[syslog-ng] [Bug 105] syslog-ng --no-caps option causes segmentation fault if compiled with caps support in hardened gentoo

bugzilla at bugzilla.balabit.com bugzilla at bugzilla.balabit.com
Tue Jan 11 17:40:03 CET 2011 

https://bugzilla.balabit.com/show_bug.cgi?id=105


Balazs Scheidler <bazsi at balabit.hu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|                            |INVALID
             Status|NEW                         |RESOLVED




--- Comment #1 from Balazs Scheidler <bazsi at balabit.hu>  2011-01-11 17:40:03 ---
this is probably caused by the fact that capget() gets a NULL pointer, at least the strace shows:

capget(0x20080522, 0, NULL)             = -1 EFAULT (Bad address)

The issue is, that this is not caused by syslog-ng. Here's the backtrace:

#0  capget () at ../sysdeps/unix/syscall-template.S:82
#1  0x00007ffff6a6c7e3 in cap_init () from /lib/libcap.so.2
#2  0x00007ffff6a6d06d in cap_from_text () from /lib/libcap.so.2
#3  0x00007ffff7b953d7 in g_process_change_caps () at /home/bazsi/zwa/work/syslog-ng-ose-3.2/syslog-ng-ose/lib/gprocess.c:748
#4  0x00007ffff7b962f8 in g_process_start () at /home/bazsi/zwa/work/syslog-ng-ose-3.2/syslog-ng-ose/lib/gprocess.c:1240
#5  0x0000000000402ffc in main (argc=1, argv=0x7fffffffdb58) at /home/bazsi/zwa/work/syslog-ng-ose-3.2/syslog-ng-ose/syslog-ng/main.c:425

gprocess.c:748 reads:

748           cap_t cap = cap_from_text(process_opts.caps);

e.g. it tries to convert a string representation of a capset to a cap_t. The passed string argument is not NULL:

(gdb) p process_opts.caps
$2 = (const gchar *) 0x403838 "cap_net_bind_service,cap_net_broadcast,cap_net_raw,cap_dac_read_search,cap_dac_override,cap_chown,cap_fowner=p cap_sys_admin=ep"

This means that libcap invokes capget() with a NULL argument. Here's the offending line in libcap:

    capget(&result->head, NULL);      /* load the kernel-capability version */

I checked the kernel code, but I've found no obvious culprit, but the only reason is that I'm probably too tired for that.

All that said, this is either a libcap, kernel or hardened gentoo bug, or a combination of these. :)


-- 
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the syslog-ng mailing list