[gentoo-hardened] dhcpd segfault randomly - gentoo-hardened

From:	Bastian Balthazar Bux <BastianBalthazarBux@×××××××××.it>
To:	gentoo-hardened@l.g.o
Subject:	[gentoo-hardened] dhcpd segfault randomly
Date:	Mon, 15 Aug 2005 15:55:18
Message-Id:	`4300BA8E.40702@pnpitalia.it`

1

Or help me in writing a good bug-report.

2

3

The problem arise when using chrooted dhcpd, and disappear in a non

4

chrooted environment.

5

I'm intentioned in provide a decent bug report, please suggest other

6

things that can be logged and provided.

7

(would be nice to avoid expose dhcpd.log.*, they contain too much data ;)

8

9

Thanks in advance.

10

11

Some data:

12

The box in question is

13

Portage 2.0.51.22-r2 (default-linux/x86/2005.0, gcc-3.4.4,

14

glibc-2.3.5-r1, 2.6.11-hardened-r15 i686)

15

CBUILD="i686-pc-linux-gnu"

16

CFLAGS="-O2 -march=i686 -fomit-frame-pointer"

17

CHOST="i686-pc-linux-gnu"

18

CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer"

19

20

/proc/sys/kernel/grsecurity/chroot*

21

  chroot_findtask    1

22

  chroot_deny_sysctl    1

23

  chroot_caps    0

24

  chroot_restrict_nice    1

25

  chroot_deny_mknod    1

26

  chroot_deny_chmod    0

27

  chroot_enforce_chdir    1

28

  chroot_deny_pivot    1

29

  chroot_deny_chroot    1

30

  chroot_deny_fchdir    1

31

  chroot_deny_mount    1

32

  chroot_deny_unix    1

33

  chroot_deny_shmat    1

34

35

The script used to test the whole stuff:

36

37

========================

38

#! /bin/sh

39

for i in 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20

40

do

41

  echo "======== $i ========"

42

  date

43

  /usr/sbin/dhcpd -tf /root/dhcpd.log -f -pf \

44

    /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q \

45

    -chroot /chroot/dhcp lan

46

  #WORK WITHOUT "-chroot /chroot/dhcp lan"

47

  mv /root/dhcpd.log "/root/dhcpd.log.${i}"

48

done

49

========================

50

51

the output found in nohup.out

52

53

======== 01 ========

54

Sat Jul 30 11:25:05 CEST 2005

55

./MONITOR.sh: line 2:  4112 Segmentation fault      /usr/sbin/dhcpd -tf

56

/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q

57

-chroot /chroot/dhcp lan

58

======== 02 ========

59

Sat Jul 30 19:14:14 CEST 2005

60

./MONITOR.sh: line 2: 13176 Segmentation fault      /usr/sbin/dhcpd -tf

61

/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q

62

-chroot /chroot/dhcp lan

63

======== 03 ========

64

Sun Jul 31 07:40:33 CEST 2005

65

./MONITOR.sh: line 2: 23751 Segmentation fault      /usr/sbin/dhcpd -tf

66

/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q

67

-chroot /chroot/dhcp lan

68

======== 04 ========

69

Sun Jul 31 08:50:41 CEST 2005

70

./MONITOR.sh: line 2:  3749 Segmentation fault      /usr/sbin/dhcpd -tf

71

/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q

72

-chroot /chroot/dhcp lan

73

======== 05 ========

74

Mon Aug  1 07:40:24 CEST 2005

75

./MONITOR.sh: line 2: 22007 Segmentation fault      /usr/sbin/dhcpd -tf

76

/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q

77

-chroot /chroot/dhcp lan

78

======== 06 ========

79

Mon Aug  1 08:50:07 CEST 2005

80

./MONITOR.sh: line 2: 27114 Segmentation fault      /usr/sbin/dhcpd -tf

81

/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q

82

-chroot /chroot/dhcp lan

83

======== 07 ========

84

Mon Aug  1 11:02:42 CEST 2005

85

./MONITOR.sh: line 2: 27055 Segmentation fault      /usr/sbin/dhcpd -tf

86

/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q

87

-chroot /chroot/dhcp lan

88

======== 08 ========

89

Mon Aug  1 13:34:54 CEST 2005

90

./MONITOR.sh: line 2: 12301 Segmentation fault      /usr/sbin/dhcpd -tf

91

/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q

92

-chroot /chroot/dhcp lan

93

======== 09 ========

94

Mon Aug  1 14:41:19 CEST 2005

95

./MONITOR.sh: line 2:  3582 Segmentation fault      /usr/sbin/dhcpd -tf

96

/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q

97

-chroot /chroot/dhcp lan

98

======== 10 ========

99

Tue Aug  2 07:40:15 CEST 2005

100

./MONITOR.sh: line 2: 12482 Segmentation fault      /usr/sbin/dhcpd -tf

101

/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q

102

-chroot /chroot/dhcp lan

103

======== 11 ========

104

Tue Aug  2 08:50:39 CEST 2005

105

./MONITOR.sh: line 2: 31447 Segmentation fault      /usr/sbin/dhcpd -tf

106

/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q

107

-chroot /chroot/dhcp lan

108

[snip]

109

110

entry in dhcpd.conf

111

=======

112

subnet 1.2.3.0 netmask 255.255.255.0 {

113

  range 1.2.3.130 1.2.3.170;

114

  option domain-name-servers 1.2.3.1, 1.2.3.2;

115

  option ntp-servers 1.2.3.1, 1.2.3.2;

116

  option domain-name "example.it";

117

  option routers 1.2.3.1;

118

  option broadcast-address 1.2.3.255;

119

  default-lease-time 172800;

120

  max-lease-time 345600;

121

}

122

=======

123

124

The clients are win 2000

125

126

--

127

gentoo-hardened@g.o mailing list

1	Or help me in writing a good bug-report.
2
3	The problem arise when using chrooted dhcpd, and disappear in a non
4	chrooted environment.
5	I'm intentioned in provide a decent bug report, please suggest other
6	things that can be logged and provided.
7	(would be nice to avoid expose dhcpd.log.*, they contain too much data ;)
8
9	Thanks in advance.
10
11	Some data:
12	The box in question is
13	Portage 2.0.51.22-r2 (default-linux/x86/2005.0, gcc-3.4.4,
14	glibc-2.3.5-r1, 2.6.11-hardened-r15 i686)
15	CBUILD="i686-pc-linux-gnu"
16	CFLAGS="-O2 -march=i686 -fomit-frame-pointer"
17	CHOST="i686-pc-linux-gnu"
18	CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer"
19
20	/proc/sys/kernel/grsecurity/chroot*
21	chroot_findtask 1
22	chroot_deny_sysctl 1
23	chroot_caps 0
24	chroot_restrict_nice 1
25	chroot_deny_mknod 1
26	chroot_deny_chmod 0
27	chroot_enforce_chdir 1
28	chroot_deny_pivot 1
29	chroot_deny_chroot 1
30	chroot_deny_fchdir 1
31	chroot_deny_mount 1
32	chroot_deny_unix 1
33	chroot_deny_shmat 1
34
35	The script used to test the whole stuff:
36
37	========================
38	#! /bin/sh
39	for i in 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20
40	do
41	echo "======== $i ========"
42	date
43	/usr/sbin/dhcpd -tf /root/dhcpd.log -f -pf \
44	/var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q \
45	-chroot /chroot/dhcp lan
46	#WORK WITHOUT "-chroot /chroot/dhcp lan"
47	mv /root/dhcpd.log "/root/dhcpd.log.${i}"
48	done
49	========================
50
51	the output found in nohup.out
52
53	======== 01 ========
54	Sat Jul 30 11:25:05 CEST 2005
55	./MONITOR.sh: line 2: 4112 Segmentation fault /usr/sbin/dhcpd -tf
56	/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q
57	-chroot /chroot/dhcp lan
58	======== 02 ========
59	Sat Jul 30 19:14:14 CEST 2005
60	./MONITOR.sh: line 2: 13176 Segmentation fault /usr/sbin/dhcpd -tf
61	/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q
62	-chroot /chroot/dhcp lan
63	======== 03 ========
64	Sun Jul 31 07:40:33 CEST 2005
65	./MONITOR.sh: line 2: 23751 Segmentation fault /usr/sbin/dhcpd -tf
66	/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q
67	-chroot /chroot/dhcp lan
68	======== 04 ========
69	Sun Jul 31 08:50:41 CEST 2005
70	./MONITOR.sh: line 2: 3749 Segmentation fault /usr/sbin/dhcpd -tf
71	/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q
72	-chroot /chroot/dhcp lan
73	======== 05 ========
74	Mon Aug 1 07:40:24 CEST 2005
75	./MONITOR.sh: line 2: 22007 Segmentation fault /usr/sbin/dhcpd -tf
76	/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q
77	-chroot /chroot/dhcp lan
78	======== 06 ========
79	Mon Aug 1 08:50:07 CEST 2005
80	./MONITOR.sh: line 2: 27114 Segmentation fault /usr/sbin/dhcpd -tf
81	/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q
82	-chroot /chroot/dhcp lan
83	======== 07 ========
84	Mon Aug 1 11:02:42 CEST 2005
85	./MONITOR.sh: line 2: 27055 Segmentation fault /usr/sbin/dhcpd -tf
86	/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q
87	-chroot /chroot/dhcp lan
88	======== 08 ========
89	Mon Aug 1 13:34:54 CEST 2005
90	./MONITOR.sh: line 2: 12301 Segmentation fault /usr/sbin/dhcpd -tf
91	/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q
92	-chroot /chroot/dhcp lan
93	======== 09 ========
94	Mon Aug 1 14:41:19 CEST 2005
95	./MONITOR.sh: line 2: 3582 Segmentation fault /usr/sbin/dhcpd -tf
96	/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q
97	-chroot /chroot/dhcp lan
98	======== 10 ========
99	Tue Aug 2 07:40:15 CEST 2005
100	./MONITOR.sh: line 2: 12482 Segmentation fault /usr/sbin/dhcpd -tf
101	/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q
102	-chroot /chroot/dhcp lan
103	======== 11 ========
104	Tue Aug 2 08:50:39 CEST 2005
105	./MONITOR.sh: line 2: 31447 Segmentation fault /usr/sbin/dhcpd -tf
106	/root/dhcpd.log -f -pf /var/run/dhcp/dhcpd.pid -user dhcp -group dhcp -q
107	-chroot /chroot/dhcp lan
108	[snip]
109
110	entry in dhcpd.conf
111	=======
112	subnet 1.2.3.0 netmask 255.255.255.0 {
113	range 1.2.3.130 1.2.3.170;
114	option domain-name-servers 1.2.3.1, 1.2.3.2;
115	option ntp-servers 1.2.3.1, 1.2.3.2;
116	option domain-name "example.it";
117	option routers 1.2.3.1;
118	option broadcast-address 1.2.3.255;
119	default-lease-time 172800;
120	max-lease-time 345600;
121	}
122	=======
123
124	The clients are win 2000
125
126	--
127	gentoo-hardened@g.o mailing list

Gentoo Archives: gentoo-hardened