Re: Crashes with Grsecurity kernel from Christian Rößner on 2015-01-10 (OpenDKIM Users mailing list)

From: Christian Rößner <c_at_roessner-network-solutions.com>
Date: Sat, 10 Jan 2015 11:27:56 +0100

Hi,

one additional note:

I rememver I had posted about crashes some months ago. And I remember that the gdb output was normal. So I fear the code below also only shows standard behavior. So in fact I can not provide gdb output for this issue, but the bug exists :-(

I only hope you can find the problems in the code yourself.

It seems the milter runs for some time and doing its job and suddenly it crashes. So for me it feels like some memory allocation is not clean. Maybe writing over the end of a buffer or whatever. Sorry that I can not provide further information

Christian

> Am 10.01.2015 um 11:14 schrieb Christian Rößner <c_at_roessner-network-solutions.com>:
>
> Hi,
>
> unfortunately OpenDKIM 2.9.3 and 2.10.0 fail all over the time with a grsecurity hardened kernel 3.17.7. It seems opendkim is doing something evil, which leads the kernel to trigger a bruteforce attack and kill the process.
>
> It is really hard to debug this. Here is the little of the gdb output I could gather:
>
> Reading symbols from /usr/lib64/libcrypto.so.1.0.0...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib64/libcrypto.so.1.0.0
> Reading symbols from /usr/lib64/liblber-2.4.so.2...Reading symbols from /usr/lib64/debug//usr/lib64/liblber-2.4.so.2.10.1.debug...done.
> done.
> Loaded symbols for /usr/lib64/liblber-2.4.so.2
> Reading symbols from /usr/lib64/libunbound.so.2...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib64/libunbound.so.2
> Reading symbols from /usr/lib64/libvbr.so.2...Reading symbols from /usr/lib64/debug//usr/lib64/libvbr.so.2.0.0.debug...done.
> done.
> Loaded symbols for /usr/lib64/libvbr.so.2
> Reading symbols from /usr/lib64/librbl.so.1...Reading symbols from /usr/lib64/debug//usr/lib64/librbl.so.1.0.0.debug...done.
> done.
> Loaded symbols for /usr/lib64/librbl.so.1
> Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libresolv.so.2
> Reading symbols from /usr/lib64/libbsd.so.0...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib64/libbsd.so.0
> Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done.
> [New LWP 10263]
> [New LWP 10031]
> [New LWP 10030]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> Loaded symbols for /lib64/libpthread.so.0
> Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libc.so.6
> Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libdl.so.2
> Reading symbols from /usr/lib/gcc/x86_64-pc-linux-gnu/4.8.3/libstdc++.so.6...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/gcc/x86_64-pc-linux-gnu/4.8.3/libstdc++.so.6
> Reading symbols from /usr/lib/gcc/x86_64-pc-linux-gnu/4.8.3/libgcc_s.so.1...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/gcc/x86_64-pc-linux-gnu/4.8.3/libgcc_s.so.1
> Reading symbols from /usr/lib64/libsasl2.so.3...Reading symbols from /usr/lib64/debug//usr/lib64/libsasl2.so.3.0.0.debug...done.
> done.
> Loaded symbols for /usr/lib64/libsasl2.so.3
> Reading symbols from /lib64/libz.so.1...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libz.so.1
> Reading symbols from /usr/lib64/libevent-2.0.so.5...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib64/libevent-2.0.so.5
> Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
> Loaded symbols for /lib64/ld-linux-x86-64.so.2
> 0x000076ae9cfc5a73 in select () from /lib64/libc.so.6
> (gdb) cont
> Continuing.
> Reading symbols from /usr/lib64/libevent-2.0.so.5...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib64/libevent-2.0.so.5
> Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
> Loaded symbols for /lib64/ld-linux-x86-64.so.2
> Reading symbols from /usr/lib64/sasl2/libanonymous.so...Reading symbols from /usr/lib64/debug//usr/lib64/sasl2/libanonymous.so.3.0.0.debug...done.
> done.
> Loaded symbols for /usr/lib64/sasl2/libanonymous.so
> Reading symbols from /usr/lib64/sasl2/libsasldb.so...Reading symbols from /usr/lib64/debug//usr/lib64/sasl2/libsasldb.so.3.0.0.debug...done.
> done.
> Loaded symbols for /usr/lib64/sasl2/libsasldb.so
> Reading symbols from /usr/lib64/libgdbm.so.4...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib64/libgdbm.so.4
> Reading symbols from /usr/lib64/sasl2/libntlm.so...Reading symbols from /usr/lib64/debug//usr/lib64/sasl2/libntlm.so.3.0.0.debug...done.
> done.
> Loaded symbols for /usr/lib64/sasl2/libntlm.so
> Reading symbols from /usr/lib64/sasl2/libplain.so...Reading symbols from /usr/lib64/debug//usr/lib64/sasl2/libplain.so.3.0.0.debug...done.
> done.
> Loaded symbols for /usr/lib64/sasl2/libplain.so
> Reading symbols from /usr/lib64/sasl2/libldapdb.so...Reading symbols from /usr/lib64/debug//usr/lib64/sasl2/libldapdb.so.3.0.0.debug...done.
> done.
> Loaded symbols for /usr/lib64/sasl2/libldapdb.so
> Reading symbols from /usr/lib64/sasl2/libdigestmd5.so...Reading symbols from /usr/lib64/debug//usr/lib64/sasl2/libdigestmd5.so.3.0.0.debug...done.
> done.
> Loaded symbols for /usr/lib64/sasl2/libdigestmd5.so
> Reading symbols from /usr/lib64/sasl2/libotp.so...Reading symbols from /usr/lib64/debug//usr/lib64/sasl2/libotp.so.3.0.0.debug...done.
> done.
> Loaded symbols for /usr/lib64/sasl2/libotp.so
> Reading symbols from /usr/lib64/sasl2/liblogin.so...Reading symbols from /usr/lib64/debug//usr/lib64/sasl2/liblogin.so.3.0.0.debug...done.
> done.
> Loaded symbols for /usr/lib64/sasl2/liblogin.so
> Reading symbols from /usr/lib64/sasl2/libcrammd5.so...Reading symbols from /usr/lib64/debug//usr/lib64/sasl2/libcrammd5.so.3.0.0.debug...done.
> done.
> Loaded symbols for /usr/lib64/sasl2/libcrammd5.so
> Reading symbols from /usr/lib64/sasl2/libscram.so...Reading symbols from /usr/lib64/debug//usr/lib64/sasl2/libscram.so.3.0.0.debug...done.
> done.
> Loaded symbols for /usr/lib64/sasl2/libscram.so
> 0x000067899d8e2a73 in select () from /lib64/libc.so.6
> (gdb) cont
> Continuing.
> [New Thread 0x67898bf89700 (LWP 12966)]
>
> Program received signal SIGABRT, Aborted.
> [Switching to Thread 0x67898bf89700 (LWP 12966)]
> 0x000067899d834825 in raise () from /lib64/libc.so.6
> (gdb) bt
> #0 0x000067899d834825 in raise () from /lib64/libc.so.6
> #1 0x000067899d835ca8 in abort () from /lib64/libc.so.6
> #2 0x000067899d874e22 in ?? () from /lib64/libc.so.6
> #3 0x000067899d874e4e in __libc_fatal () from /lib64/libc.so.6
> #4 0x000067899d8808a5 in ?? () from /lib64/libc.so.6
> #5 0x000067899d88096b in ?? () from /lib64/libc.so.6
> #6 0x000067899d880d17 in ?? () from /lib64/libc.so.6
> #7 0x00006789a0086e77 in mi_handle_session () from /usr/lib64/libmilter.so.1.0.2
> #8 0x00006789a0085969 in ?? () from /usr/lib64/libmilter.so.1.0.2
> #9 0x000067899dbb21da in start_thread () from /lib64/libpthread.so.0
> #10 0x000067899d8e9e7d in clone () from /lib64/libc.so.6
>
> I use this kernel for about 10 servers with dozens of applications and unfortunately opendkim is the only application that causes trouble. So I fear there must be a problem with the code :-(
>
> As a temporary workaround I am running a standard 3.17.7 kernel without grsecurity.
>
> Kind regards
>
> Christian
> --
> Bachelor of Science Informatik
> Erlenwiese 14, 36304 Alsfeld
> T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345
> USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com
>

--
Bachelor of Science Informatik
Erlenwiese 14, 36304 Alsfeld
T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345
USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com

application/pgp-signature attachment: Message signed with OpenPGP using GPGMail

Received on Sat Jan 10 2015 - 10:28:12 PST

This archive was generated by hypermail 2.3.0 : Sat Jan 10 2015 - 10:36:00 PST