Processed: Re: Bug#994910: tripwire segfaults while reading files in /etc
Processing control commands: > severity -1 important Bug #994910 [tripwire] tripwire segfaults while reading files in /etc Severity set to 'important' from 'grave' -- 994910: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994910 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#994910: tripwire segfaults while reading files in /etc
Control: severity -1 important On Wed, Sep 22, 2021 at 08:06:31PM -0400, Ron Murray wrote: > Package: tripwire > Version: 2.4.3.7-3+b3 > Severity: grave > Justification: renders package unusable > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Dear Maintainer, > > I've been using tripwire for several years now, and never had troubles > with it until this morning (perhaps [not] coincidentally with the > updated glibc6). > > Now it segfaults a short time after starting. An strace of it comes > out something like this at the end: > > openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3 >... For glibc 2.32 this has already been workarounded with the 2.4.3.7-3+b4 binNMU, but should be properly sorted out for bookworm. cu Adrian
Bug#994910: tripwire segfaults while reading files in /etc
Package: tripwire Version: 2.4.3.7-3+b3 Followup-For: Bug #994910 Hi, Same problem here. My strace also shows that opening /etc/nsswitch.conf was the last before segfault. The package is completely useless. The only thing I can still run is tripwire --help, but any tripwire -m operation fails. Best, Christoph -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-3-amd64 (SMP w/4 CPU threads) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages tripwire depends on: ii debconf [debconf-2.0] 1.5.77 ii postfix [mail-transport-agent] 3.5.6-1+b1 tripwire recommends no packages. tripwire suggests no packages. -- Configuration Files: /etc/cron.daily/tripwire [Errno 2] No such file or directory: '/etc/cron.daily/tripwire' /etc/tripwire/twpol.txt changed [not included] -- debconf information: * tripwire/site-passphrase-again: (password omitted) * tripwire/site-passphrase: (password omitted) * tripwire/local-passphrase-again: (password omitted) * tripwire/local-passphrase: (password omitted) tripwire/change-in-default-policy: * tripwire/use-localkey: true tripwire/upgrade: true tripwire/email-report: tripwire/broken-passphrase: * tripwire/use-sitekey: true * tripwire/installed: * tripwire/rebuild-policy: true tripwire/local-passphrase-incorrect: false * tripwire/rebuild-config: true * tripwire/site-passphrase-incorrect: true
Bug#994910: tripwire segfaults while reading files in /etc
Package: tripwire Version: 2.4.3.7-3+b3 Followup-For: Bug #994910 Reproduced here following a libc6 upgrade. I suspect this is because tripwire is statically linked and there has been a new release of libc6, so I suspect the nsswitch interface has broken (which is a standard problem with statically linking with libc6 on Linux). This would also explain why rebuilding the package made the problem go away. If this is correct, a BinNMU should fix the problem. -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages tripwire depends on: ii debconf [debconf-2.0] 1.5.77 ii postfix [mail-transport-agent] 3.5.6-1+b1 tripwire recommends no packages. tripwire suggests no packages. -- Configuration Files: /etc/tripwire/twcfg.txt changed [not included] /etc/tripwire/twpol.txt changed [not included] -- debconf information: * tripwire/installed: * tripwire/use-sitekey: true tripwire/local-passphrase-incorrect: false tripwire/broken-passphrase: tripwire/upgrade: true tripwire/email-report: tripwire/change-in-default-policy: * tripwire/use-localkey: true tripwire/site-passphrase-incorrect: false * tripwire/rebuild-config: true * tripwire/rebuild-policy: true
Bug#994910: tripwire segfaults while reading files in /etc
Package: tripwire Version: 2.4.3.7-3+b3 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Maintainer, I've been using tripwire for several years now, and never had troubles with it until this morning (perhaps [not] coincidentally with the updated glibc6). Now it segfaults a short time after starting. An strace of it comes out something like this at the end: openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=545, ...}) = 0 read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 545 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xe0} --- write(2, "Software interrupt forced exit: "..., 51Software interrupt forced exit: Segmentation Fault ) = 51 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x421} --- +++ killed by SIGSEGV (core dumped) +++ I did this several times, and other files in /etc failed instead of nsswitch.conf (passwd was one). Since there's no dbgsym package for this version of tripwire, I rebuilt from source (using gcc 10), and, after installing, it worked fine with no segfault. However, this was version 2.4.3.7-3, not 2.4.3.7-3+b3: there doesn't seem to be a source for the "+b3" version. I have coredumps and full strace if anyone needs it. - -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.14.7.khufu (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages tripwire depends on: ii debconf [debconf-2.0]1.5.77 ii sendmail-bin [mail-transport-agent] 8.15.2-23 tripwire recommends no packages. tripwire suggests no packages. - -- Configuration Files: /etc/tripwire/twpol.txt changed: @@section GLOBAL TWBIN = /usr/sbin; TWETC = /etc/tripwire; TWVAR = /var/lib/tripwire; @@section FS SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change SEC_BIN = $(ReadOnly) ;# Binaries that should not change SEC_CONFIG= $(Dynamic) ; # Config files that are changed # infrequently but accessed # often SEC_LOG = $(Growing) ; # Files that grow, but that # should never change ownership SEC_INVARIANT = +tpug ; # Directories that should never # change permission or ownership SIG_LOW = 33 ; # Non-critical files that are of # minimal security impact SIG_MED = 66 ; # Non-critical files that are of # significant security impact SIG_HI= 100 ;# Critical files that are # significant points of # vulnerability ( rulename = "Tripwire Binaries", severity = $(SIG_HI) ) { $(TWBIN)/siggen -> $(SEC_BIN) ; $(TWBIN)/tripwire -> $(SEC_BIN) ; $(TWBIN)/twadmin-> $(SEC_BIN) ; $(TWBIN)/twprint-> $(SEC_BIN) ; } ( rulename = "Tripwire Data Files", severity = $(SIG_HI) ) { $(TWVAR)/$(HOSTNAME).twd-> $(SEC_CONFIG) -i ; $(TWETC)/tw.pol -> $(SEC_BIN) -i ; $(TWETC)/tw.cfg -> $(SEC_BIN) -i ; $(TWETC)/$(HOSTNAME)-local.key -> $(SEC_BIN) ; $(TWETC)/site.key -> $(SEC_BIN) ; #don't scan the individual reports $(TWVAR)/report -> $(SEC_CONFIG) (recurse=0) ; } ( rulename = "Critical system boot files", severity = $(SIG_HI) ) { /boot -> $(SEC_CRIT) ; /lib/modules-> $(SEC_CRIT) ; } ( rulename = "Boot Scripts", severity = $(SIG_HI) ) { /etc/init.d -> $(SEC_BIN) ; /etc/rcS.d -> $(SEC_BIN) ; /etc/rc0.d -> $(SEC_BIN) ; /etc/rc1.d -> $(SEC_BIN) ; /etc/rc2.d -> $(SEC_BIN) ; /etc/rc3.d -> $(SEC_BIN) ; /etc/rc4.d -> $(SEC_BIN) ; /etc/rc5.d -> $(SEC_BIN) ; /etc/rc6.d -> $(SEC_BIN) ; /etc/systemd-> $(SEC_BIN) ; } ( rulename = "Root file-system executables", severity = $(SIG_HI) ) { /bin-> $(SEC_BIN) ; /sbin -> $(SEC_BIN) ; } ( rulename = "Root file-system libraries", severity = $(SIG_HI) ) { /lib-> $(SEC_BIN) ; } ( rulename = "Security