NetBSD Problem Report #55278

From hauke@Espresso.Rhein-Neckar.DE  Tue May 19 07:23:55 2020
Return-Path: <hauke@Espresso.Rhein-Neckar.DE>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 7CBCB1A9217
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 19 May 2020 07:23:55 +0000 (UTC)
Message-Id: <202005190722.04J7McQf007885@pizza.causeuse.org>
Date: Tue, 19 May 2020 09:22:38 +0200 (CEST)
From: Hauke Fath <hf@spg.tu-darmstadt.de>
Reply-To: Hauke Fath <hf@spg.tu-darmstadt.de>
To: gnats-bugs@NetBSD.org
Cc: Hauke Fath <hf@spg.tu-darmstadt.de>
Subject: inetd dies while starting Samba smbd
X-Send-Pr-Version: 3.95

>Number:         55278
>Category:       bin
>Synopsis:       inetd dies while starting Samba smbd
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue May 19 07:25:00 +0000 2020
>Last-Modified:  Mon Nov 06 23:15:01 +0000 2023
>Originator:     Hauke Fath
>Release:        NetBSD 9.0_STABLE
>Organization:
Falling Raindrops
>Environment:


System: NetBSD pizza.causeuse.org 9.0_STABLE NetBSD 9.0_STABLE (BLACKBOX-$Revision: 1.85 $) #0: Sat May 16 15:16:03 CEST 2020 hauke@pizza.causeuse.org:/var/obj/netbsd-builds/9/amd64/sys/arch/amd64/compile/BLACKBOX amd64
Architecture: x86_64
Machine: amd64
>Description:

	On a machine that does not see windows clients often, I have
	configured the Samba nmbd and smbd daemons to be started from
	inetd:

netbios-ssn     stream  tcp     nowait  root    /usr/pkg/sbin/smbd smbd
microsoft-ds    stream  tcp     nowait  root    /usr/pkg/sbin/smbd smbd
netbios-ns      dgram   udp     wait    root    /usr/pkg/sbin/nmbd nmbd

	This works fine with a non-detaching inetd ('inetd -d -l'):

# ./inetd -l -d
[...]
ADD : netbios-ssn proto=tcp, wait.max=0.40, user:group=root:(null) builtin=0 server=/usr/pkg/sbin/smbd policy=
registered /usr/pkg/sbin/smbd on 20
ADD : microsoft-ds proto=tcp, wait.max=0.40, user:group=root:(null) builtin=0 server=/usr/pkg/sbin/smbd policy=
registered /usr/pkg/sbin/smbd on 21
ADD : netbios-ns proto=udp, wait.max=1.40, user:group=root:(null) builtin=0 server=/usr/pkg/sbin/nmbd policy=
registered /usr/pkg/sbin/nmbd on 22
someone wants microsoft-ds
accept, ctrl 5
someone wants microsoft-ds
accept, ctrl 5
8493 execl /usr/pkg/sbin/smbd
2551 execl /usr/pkg/sbin/smbd
8493 reaped, status 0xf
2551 reaped, status 0xf

	But a daemonized inetd terminates while starting smbd:

[inetd built with -O -g3]

(gdb) attach 1525
Attaching to process 1525
Reading symbols from /u1/netbsd-9/src/usr.sbin/inetd/./inetd...
Reading symbols from /usr/lib/libwrap.so.1...
(No debugging symbols found in /usr/lib/libwrap.so.1)
Reading symbols from /usr/lib/libutil.so.7...
(No debugging symbols found in /usr/lib/libutil.so.7)
Reading symbols from /usr/lib/libipsec.so.3...
(No debugging symbols found in /usr/lib/libipsec.so.3)
Reading symbols from /usr/lib/libc.so.12...
(No debugging symbols found in /usr/lib/libc.so.12)
Reading symbols from /usr/libexec/ld.elf_so...
(No debugging symbols found in /usr/libexec/ld.elf_so)
[Switching to LWP 1 of process 1525]
0x000074691e042b3a in _sys___kevent50 () from /usr/lib/libc.so.12
(gdb) continue
Continuing.
[New process 1525]
[Detaching after fork from child process 2295]
[Detaching after fork from child process 8237]

Thread 2 "" received signal SIGTERM, Terminated.
[Switching to process 1525]
0x000074691e0427fa in _sys___sigprocmask14 () from /usr/lib/libc.so.12
(gdb) bt
#0  0x000074691e0427fa in _sys___sigprocmask14 () from /usr/lib/libc.so.12
#1  0x000074691e11d13f in clnt_vc_create () from /usr/lib/libc.so.12
#2  0x000074691e113ef2 in ?? () from /usr/lib/libc.so.12
#3  0x000074691e1142cb in rpcb_unset () from /usr/lib/libc.so.12
#4  0x0000000099603ad4 in unregister_rpc (sep=0x74691f1f5d00) at inetd.c:1211
#5  0x0000000099605d2c in goaway () at inetd.c:1028
#6  main (argc=<optimized out>, argv=<optimized out>) at inetd.c:515
(gdb) 

%  head -1 inetd.c
/*	$NetBSD: inetd.c,v 1.125 2017/11/28 11:51:11 martin Exp $	*/
%

>How-To-Repeat:

	Run Samba 4 smbd from inetd: Connecting clients will error
	out, and the server's inetd will vanish in thin air. No
	related log entries anywhere.


>Fix:

	No idea...

>Audit-Trail:
From: Hauke Fath <hf@spg.tu-darmstadt.de>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@NetBSD.org, hauke@Espresso.Rhein-Neckar.DE
Subject: Re: bin/55278: inetd dies while starting Samba smbd
Date: Mon, 12 Apr 2021 12:16:37 +0200

 -current is shorter, but equally final. From inetd(8) built with=20
 CFLAGS=3D"-O0 -g3":

 % ident /usr/sbin/inetd
 /usr/sbin/inetd:
      $NetBSD: crt0.S,v 1.4 2018/11/26 17:37:46 joerg Exp $
      $NetBSD: crt0-common.c,v 1.23 2018/12/28 20:12:35 christos Exp $
      $NetBSD: crti.S,v 1.1 2010/08/07 18:01:35 joerg Exp $
      $NetBSD: crtbegin.S,v 1.2 2010/11/30 18:37:59 joerg Exp $
      $NetBSD: inetd.c,v 1.126 2019/12/27 09:22:20 msaitoh Exp $
      $NetBSD: crtend.S,v 1.1 2010/08/07 18:01:34 joerg Exp $
      $NetBSD: crtn.S,v 1.1 2010/08/07 18:01:35 joerg Exp $
 %=20

 (gdb) attach 25550
 Attaching to process 25550
 Reading symbols from /usr/sbin/inetd...
 Reading symbols from /usr/lib/libwrap.so.1...
 (No debugging symbols found in /usr/lib/libwrap.so.1)
 Reading symbols from /usr/lib/libblocklist.so.0...
 (No debugging symbols found in /usr/lib/libblocklist.so.0)
 Reading symbols from /usr/lib/libutil.so.7...
 (No debugging symbols found in /usr/lib/libutil.so.7)
 Reading symbols from /usr/lib/libipsec.so.3...
 (No debugging symbols found in /usr/lib/libipsec.so.3)
 Reading symbols from /usr/lib/libc.so.12...
 (No debugging symbols found in /usr/lib/libc.so.12)
 Reading symbols from /usr/libexec/ld.elf_so...
 (No debugging symbols found in /usr/libexec/ld.elf_so)
 [Switching to LWP 25550 of process 25550]
 0x0000760f81244bba in _sys___kevent50 () from /usr/lib/libc.so.12
 (gdb) cont
 Continuing.
 [New process 25550]

 Thread 2 received signal SIGTERM, Terminated.
 [Switching to process 25550]
 0x0000760f81244bba in _sys___kevent50 () from /usr/lib/libc.so.12
 (gdb) bt
 #0  0x0000760f81244bba in _sys___kevent50 () from /usr/lib/libc.so.12
 #1  0x000000018e8076c8 in my_kevent (changelist=3D0x18ea09dc0=20
 <changebuf>, nchanges=3D0, eventlist=3D0x7f7fff9b50c0, nevents=3D64)
     at /misc/netbsd-developer/usr.sbin/inetd/inetd.c:2260
 #2  0x000000018e802d57 in main (argc=3D0, argv=3D0x7f7fff9b5b58) at=20
 /misc/netbsd-developer/usr.sbin/inetd/inetd.c:501
 (gdb)

 --=20
      The ASCII Ribbon Campaign                    Hauke Fath
 ()     No HTML/RTF in email            Institut f=FCr Nachrichtentechnik
 /\     No Word docs in email                     TU Darmstadt
      Respect for open standards              Ruf +49-6151-16-21344

From: RVP <rvp@SDF.ORG>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: bin/55278: inetd dies while starting Samba smbd
Date: Mon, 6 Nov 2023 23:11:26 +0000 (UTC)

 On Mon, 12 Apr 2021, Hauke Fath wrote:

 > 0x0000760f81244bba in _sys___kevent50 () from /usr/lib/libc.so.12
 > (gdb) cont
 > Continuing.
 > [New process 25550]
 >
 > Thread 2 received signal SIGTERM, Terminated.
 >

 smbd registers a cleanup function via atexit() in main() called killkids()
 which does[1]:

 ```
   133	if(am_parent) kill(0,SIGTERM);
 ```

 [1]: https://gitlab.com/samba-team/samba/-/blob/master/source3/smbd/server.c?ref_type=heads

 When running in the foreground (-d) inetd does setsid(), but, it _doesn't_
 do this when running in the background, And, since smbd is run as root, inetd
 gets the SIGTERM sent to the process-group by samba to kill its children.

 A simple reproducer is this "server":

 ```
 #include <signal.h>
 #include <stdlib.h>
 #include <unistd.h>

 int
 main(void)
 {
  	sleep(5);
  	kill(0, SIGTERM);
  	exit(EXIT_FAILURE);
 }
 ```

 which you can (temporarily) run in /etc/inetd.conf instead of smbd:

 ```
 netbios-ssn     stream  tcp     nowait  root    /tmp/foo foo
 ```

 It should kill inetd just as effectively.

 This should fix the issue:

 ```
 diff -urN a/src/usr.sbin/inetd/inetd.c b/src/usr.sbin/inetd/inetd.c
 --- a/src/usr.sbin/inetd/inetd.c	2022-08-10 08:37:53.000000000 +0000
 +++ b/src/usr.sbin/inetd/inetd.c	2023-11-06 22:43:54.650415000 +0000
 @@ -499,9 +499,9 @@

   			for (n = 0; n < __arraycount(my_signals); n++)
   				(void) signal(my_signals[n], SIG_DFL);
 -			/* Don't put services in terminal session */
 -			if (foreground)
 -				setsid();
 +			/* Always create new process-group: PR #55278 */
 +			if (setsid() == -1)
 +				syslog(LOG_ERR, "setsid: %m");
   		}
   	}
   	if (pid == 0) {
 ```

 Should eventually be pulled-up to -8, -9, -10.

 -RVP

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.