Package: sysklogd Version: 1.5-5 Syslogd is vulnerable to a race condition where SIGTERM triggers a futex deadlock, freezing the syslogd process.
To demonstrate the bug, I will assume that syslogd is configured to send log messages to a remote target, and also that the DNS server is not responding. Neither condition is necessary, but they make the race condition much more likely. If initial lookup of the remote host name fails, syslogd will retry the lookup later. If a SIGTERM comes in during a retried lookup, this may result in a recursive call to gethostbyname(), causing a futex deadlock inside libc. This bug is related to bug #301511. Even if remote logging is not enabled, SIGTERM may still cause a deadlock through a recurvise call to ctime(), similar to #301511. This bug applies to sysklogd 1.5-5 (lenny) as well as 1.4.1-18 (etch). Steps to reproduce: * Ensure DNS lookups will timeout, e.g. set up an iptables entry to drop all DNS responses. * Put a remote target in /etc/syslog.conf: *.* @aap.noot.com * Start syslogd and monitor with strace. * Observe how initial host name lookup fails. * Wait 180 seconds for the lookup retry mechanism to activate. * Send a message to syslog: "logger blah". Syslogd will retry the host name lookup, waiting for a DNS response in a "poll" system call. * While syslogd is waiting for a DNS response, send SIGTERM. * Observe how syslogd walks into futex() and never recovers. Proposed solution: * Extend the sigprocmask() mechanism to block SIGTERM in addition to SIGHUP and SIGALRM. Joris. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
