dccsight -QG as used in the cgi-scripts segfaults

Vincent Schonau vince@niet.net
Thu Mar 17 09:36:20 UTC 2005


The following appears in my webserver error-log:

sh: line 1:  3817 Segmentation fault      /var/dcc/libexec/dccsight -QG 
"89d70f46 05f383e6 dfa0738e 3877f7d9"

Running that command manually or with other checksums also results in a 
segmentation fault (on Linux, 2.6.10, Fedora Core, glibc version 2.3.4).

A partial strace of that command shows:

mprotect(0x66a000, 8192, PROT_READ)     = 0
mprotect(0xf58000, 4096, PROT_READ)     = 0
mprotect(0xcaa000, 4096, PROT_READ)     = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f446c0, 
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, 
limit_in_pages:1, seg_not_present:0, useable:1}) = 0
munmap(0xb7f46000, 28236)               = 0
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = 0
fstat64(2, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = 0
getuid32()                              = 500
geteuid32()                             = 500
setresuid32(-1, 500, -1)                = 0
chdir("/var/dcc")                       = 0
brk(0)                                  = 0x9e20000
brk(0x9e41000)                          = 0x9e41000
open("/var/dcc/map", O_RDWR)            = -1 EACCES (Permission denied)
write(2, "open(/var/dcc/map): Permission d"..., 37open(/var/dcc/map): 
Permission denied) = 37
write(2, "; fatal error\n", 14; fatal error
)         = 14
exit_group(66)                          = ?

when run as a normal user. The dccsight binary is installed set-uid dcc:

-r-sr-xr-x  1 dcc bin 104814 Mar 15 16:23 /var/dcc/libexec/dccsight

and /var/dcc/map is owned by dcc:

-rw-------  1 dcc dcc 4460 Mar 15 13:30 /var/dcc/map

An invocation of dccsight without -G does work:

$ /var/dcc/libexec/dccsight -Q
Fuz2: a27da125 9f2e4c69 3cef7811 a1051762
X-DCC-NIET-Metrics: werkt.niet.net 1080; bulk Body=0 Fuz2=many

Other invocations of dccsight -QG appear to work *once* when called from 
the cgi-scripts but segfault in the same way when executed manually or 
in subsequent accesses to list-msg via the cgi-scripts.


Regards,

Vince.



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.