 2021-03-09 23:39:19 UTC
This should already be fixed in current glibc-2.33 (patchlevel 2). 

(I did not revbump since it has no keywords.)
Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev 2021-03-10 07:26:41 UTC
I still think it's an unbound bug to call NSS services in a chroot.