NetBSD Problem Report #40575
From bouyer@antioche.lip6.fr Sat Feb 7 19:23:01 2009
Return-Path: <bouyer@antioche.lip6.fr>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 56B8D63B879
for <gnats-bugs@gnats.NetBSD.org>; Sat, 7 Feb 2009 19:23:01 +0000 (UTC)
Message-Id: <200902071922.n17JMr6A000283@antioche.lip6.fr>
Date: Sat, 7 Feb 2009 20:22:53 +0100 (MET)
From: bouyer@antioche.lip6.fr
Reply-To: bouyer@antioche.lip6.fr
To: gnats-bugs@gnats.NetBSD.org
Subject: security.pax.aslr breaks tar -z
X-Send-Pr-Version: 3.95
>Number: 40575
>Category: kern
>Synopsis: security.pax.aslr breaks tar -z
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Feb 07 19:25:00 +0000 2009
>Closed-Date: Tue Nov 27 20:52:04 +0000 2018
>Last-Modified: Tue Nov 27 20:52:04 +0000 2018
>Originator: Manuel Bouyer
>Release: NetBSD 5.0_RC1
>Organization:
>Environment:
System: NetBSD antioche.lip6.fr 5.0_RC1 NetBSD 5.0_RC1 (ANTIOCHE5-64) #5: Sat Feb 7 15:51:51 CET 2009 bouyer@roll:/dsk/l1/misc/bouyer/tmp/amd64/obj/dsk/l1/misc/bouyer/netbsd-5/src/sys/arch/amd64/compile/ANTIOCHE5-64 amd64
Architecture: x86_64
Machine: amd64
>Description:
antioche:/home/ftp/pub/pkgsrc/packages/NetBSD/x86_64/5.0/All#sysctl -w security.pax.aslr.global=1
security.pax.aslr.global: 0 -> 1
antioche:/home/ftp/pub/pkgsrc/packages/NetBSD/x86_64/5.0/All#tar tzvf ttcp-1.12nb2.tgz
tar: End of archive volume 1 reached
tar: Sorry, unable to determine archive format.
antioche:/home/ftp/pub/pkgsrc/packages/NetBSD/x86_64/5.0/All#sysctl -w security.pax.aslr.global=0
security.pax.aslr.global: 1 -> 0
antioche:/home/ftp/pub/pkgsrc/packages/NetBSD/x86_64/5.0/All#tar tzvf ttcp-1.12nb2.tgz
-rw-r--r-- 1 root wheel 430 Jan 16 14:43 +CONTENTS
-r--r--r-- 1 root wheel 43 Jan 16 14:43 +COMMENT
-r--r--r-- 1 root wheel 364 Jan 16 14:43 +DESC
-rw-r--r-- 1 root wheel 424 Jan 16 14:43 +BUILD_VERSION
-rw-r--r-- 1 root wheel 1906 Jan 16 14:43 +BUILD_INFO
-rw-r--r-- 1 root wheel 6 Jan 16 14:43 +SIZE_PKG
-rw-r--r-- 1 root wheel 2 Jan 16 14:43 +SIZE_ALL
-r-xr-xr-x 1 root wheel 20408 Jan 16 14:43 bin/ttcp
-r--r--r-- 1 root wheel 4761 Jan 16 14:43 man/cat1/ttcp.0
-r--r--r-- 1 root wheel 3885 Jan 16 14:43 man/man1/ttcp.1
tar: ustar vol 1, 10 files, 40960 bytes read, 0 bytes written in 1 secs (40960 bytes/sec)
I tracked this down to the read() from the tar's side of the pipe
with gzip returning 0, before gzip has even started.
A zcat | tar works fine.
This is only dependant on security.pax.aslr, other
security.pax settings have no influence.
>How-To-Repeat:
set security.pax.aslr.global=1, try to use tar -z
>Fix:
workaround: don't set security.pax.aslr.global to 1
>Release-Note:
>Audit-Trail:
From: Pierre Pronchery <khorben@defora.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/40575: security.pax.aslr breaks tar -z
Date: Wed, 4 Jan 2012 01:02:53 +0100
--YiEDa0DAkWCtVeE4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
in his problem report from February 7th 2009, Manuel Bouyer mentions a
problem while decompressing archives through tar, while the
"security.pax.aslr.global" sysctl is enabled.
Although I confirm the issue on my systems (NetBSD/amd64, tracking
either netbsd-5 or -current branches) I have to disagree with this
statement:
> This is only dependant on security.pax.aslr, other
> security.pax settings have no influence.
On both systems, enabling "security.pax.mprotect.global" (set to "1")
seems to workaround the issue.
For the record:
=3D=3D=3D BEGIN PASTE =3D=3D=3D
$ tar -tzf xscreensaver-5.14.tar.gz=20
tar: End of archive volume 1 reached
tar: Sorry, unable to determine archive format.
$ ls -l tar.core=20
-rw------- 1 khorben wheel 200272 Jan 4 00:42 tar.core
$ gdb tar tar.core=20
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain condition=
s.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "x86_64--netbsd"...(no debugging symbols found)
Reading symbols from /lib/libutil.so.7...(no debugging symbols found)...don=
e.
Loaded symbols for /lib/libutil.so.7
Reading symbols from /lib/libc.so.12...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.12
Reading symbols from /libexec/ld.elf_so...
(no debugging symbols found)...done.
Loaded symbols for /libexec/ld.elf_so
Core was generated by `tar'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f7ffde03a74 in _rtld_bind_start () from /libexec/ld.elf_so
(gdb) bt
#0 0x00007f7ffde03a74 in _rtld_bind_start () from /libexec/ld.elf_so
#1 0x000077ed06ddf000 in ?? ()
#2 0x0000000000000021 in ?? ()
#3 0x0000000000404583 in ar_start_gzip ()
#4 0x000000000040481e in ar_open ()
#5 0x0000000000407ea4 in rd_start ()
#6 0x0000000000405456 in get_arc ()
#7 0x000000000040580b in list ()
#8 0x000000000040dde5 in main ()
(gdb) info registers
rax 0x0 0
rbx 0x4168f1 4286705
rcx 0x77ed06981dea 131859901586922
rdx 0x9 9
rsi 0x1 1
rdi 0xa 10
rbp 0x5 0x5
rsp 0x7f7fff4abe78 0x7f7fff4abe78
r8 0x101010101010101 72340172838076673
r9 0x8080808080808080 -9187201950435737472
r10 0x0 0
r11 0x246 582
r12 0x41809b 4292763
r13 0x1a 26
r14 0x7f7ffde04bf0 140187696909296
r15 0x3 3
rip 0x7f7ffde03a74 0x7f7ffde03a74 <_rtld_bind_start>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x1f 31
ss 0x17 23
ds 0x17 23
es 0x17 23
fs 0x17 23
gs 0x17 23
(gdb)=20
=3D=3D=3D END PASTE =3D=3D=3D
(this is on NetBSD/amd64, tracking the netbsd-5 branch)
HTH,
--=20
khorben
--YiEDa0DAkWCtVeE4
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (NetBSD)
iQIcBAEBAgAGBQJPA5ctAAoJEDU4cZknVYg+p0kQAIqvcIxDYXOlTqnlQcEbbm0D
XRwCgD+ZsVoHNlI09gBLWjlQMX00LYMqowjp1+WGEz2byP8bwGjuf8u/v+FtXOmu
2ht8X/XzokCR91ZuzSWRA6E1LYlsljf7oU8GUcCMgUl4ykXWEYuaGUuL8o3dIOw5
jIFYOAXrbyB7v9wrX5+qGrIbZbfmQzTn5ig/8XYUHTs0pyVVZP/EeFVxffWgq8Ey
JiDqvFENOSOpFFNCd/cxaMzd/vkMFduRdQVhOfDm2n8RliLCTgTkb68K1mhb3Psb
t62lLRPuWAP3abHmAKroRKpBxCthtZfTUQ4bZlXxdoPwL07kSzrr0h/SbR++vZPu
9/1SIrZbeLeiivmOUiinag5wDgp620xf3mO2ednMi4SN3SRuXUOKfWm7n9v1BBAn
I9YTozwC6EerMuWIT//1dzxuQrbI9HyCE64zNJ3hD+G8eD7XaOcWegFf2A6TxZ9f
YWMxdGWcubWWzlnIWb3KRcVZ50+UyP5uITW+2pcRVtpiRg6J10adZmIjb72TU031
3i/a+xNm+zpMN8yO/M50ek4qUAzlUO381Z9Us8Teb7nJE0RMtUGa4C9TsUqc4JZB
0VXeH0rLd/+1OD3lnXq+iY/NnCpPDAgeDm8GRofvMWz55aV3dKR9CLBSrjWFyzgk
56Jxq6X42KhZpsEJS3iN
=Jxyo
-----END PGP SIGNATURE-----
--YiEDa0DAkWCtVeE4--
State-Changed-From-To: open->closed
State-Changed-By: maya@NetBSD.org
State-Changed-When: Tue, 27 Nov 2018 20:52:04 +0000
State-Changed-Why:
Since ASLR is now default enabled, I strongly suspect this is fixed. Let me know if you are still having issues.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.