New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Useradd segmentation fault #628
Comments
I'm also seeing this in 4.13 but not in 4.12.3. I've seen the same segfault in useradd and gpasswd. Will update this issue as I investigate. |
Could you bisect? |
I'll aim to have a bisect ready tomorrow. What's interesting is that it seems to be tied to the existing system users/groups. Running the same command on a couple hundred different machines that all have unique user/group, a handful will repeatedly segfault while most will succeed. I'm going to try and figure out what's special about the group file on the affected machines. One theory I'm still considering is that this may be some sort of subtle malformation in /etc generated by a much older version of shadow tools. I'm also using Gentoo, and the group files on some machines I'm testing were created and modified for over a decade. I'm going to run |
After opening this I found a workaround which is to run version 4.12.3. |
I did successfully bisect this, although it held some extra surprises. It turns out, the culprit commit is not in the release. Building 4.13 from git failed to reproduce the bug. It turns out the Gentoo developers decided to backport a commit that has not yet made it into a stable release and is the culprit. The problematic commit is: And here you can see the Gentoo developers backporting it: I'm going to CC @fweimer-rh here as the author of that commit to see if he has any insight into what might be going on. |
I backported this patch into Fedora rawhide as well, but cannot reproduce the problem there. |
Recompiling with -O0 to avoid anything being optimized out. I'm getting the following from GDB:
The code looks correct to me, in that It would fit with the bug. With proper detection for I've tested against glibc 2.36 and glibc 2.37 (possibly including distro backports), and still get segfaults in both after the fixed |
Well, we used to have a glibc bug in this area:
But this should be fixed in current glibc. The fix went into glibc 2.32 and has been backported widely, too. But looking at Could you check that the |
@anthonyryan1 Just want to add that there's nothing really unusual about the backporting part (it's not a controverisal patch and distros, including us, do it all the time when it's required), I can't reproduce the bug, and there's a good reason for backporting all of this work. But I won't distract from the debugging effort here. If you want to discuss that side of it more, feel free to email me at sam@g.o though. |
I fixed the glibc bug:
Of course I don't know if that's the problem you are seeing, @anthonyryan1. |
@fweimer-rh I do have a one very long line in gshadow, over 1200 bytes. I expect that line length will likely explain all the machines the segfault vs the ones which do not. I'll explore this a bit more later today. Additionally, I agree that the patch doesn't look to be the problem. Rather I feel like it's revealed a different bug that was previously masked by using the alternate code path. |
Interesting the length comes into play, as in the command above I used to create this bug report the line for group users has a lot of entries, and is 515 characters long. |
I also noticed this bug, however with grpck (on gentoo). A very simple reproducer for me is to run grpck on an empty group file and a gshadow file with a 1024 byte line (e.g. just "a"s). Reproducer:
I can confirm that @fweimer-rh 's glibc patch fixes this issue. |
I can also confirm the glibc patch is working. It looks like glibc merged the patch from the mailing list yesterday: https://sourceware.org/git/?p=glibc.git;a=commit;h=969e9733c7d17edf1e239a73fa172f357561f440 I think we're good to close this issue. The bug wasn't in shadow-utils, and the fix is now in glibc master. Anyone who still hits this combination can find the necessary information here in the closed issue just fine. |
It'd be worth waiting for it to trickle down to glibc's stable branches first, especially if a new shadow release ends up being made in the interim. |
Operating system: Gentoo
Kernel version: Linux 6.1.2
GCC version: Gentoo Hardened 12.2.1_p20221231 p8
Shadow version: 4.13-r1
This is a production system and a workaround would be appreciated. I suspect my kernel is too new and one of its hardening features is getting in the way, so I am rebuilding an older kernel for now. My kernel configuration might be an issue, as I started from 'make tinyconfig' to build a minimal kernel for KVM/qemu virtio with pretty much every optional security feature enabled.
I was having issues with useradd which I discussed on Libera IRC channel #gentoo and the person helping me told me to make this bug report. They ran me through doing the debugging below with gdb...
GDB output...
The text was updated successfully, but these errors were encountered: