106664 – httpd segfaults with exec-shield disabled

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 106664 - httpd segfaults with exec-shield disabled

Summary: httpd segfaults with exec-shield disabled

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Dave Jones
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	105772 (view as bug list)
Depends On:
Blocks:	CambridgeTarget
TreeView+	depends on / blocked

Reported:	2003-10-09 11:50 UTC by Nils Philippsen
Modified:	2015-01-04 22:03 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2003-11-10 15:37:18 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
LD_DEBUG output of httpd run with exec-shield off (deleted) 2003-10-10 14:16 UTC, Nils Philippsen	no flags	Details
View All

Description Nils Philippsen 2003-10-09 11:50:17 UTC

Description of problem:

root@gibraltar:~> sysctl -w kernel.exec-shield=0
kernel.exec-shield = 0
root@gibraltar:~> httpd
Segmentation fault
root@gibraltar:~> sysctl -w kernel.exec-shield=1
kernel.exec-shield = 1
root@gibraltar:~> httpd
root@gibraltar:~> killall httpd
root@gibraltar:~> sysctl -w kernel.exec-shield=0
kernel.exec-shield = 0
root@gibraltar:~> httpd
Segmentation fault

Version-Release number of selected component (if applicable):

httpd-2.0.47-7
kernel-2.4.22-1.2087.nptl

How reproducible:

Always

Steps to Reproduce:

See description
    
Actual results:

httpd segfaults

Expected results:

httpd starts

Additional info:

Also look at bug #105772 (same bug with samba)

Comment 1 Joe Orton 2003-10-09 11:56:41 UTC

I can't reproduce with httpd-2.0.47-8, can you update to that and try again?

Comment 4 Nils Philippsen 2003-10-10 11:21:16 UTC

Hmm, still present:

[...]
root@wombat:~> rpm -q glibc httpd; uname -r
glibc-2.3.2-98
httpd-2.0.47-8
2.4.22-1.2087.nptl
root@wombat:~> sysctl -w kernel.exec-shield=0
kernel.exec-shield = 0
root@wombat:~> service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [FAILED]
root@wombat:~> httpd
Segmentation fault
root@wombat:~> sysctl -w kernel.exec-shield=1
kernel.exec-shield = 1
root@wombat:~> service httpd restart
Stopping httpd:                                            [FAILED]
Starting httpd:                                            [  OK  ]
root@wombat:~>
[...]

Any additional info you might need? FYI, the machine should have virtually all
packages installed.

Comment 5 Joe Orton 2003-10-10 11:34:11 UTC

Can you:

strace httpd
rpm -qf /etc/httpd/conf.d/*.conf

I'd ask for a backtrace but gdb doesn't support PIE yet :(

Comment 6 Nils Philippsen 2003-10-10 12:20:11 UTC

Here you are:

[...]
root@wombat:~> sysctl -w kernel.exec-shield=0
kernel.exec-shield = 0
root@wombat:~> service httpd stop
Stopping httpd:                                            [  OK  ]
root@wombat:~> strace httpd
execve("/usr/sbin/httpd", ["httpd"], [/* 28 vars */]) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
root@wombat:~> rpm -qf /etc/httpd/conf.d/*.conf
file /etc/httpd/conf.d/chorios.conf is not owned by any package
file /etc/httpd/conf.d/homedir.conf is not owned by any package
mod_perl-1.99_09-10
php-4.3.3-2
mod_python-3.0.3-3
squirrelmail-1.4.0-1
mod_ssl-2.0.47-8
mod_dav_svn-0.31.0-1
root@wombat:~>
[...]

It is very suspicious to me that it segfaults immediately before even trying to
load libraries etc. Correction to my previous post: prelink is _not_ installed
(I guessed that wrong prelinkage could be the culprit) -- shall I leave it like
that or install it?

Comment 7 Joe Orton 2003-10-10 12:34:20 UTC

You could try something like

LD_DEBUG=all LD_DEBUG_OUTPUT=/tmp/httpd /usr/sbin/httpd

Jakub, any ideas about this?

Comment 8 Nils Philippsen 2003-10-10 14:16:21 UTC

Created attachment 95101 [details]
LD_DEBUG output of httpd run with exec-shield off

Comment 9 Joe Orton 2003-10-10 14:20:08 UTC

That was the file from strace, can you attach the one from httpd too?

Comment 10 Nils Philippsen 2003-10-10 14:41:34 UTC

No, because running it on httpd alone doesn't produce a file.

Comment 11 Joe Orton 2003-10-10 14:48:10 UTC

ld.so problem? toolchain problem? kernel problem?

Comment 12 Joe Orton 2003-10-15 11:10:58 UTC

Calling QA people - can anyone reproduce these problems on Fedora Test 3? I
still can't.  If there is some problem with PIE then we need to get it fixed ASAP.

[root@pepsi root]# rpm -q httpd
httpd-2.0.47-8
[root@pepsi root]# uname -r
2.4.22-1.2088.nptl

Comment 13 Joe Orton 2003-10-15 11:29:17 UTC

Ah ha.  I *can* reproduce this on Test 3 if I "prelink -u /usr/sbin/httpd".

execve("/usr/sbin/httpd", ["/usr/sbin/httpd"], [/* 31 vars */]) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

Interestingly (or maybe it isn't), I *can* start up httpd OK using:

# /lib/ld-linux.so.2 /usr/sbin/httpd

Jakub are you looking into this?

Comment 14 Joe Orton 2003-10-21 12:47:06 UTC

Ingo tracked this down to a kernel problem.

Reproduction case was having:

/lib/ld-linux.so.2 not prelinked
exec-shield off
executable with a large bss

e.g. int foo[30000]; int main() {return 0;}

Comment 15 Joe Orton 2003-10-21 12:47:48 UTC

*** Bug 105772 has been marked as a duplicate of this bug. ***

Comment 16 Dave Jones 2003-10-22 01:24:38 UTC

Fix will be in tomorrows rawhide push.

Comment 17 Nils Philippsen 2003-11-10 15:37:18 UTC

Fixed.

Note You need to log in before you can comment on or make changes to this bug.