Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 451013 - login(1) SIGSEGV if telnet user press CTRL+D
Summary: login(1) SIGSEGV if telnet user press CTRL+D
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: util-linux
Version: 5.1
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Karel Zak
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2008-06-12 11:52 UTC by masanari iida
Modified: 2008-06-12 13:12 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-06-12 13:12:49 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description masanari iida 2008-06-12 11:52:29 UTC
Description of problem:
If telnet user attempt to login, but press CTRL+D,
the telnet session will terminated and the login process
got sigsegv.

Version-Release number of selected component (if applicable):

How reproducible:
Always, if you follow reproduce steps.

Steps to Reproduce:
1. Enable telnet-server on RHEL5.
2. From telnet client, connect to the telnet server.
Do not input any information such as user name and passwd.

3. On telnet-server box,  you find login(1) PID and trace it.
# ps ax |grep login 
# strace -p <login-pid>

3. Press CTRL+D 3 or 4 times, until you terminate the login session.

Actual results:

27550 08:18:24.600427 fcntl(4, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET,
start=0, len=0}) = 0
27550 08:18:24.600471 alarm(0)          = 1
27550 08:18:24.600508 rt_sigaction(SIGALRM, {0x4026a0, [ALRM], SA_RESTORER,
0x3aa86300a0}, NULL, 8) = 0
27550 08:18:24.600546 alarm(26)         = 0
27550 08:18:24.600569 close(4)          = 0
27550 08:18:24.600593 socket(PF_NETLINK, SOCK_RAW, 9) = 4
27550 08:18:24.600619 fcntl(4, F_SETFD, FD_CLOEXEC) = 0
27550 08:18:24.600655 open("/etc/passwd", O_RDONLY) = 5
27550 08:18:24.600684 fcntl(5, F_GETFD) = 0
27550 08:18:24.600706 fcntl(5, F_SETFD, FD_CLOEXEC) = 0
27550 08:18:24.600729 fstat(5, {st_mode=S_IFREG|0644, st_size=2454, ...}) = 0
27550 08:18:24.600767 mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaaaaac000
27550 08:18:24.600793 read(5, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2454
27550 08:18:24.600840 --- SIGSEGV (Segmentation fault) @ 0 (0) ---

I can not find core file.
On some system, I can find following log in /var/log/messages.

 Jun  1 09:02:03 kernel: login[7251]: segfault at 0000000000000000 rip
00002aaaac753bb5 rsp 00007fff9435b8a0 error 4
 Jun  1 09:04:13 kernel: login[11271]: segfault at 0000000000000000 rip
00002aaaac753bb5 rsp 00007fff7262db70 error 4

Expected results:
login(1) should not record any errors.

Additional info:

After some steps of troubleshooting, if I remove
 "util-linux-2.13-audit-login.patch" and compile login(1),
then the SIGSEGV was gone.

(1) install src.rpm
(2) Edit SPECS/util-linux.spec
    Comment out Patch215 and %patch215 lines
(3) rpmbuild -bp ./util-linux.spec
(4) cd to BUILD/util-linux
(5) ./configure --enable-login-utils
(6) make clean; make
(7) cp login-utils/login  /bin/login ; chmod 755 /bin/login
(8) Do login test.

Even if the login(1) got sigsegv, if one try another telnet login,
xinetd kicks in.telnetd, and then kicks another login(1).
So this may not harm our system.
Just it doesn't look nice, especially when it logged into messages.

Additional info
audit-1.3.1-1, audit-libs-1.3.1-1, audit-libs-python-1.3.1-1
audit-libs-devel-1.3.1-1 are installed.
And the audit service is set "ON" at the boot time.

Comment 1 masanari iida 2008-06-12 12:12:28 UTC
In this case, a red hat engineer reported similar symptom.

> Running strace shows the last
> call run is read() on /etc/passwd and then SIGSEGV.

Comment 2 Karel Zak 2008-06-12 13:12:49 UTC

*** This bug has been marked as a duplicate of 203869 ***

Note You need to log in before you can comment on or make changes to this bug.