Bug#915642: AuthBasicProvider PAM crashes apache
Dear Maintainer, I just tried to reproduce and found it crash on service startup when using the given /etc/apache2/sites-enabled/default.conf. It looks like here the apache2 process wants to fork and calls the fork_handlers. Unfortunately one of them belongs to an unloaded module. Therefore we end up trying to execute unmapped memory. >From the similar offset I would expect that the first fork_handler belong to function deinit from libcap-ng.so.0. The first one 0x7f50c8e0e660 points to the current location of libcap-ng.so.0. But the second 0x7f50c8e12660 looks like pointing to an unloaded location of libcap-ng.so.0. This situation looks quite similar to what I tried to collect in bug #914565. And now that I looked up the bugs for libcap-ng0 this one seems related: #904808. Kind regards, Bernhard #914565 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914565 #904808 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904808 (gdb) bt #0 0x7f50c8e12660 in ?? () #1 0x7f50c921470e in __libc_fork () at ../sysdeps/nptl/fork.c:204 #2 0x7f50c9357875 in apr_proc_detach (daemonize=daemonize@entry=1) at ./threadproc/unix/procsup.c:31 #3 0x7f50c8b93fc5 in event_pre_config (pconf=0x7f50c90b8028, plog=0x7f50c908c028, ptemp=) at event.c:3416 #4 0x55e968fd81be in ap_run_pre_config (pconf=0x7f50c90b8028, plog=0x7f50c908c028, ptemp=0x7f50c9090028) at config.c:89 #5 0x55e968fb3e5f in main (argc=, argv=) at main.c:775 (gdb) up #2 0x7f50c9357875 in apr_proc_detach (daemonize=daemonize@entry=1) at ./threadproc/unix/procsup.c:31 31 if ((x = fork()) > 0) { (gdb) print *__fork_handlers $1 = {next = 0x7f50c9309998 , prepare_handler = 0x0, parent_handler = 0x0, child_handler = 0x7f50c8e0e660 , dso_handle = 0x7f50c93282a0, refcntr = 2, need_signal = 0} (gdb) print *__fork_handlers->next $2 = {next = 0x7f50c9309968 , prepare_handler = 0x0, parent_handler = 0x0, child_handler = 0x7f50c8e12660, dso_handle = 0x7f50c93282a0, refcntr = 2, need_signal = 0} (gdb) print *__fork_handlers->next->next $3 = {next = 0x0, prepare_handler = 0x0, parent_handler = 0x0, child_handler = 0x7f50c93133d0 <__reclaim_stacks>, dso_handle = 0x0, refcntr = 1, need_signal = 0} (gdb) info share >FromTo Syms Read Shared Object Library ... 0x7f50c8e0e560 0x7f50c8e10419 Yes /lib/x86_64-linux-gnu/libcap-ng.so.0 ...
Bug#915642: AuthBasicProvider PAM crashes apache
Package: libapache2-mod-authnz-pam Version: 1.2.0-1 Severity: grave Hi, we were using libapache2-mod-authnz-pam for apache2 basic authentication in the elephant-shed.io project, but some time ago, apache2 started crashing when it is used. (Could be related to the 1.2.0-1 upload, not sure.) I can reproduce it with this /etc/apache2/sites-enabled/default.conf: # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf AuthType Basic AuthName "PAM Authentication" AuthBasicProvider PAM # vim: syntax=apache ts=4 sw=4 sts=4 sr noet -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (700, 'testing'), (600, 'unstable'), (150, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de:en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libapache2-mod-authnz-pam depends on: ii apache2-bin [apache2-api-20120211] 2.4.37-1 ii libc6 2.27-8 ii libpam0g1.1.8-3.8 libapache2-mod-authnz-pam recommends no packages. libapache2-mod-authnz-pam suggests no packages. -- no debconf information Christoph