the new and shiny bind-9.4.0_rc2 crashes on my box every time I run it: PAX: execution attempt in: <NULL>, 00000000-00000000 00000000 PAX: terminating task: /usr/sbin/named(named):687, uid/euid: 40/40, PC: 42756621, SP: 4f5b6890 PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? PAX: bytes at SP-4: 42756621 4f5b68b0 000000ff 00000000 00000000 00000000 ffffffff ffffffff 00000000 4f7d9170 4dd84ec8 4f757828 4f7d9420 4f7d3655 4dd7e234 00000000 4f96bdb4 8f927d31 4f5db208 4f5b6938 4f96188c grsec: From 159.134.222.3: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/named[named:687] uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 emerge info Portage 2.1.2-r8 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5, 2.6.19-hardened-r5 i686) ================================================================= System uname: 2.6.19-hardened-r5 i686 Pentium II (Deschutes) Gentoo Base System version 1.12.9 Timestamp of tree: Tue, 06 Feb 2007 13:50:01 +0000 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] dev-lang/python: 2.4.4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.20 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium2 -O3 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=pentium2 -O3 -pipe" DISTDIR="/opt/distfiles" FEATURES="autoconfig collision-protect distlocks metadata-transfer sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror http://gentoo.mirror.solnet.ch http://trumpetti.atm.tut.fi/gentoo/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/opt/portagetmp" PORTDIR="/usr/portage" SYNC="rsync://rsync5.pl.gentoo.org/gentoo-portage" USE="bashlogger berkdb bzip2 caps chroot clearpasswd crypt dlloader elf ftp glibc-omitfp hardened hpn mbox midi minimal ncurses nptl nptlonly pam pam_chroot pam_timestamp pic pwdb readline sendfile sftplogging symlink tcpd threads userlocales x86 xinetd xorg zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Bind-9.3.4 gives also same problems when compiled on hardened box. (PAX, PIE-SPP) No compiling errors. Starts and read zone's but after about 1 minute crashes. There also seems some problem with detecting ipv6 interfaces. Following use-flags are used (BIND-9.3.4): USE="berkdb ipv6 ldap mysql postgres ssl threads -dlz -doc -idn -odbc -resolvconf% (-selinux)" And here the last lines in my syslog at which Bind seems to crash: Feb 8 00:57:31 tux named[2920]: zone_timer: zone id.server/CH: enter Feb 8 00:57:31 tux named[2920]: zone_timer: zone id.server/CH: enter Feb 8 00:57:31 tux named[2920]: zone_maintenance: zone id.server/CH: enter Feb 8 00:57:31 tux named[2920]: zone_maintenance: zone id.server/CH: enter I don't know if these are common end lines when starting 9.3.4, but for 9.3.2-r4 the next messages appear: Feb 8 11:42:58 tux named[4222]: zone_timer: zone id.server/CH: enter Feb 8 11:42:58 tux named[4222]: zone_timer: zone id.server/CH: enter Feb 8 11:42:58 tux named[4222]: zone_maintenance: zone id.server/CH: enter Feb 8 11:42:58 tux named[4222]: zone_maintenance: zone id.server/CH: enter Feb 8 11:43:05 tux named[4222]: received control channel command 'null' Feb 8 11:43:05 tux named[4222]: received control channel command 'null' Feb 8 11:43:05 tux named[4222]: received control channel command 'status' Feb 8 11:43:05 tux named[4222]: received control channel command 'status' So, maybe there is something wrong with calling the command channel. Hope this will help to solve the problem.
ma bind 9.3.4 on a hardened box crashed with "named: stack smashing attack in function query_find()"
(In reply to comment #2) > ma bind 9.3.4 on a hardened box crashed with "named: stack smashing attack in > function query_find()" > Please see Bug 158664 in regard to bind 9.3.4
Definitely a dupe of #158664 - I had the same issue and it's now been addressed.
I can confirm that bind-9.4.0-r2 works fine here. Guess noone should bother about 9.4.0_rc2 anymore! :) *** This bug has been marked as a duplicate of bug 158664 ***