Vincent Schonau
vince@niet.net
Thu Mar 17 09:36:20 UTC 2005
The following appears in my webserver error-log:
sh: line 1: 3817 Segmentation fault /var/dcc/libexec/dccsight -QG
"89d70f46 05f383e6 dfa0738e 3877f7d9"
Running that command manually or with other checksums also results in a
segmentation fault (on Linux, 2.6.10, Fedora Core, glibc version 2.3.4).
A partial strace of that command shows:
mprotect(0x66a000, 8192, PROT_READ) = 0
mprotect(0xf58000, 4096, PROT_READ) = 0
mprotect(0xcaa000, 4096, PROT_READ) = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f446c0,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1}) = 0
munmap(0xb7f46000, 28236) = 0
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = 0
fstat64(2, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = 0
getuid32() = 500
geteuid32() = 500
setresuid32(-1, 500, -1) = 0
chdir("/var/dcc") = 0
brk(0) = 0x9e20000
brk(0x9e41000) = 0x9e41000
open("/var/dcc/map", O_RDWR) = -1 EACCES (Permission denied)
write(2, "open(/var/dcc/map): Permission d"..., 37open(/var/dcc/map):
Permission denied) = 37
write(2, "; fatal error\n", 14; fatal error
) = 14
exit_group(66) = ?
when run as a normal user. The dccsight binary is installed set-uid dcc:
-r-sr-xr-x 1 dcc bin 104814 Mar 15 16:23 /var/dcc/libexec/dccsight
and /var/dcc/map is owned by dcc:
-rw------- 1 dcc dcc 4460 Mar 15 13:30 /var/dcc/map
An invocation of dccsight without -G does work:
$ /var/dcc/libexec/dccsight -Q
Fuz2: a27da125 9f2e4c69 3cef7811 a1051762
X-DCC-NIET-Metrics: werkt.niet.net 1080; bulk Body=0 Fuz2=many
Other invocations of dccsight -QG appear to work *once* when called from
the cgi-scripts but segfault in the same way when executed manually or
in subsequent accesses to list-msg via the cgi-scripts.
Regards,
Vince.
More information about the DCC
mailing list
