On Fri, Mar 09, 2012 at 03:20:10PM +0100, Gerfried Fuchs wrote: > I had it hanging like this for two week's time, and tried again if I am > able to reproduce it - it's absolutely reproducible. Doing this within a > cowbuilder chroot on an i386 machine. > > So, things to reproduce it should be as simple as: > > $> sudo cowbuilder --create --basepath squeeze --distribution squeeze > $> sudo cowbuilder --login --basepath squeeze > # apt-get install samhain
Sorry for the delay with this. It is true, samhain does not install in a chroot environment. But the fact is: samhain does not seem to work *at all* if run within a chroot. The 'samhain -t init' call does not prosper because it gets stuck, for some reason, when opening /dev/urandom from within a chroot. But neither does it work if you just try to get the help (or version). Either way, I cannot reproduce this behaviour *outside* of a chroot. If you strace the running process you might see something like this: jflicio:samhain$ ps -ef |grep samhain root 17782 17663 0 00:51 pts/3 00:00:00 /usr/bin/dpkg --status-fd 13 --configure libgpg-error0:i386 libgcrypt11:i386 libffi6:i386 libp11-kit0:i386 libtasn1-3:i386 libgnutls26:i386 libltdl7:i386 libprelude2:i386 samhain:i386 root 17840 17782 0 00:51 pts/3 00:00:00 /usr/bin/perl -w /usr/share/debconf/frontend /var/lib/dpkg/info/samhain.postinst configure root 17843 17840 0 00:51 pts/3 00:00:00 /bin/sh -e /var/lib/dpkg/info/samhain.postinst configure root 17844 17843 0 00:51 pts/3 00:00:00 samhain -t init jfs 17846 8685 0 00:51 pts/2 00:00:00 grep samhain s@silicio:samhain$ sudo strace -f -p 17844 Process 17844 attached - interrupt to quit futex(0xb77aa454, FUTEX_WAIT_PRIVATE, 2, NULL I have attached a ltrace and strace of the samhain program within a chroot. The problem seems to lie in the program initialisation code. In summary: Please try to reproduce it within a *live* system, not a chroot. Until I get that information this bug stays as 'unreproducible' Regards Javier
pthread_mutex_lock(0xb7751454, 0xb71f93c4, 0, 0) = 0
sysconf(30, 0xb768c000, 0xbffb3b84, 0xb71cf4c0) = 4096
mmap64(0, 0x3000, 3, 98) = 0xb7661000
mprotect(0xb7661000, 4096, 0, 98) = 0
mprotect(0xb7663000, 4096, 0, 98) = 0
sysconf(30, 4096, 0, 98) = 4096
sysconf(30, 4096, 0, 98) = 4096
sysconf(30, 4096, 0, 98) = 4096
mmap64(0, 0x8002000, 3, 0x4062) = 0xaf183000
sysconf(30, 0x8002000, 3, 0x4062) = 4096
mprotect(0xaf183000, 4096, 0, 0x4062) = 0
sysconf(30, 4096, 0, 0x4062) = 4096
sysconf(30, 4096, 0, 0x4062) = 4096
sysconf(30, 4096, 0, 0x4062) = 4096
sysconf(30, 4096, 0, 0x4062) = 4096
sysconf(30, 4096, 0, 0x4062) = 4096
mprotect(0xb7184000, 4096, 0, 0x4062) = 0
sbrk(0) = 0xb8d3e000
sysconf(30, 4096, 0, 0x4062) = 4096
sysconf(30, 4096, 0, 0x4062) = 4096
sysconf(30, 0xb735d000, 0, 0xb72bf574) = 4096
mmap64(0, 0xe2000, 3, 98) = 0xaf0a1000
sysconf(30, 0xe2000, 3, 98) = 4096
mprotect(0xaf0a1000, 4096, 0, 98) = 0
sysconf(30, 4096, 0, 98) = 4096
sysconf(30, 4096, 0, 98) = 4096
mprotect(0xaf182000, 4096, 0, 98) = 0
sysconf(30, 4096, 0, 0x4062) = 4096
gettimeofday(0xbffb39ac, 0) = 0
sched_yield(0xbffb39ac, 0, 0xb768ef87, 0xb73632c8) = 0
open64("/dev/urandom", 0, 026732167607 <unfinished ...>
pthread_mutex_lock(0xb7751454, 1, 0, 0xb737c041execve("/usr/sbin/samhain", ["samhain"], [/* 29 vars */]) = 0
brk(0) = 0xb7ffd000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb766b000
open("/usr/lib/cowdancer/libcowdancer.so", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\16\0\0004\0\0\0"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=14544, ...}) = 0
mmap2(NULL, 17488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7666000
mmap2(0xb766a000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xb766a000
close(3) = 0
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=10201, ...}) = 0
mmap2(NULL, 10201, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7663000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\31\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=95888, ...}) = 0
mmap2(NULL, 98556, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb764a000
mmap2(0xb7661000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16) = 0xb7661000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libnsl.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\3201\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=87940, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7649000
mmap2(NULL, 100328, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7630000
mmap2(0xb7645000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14) = 0xb7645000
mmap2(0xb7647000, 6120, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7647000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@'\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=79720, ...}) = 0
mmap2(NULL, 92232, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7619000
mmap2(0xb762c000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12) = 0xb762c000
mmap2(0xb762e000, 6216, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb762e000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libprelude.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\364\1\0004\0\0\0"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=1325736, ...}) = 0
mmap2(NULL, 1341304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb74d1000
mprotect(0xb7591000, 4096, PROT_NONE) = 0
mmap2(0xb7592000, 540672, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc0) = 0xb7592000
mmap2(0xb7616000, 10104, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7616000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libgnutls.so.26", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\1\1\0004\0\0\0"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0644, st_size=815120, ...}) = 0
mmap2(NULL, 815288, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7409000
mmap2(0xb74cb000, 20480, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc2) = 0xb74cb000
mmap2(0xb74d0000, 184, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb74d0000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libgcrypt.so.11", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0H\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=541588, ...}) = 0
mmap2(NULL, 545048, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7383000
mmap2(0xb7405000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x81) = 0xb7405000
mmap2(0xb7408000, 280, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7408000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\n\0\0004\0\0\0"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0644, st_size=13856, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7382000
mmap2(NULL, 16512, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb737d000
mmap2(0xb7380000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0xb7380000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000Y\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=120945, ...}) = 0
mmap2(NULL, 102908, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7363000
mmap2(0xb7379000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xb7379000
mmap2(0xb737b000, 4604, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb737b000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\226\1\0004\0\0\0"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1521132, ...}) = 0
mmap2(NULL, 1526460, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb71ee000
mmap2(0xb735d000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16f) = 0xb735d000
mmap2(0xb7360000, 10940, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7360000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libltdl.so.7", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \32\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=35172, ...}) = 0
mmap2(NULL, 38044, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb71e4000
mmap2(0xb71ed000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0xb71ed000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libtasn1.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\22\0\0004\0\0\0"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=67136, ...}) = 0
mmap2(NULL, 70404, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb71d2000
mmap2(0xb71e2000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf) = 0xb71e2000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libp11-kit.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\\\0\0004\0\0\0"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0644, st_size=241220, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb71d1000
mmap2(NULL, 244864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7195000
mprotect(0xb71cc000, 4096, PROT_NONE) = 0
mmap2(0xb71cd000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x37) = 0xb71cd000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libgpg-error.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\6\0\0004\0\0\0"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0644, st_size=13560, ...}) = 0
mmap2(NULL, 16444, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7190000
mmap2(0xb7193000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0xb7193000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libffi.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\17\0\0004\0\0\0"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=26076, ...}) = 0
mmap2(NULL, 25360, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7189000
mmap2(0xb718e000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0xb718e000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7188000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7187000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb71876c0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}) = 0
mprotect(0xb735d000, 8192, PROT_READ) = 0
mprotect(0xb718e000, 4096, PROT_READ) = 0
mprotect(0xb7193000, 4096, PROT_READ) = 0
mprotect(0xb7380000, 4096, PROT_READ) = 0
mprotect(0xb7379000, 4096, PROT_READ) = 0
mprotect(0xb71cd000, 12288, PROT_READ) = 0
mprotect(0xb71e2000, 4096, PROT_READ) = 0
mprotect(0xb7405000, 4096, PROT_READ) = 0
mprotect(0xb7661000, 4096, PROT_READ) = 0
mprotect(0xb74cb000, 16384, PROT_READ) = 0
mprotect(0xb7592000, 12288, PROT_READ) = 0
mprotect(0xb762c000, 4096, PROT_READ) = 0
mprotect(0xb7645000, 4096, PROT_READ) = 0
mprotect(0xb768d000, 4096, PROT_READ) = 0
munmap(0xb7663000, 10201) = 0
set_tid_address(0xb7187728) = 18066
set_robust_list(0xb7187730, 0xc) = 0
rt_sigaction(SIGRTMIN, {0xb7368410, [], SA_SIGINFO}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0xb73684a0, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
uname({sys="Linux", node="silicio", ...}) = 0
mmap2(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_32BIT,
-1, 0) = 0xb7663000
mprotect(0xb7663000, 4096, PROT_NONE) = 0
mprotect(0xb7665000, 4096, PROT_NONE) = 0
mmap2(NULL, 134225920, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS|MAP_32BIT|MAP_NORESERVE, -1, 0) = 0xaf185000
mprotect(0xaf185000, 4096, PROT_NONE) = 0
mprotect(0xb7186000, 4096, PROT_NONE) = 0
brk(0) = 0xb7ffd000
mmap2(NULL, 925696, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_32BIT,
-1, 0) = 0xaf0a3000
mprotect(0xaf0a3000, 4096, PROT_NONE) = 0
mprotect(0xaf184000, 4096, PROT_NONE) = 0
gettimeofday({1389398145, 943920}, NULL) = 0
sched_yield() = 0
futex(0xb7381058, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0xb7753454, FUTEX_WAIT_PRIVATE, 2, NULL
signature.asc
Description: Digital signature
