Re: [bug-bash] The kill test of util-linux fails with bash 5.3

Dr. Werner Fink Wed, 23 Jul 2025 06:02:08 -0700

On 2025/07/23 09:18:45 +0200, Dr. Werner Fink wrote:
> 
> Starting sshd with bash-5.3 leads to
> 
> 307827 execve("/bin/sh", ["sh", "-c", "--", 
> "KRB5CCNAME=/tmp/test_socket_wrapper_EElgbB/gss/cc 
> KRB5_CONFIG=/tmp/test_socket_wrapper_EElgbB/gss/k/krb5.conf 
> KRB5_KDC_PROFILE=/tmp/test_socket_wra
> pper_EElgbB/gss/k 
> KRB5_KTNAME=/tmp/test_socket_wrapper_EElgbB/gss/d/ssh.keytab 
> KRB5RCACHETYPE=none  /usr/sbin/sshd -r -f 
> /tmp/test_socket_wrapper_EElgbB/sshd/sshd_config -E /tmp/test_socket_wr
> apper_EElgbB/sshd/daemon.log 2> 
> /tmp/test_socket_wrapper_EElgbB/sshd/cwrap.log"], 0x555e23d57cf0 /* 63 vars 
> */ <unfinished ...>
> 307826 <... clone3 resumed>)            = 307827
> 307826 munmap(0x7f7a0d302000, 36864)    = 0
> 307826 rt_sigprocmask(SIG_SETMASK, [CHLD], NULL, 8) = 0
> 307826 wait4(307827,  <unfinished ...>
> 307827 <... execve resumed>)            = 0
> 
> [...]
> 
> 307827 futex(0x7ff1d2806158, FUTEX_WAKE_PRIVATE, 2147483647) = 0
> 307827 getresuid([399], [399], [399])   = 0
> 307827 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
> 307827 +++ killed by SIGSEGV +++
> 
> hence no sever side and no pid file
> 
> With `ulimit -c unlimited` I see a core dump of the bash-5.3
> 
> #0  0x0000000000000000 in ?? ()
> Missing separate debuginfos, use: zypper install 
> socket_wrapper-debuginfo-1.5.0-1.1.x86_64 
> nss_wrapper-debuginfo-1.1.16-1.3.x86_64 
> uid_wrapper-debuginfo-1.3.1-1.3.x86_64 pam_wrapper-debuginfo-1.1.7-1.4.x86_64 
> libreadline8-debuginfo-8.2.13-2.3.x86_64 glibc-debuginfo-2.41-3.1.x86_64 
> libncurses6-debuginfo-6.5.20250712-77.1.x86_64
> (gdb) bt
> #0  0x0000000000000000 in ?? ()
> #1  0x000056477dc724bb in uidget () at 
> /home/abuild/rpmbuild/BUILD/bash-5.3.0-build/bash-5.3/shell.c:1322
> #2  main (argc=4, argv=0x7ffd55b37c78, env=0x7ffd55b37ca0) at 
> /home/abuild/rpmbuild/BUILD/bash-5.3.0-build/bash-5.3/shell.c:424
> (gdb) up 1
> #1  0x000056477dc724bb in uidget () at 
> /home/abuild/rpmbuild/BUILD/bash-5.3.0-build/bash-5.3/shell.c:1322
> 1322      (void) getresgid (&current_user.gid, &current_user.egid, 
> &current_user.savegid);
> 
> Strange ... AFAICS clone3() is used to spawn the subprocess for the shell
> 
> 307826 clone3({flags=CLONE_VM|CLONE_VFORK|CLONE_CLEAR_SIGHAND, 
> exit_signal=SIGCHLD, stack=0x7f7a0d302000, stack_size=0x9000}, 88 <unfinished 
> ...>
> 307827 rt_sigprocmask(SIG_BLOCK, NULL, ~[KILL STOP], 8) = 0
> 307827 rt_sigaction(SIGINT, {sa_handler=SIG_DFL, sa_mask=[], 
> sa_flags=SA_RESTORER, sa_restorer=0x7f7a0d042260}, NULL, 8) = 0
> 307827 rt_sigaction(SIGQUIT, {sa_handler=SIG_DFL, sa_mask=[], 
> sa_flags=SA_RESTORER, sa_restorer=0x7f7a0d042260}, NULL, 8) = 0
> 307827 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> 307827 execve("/bin/sh", ["sh", "-c", "--", 
> "KRB5CCNAME=/tmp/test_socket_wrapper_EElgbB/gss/cc 
> KRB5_CONFIG=/tmp/test_socket_wrapper_EElgbB/gss/k/krb5.conf 
> KRB5_KDC_PROFILE=/tmp/test_socket_wrapper_EElgbB/gss/k 
> KRB5_KTNAME=/tmp/test_socket_wrapper_EElgbB/gss/d/ssh.keytab 
> KRB5RCACHETYPE=none  /usr/sbin/sshd -r -f 
> /tmp/test_socket_wrapper_EElgbB/sshd/sshd_config -E 
> /tmp/test_socket_wrapper_EElgbB/sshd/daemon.log 2> 
> /tmp/test_socket_wrapper_EElgbB/sshd/cwrap.log"], 0x555e23d57cf0 /* 63 vars 
> */ <unfinished ...>
>



The problem is the LD_PRELOAD use in the libssh test suite

with HAVE_SETRESUID and HAVE_SETRESGID enabled the call

LD_PRELOAD=/usr/lib64/libsocket_wrapper.so:/usr/lib64/libnss_wrapper.so:/usr/lib64/libuid_wrapper.so:/usr/lib64/libpam_wrapper.so:/home/abuild/rpmbuild/BUILD/libssh-test-0.11.2-build/libssh-0.11.2/build/lib/libchroot_wrapper.so:/home/abuild/rpmbuild/BUILD/libssh-test-0.11.2-build/libssh-0.11.2/build/lib/libfs_wrapper.so
 ./bash
Segmentation fault         (core dumped) 
LD_PRELOAD=/usr/lib64/libsocket_wrapper.so:/usr/lib64/libnss_wrapper.so:/usr/lib64/libuid_wrapper.so:/usr/lib64/libpam_wrapper.so:/home/abuild/rpmbuild/BUILD/libssh-test-0.11.2-build/libssh-0.11.2/build/lib/libchroot_wrapper.so:/home/abuild/rpmbuild/BUILD/libssh-test-0.11.2-build/libssh-0.11.2/build/lib/libfs_wrapper.so
 ./bash

does segfault whereas HAVE_SETRESUID and HAVE_SETRESGID disabled

LD_PRELOAD=/usr/lib64/libsocket_wrapper.so:/usr/lib64/libnss_wrapper.so:/usr/lib64/libuid_wrapper.so:/usr/lib64/libpam_wrapper.so:/home/abuild/rpmbuild/BUILD/libssh-test-0.11.2-build/libssh-0.11.2/build/lib/libchroot_wrapper.so:/home/abuild/rpmbuild/BUILD/libssh-test-0.11.2-build/libssh-0.11.2/build/lib/libfs_wrapper.so
 strace -s 4096 -o log ./bash
abuild@noether:/mnt>

it works

-- 
  "Having a smoking section in a restaurant is like having
          a peeing section in a swimming pool." -- Edward Burr

signature.asc
Description: PGP signature

Re: [bug-bash] The kill test of util-linux fails with bash 5.3

Reply via email to