From owner-freebsd-current@FreeBSD.ORG  Sat Jan 12 03:44:30 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 98ACE16A421
	for <freebsd-current@freebsd.org>; Sat, 12 Jan 2008 03:44:30 +0000 (UTC)
	(envelope-from chrcoluk@gmail.com)
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171])
	by mx1.freebsd.org (Postfix) with ESMTP id 26D9C13C448
	for <freebsd-current@freebsd.org>; Sat, 12 Jan 2008 03:44:29 +0000 (UTC)
	(envelope-from chrcoluk@gmail.com)
Received: by ug-out-1314.google.com with SMTP id y2so796942uge.37
	for <freebsd-current@freebsd.org>; Fri, 11 Jan 2008 19:44:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	bh=mLvklxN6/f80LIoxrtamlRhiZWS00mWPe9/qSgZ35ak=;
	b=b8FlsOzRNmkV9vjvBNRM3XdsDyxMjYIaCRJuLD548aVAIbRVopXJLMb42wYMf7KZ9DZPrlqnHJm6uHBqUEF9L6bYZ673Js4TStB5AHWRNEtHonn0s2WEkMqWvoafsj4iP1L7vb4pQ/bVV32IHkaiHuKX8/oeomWoth62FVM1hg4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=m6iDlqo7sz1wTt+CBGVCTbO8oeEQg30vEY0FympbWR7a+Tloys8pcXZ9juqBTl2hsNajUHnrXqiXi+htebBhti8Zs7jbxJ6l+0DCzKuQcLkGJsTCOJCWr4sOub+zToSU+9Cvxw3Fkd8y9Cqo894F/p3mzhmzbCq2epQslg/IHYk=
Received: by 10.67.19.17 with SMTP id w17mr852335ugi.33.1200107951692;
	Fri, 11 Jan 2008 19:19:11 -0800 (PST)
Received: by 10.66.219.18 with HTTP; Fri, 11 Jan 2008 19:19:11 -0800 (PST)
Message-ID: <3aaaa3a0801111919w138a5d77o201d0521b95d1e01@mail.gmail.com>
Date: Sat, 12 Jan 2008 03:19:11 +0000
From: Chris <chrcoluk@gmail.com>
To: "FreeBSD Current" <freebsd-current@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Subject: csh core dumping 7.0-rc1
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jan 2008 03:44:30 -0000

After rebooting a FreeBSD 7.0-RC1 server I noticed I could not login
as root either via ssh or su, I initially thought I forgot my password
but soon noticed that csh was crashing.  After reading advice its
always safe to keep the default shell for root user I have kept it on
all my servers but now this supposedbly safe option has prevented me
from logging in.

Luckily I had enabled root login (via keys) on sshd and added my ssh
key to the root .ssh dir and then logged in as toor over ssh which was
using /bin/sh.

I have gone through rebuilding world, I am not using any unsafe flags
in /etc/make.conf in fact using default compile flags but after all
this when running csh it core dumps.

~ # csh
Segmentation fault: 11 (core dumped)

however /rescue/csh works.

I ran ldd to check what its compiled against.

# ldd /bin/csh
/bin/csh:
        libncurses.so.7 => /lib/libncurses.so.7 (0x280c5000)
        libcrypt.so.4 => /lib/libcrypt.so.4 (0x28108000)
        libc.so.7 => /lib/libc.so.7 (0x28121000)

all the above 3 files exist.

the rescue binary is static.

1 - Is the rescue csh version the same as the one in the base system
with the only difference its statically compiled?

2 - Is it safe and a workaround to copy the /rescue/csh to /bin/csh?

3 - Is this a known problem? if not I can do a PR as this is
potentially a serious issue if I had no backdoor way in setup with
toor I would have been locked out of a remote server with the
situation of having to pay a premium for a kvm to get myself back in.

not sure if using gbd properly but I ran it and see this.

This GDB was configured as "i386-marcel-freebsd"...(no debugging
symbols found)...
Core was generated by `csh'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libncurses.so.7...(no debugging symbols found)...done.
Loaded symbols for /lib/libncurses.so.7
Reading symbols from /lib/libcrypt.so.4...(no debugging symbols found)...done.
Loaded symbols for /lib/libcrypt.so.4
Reading symbols from /lib/libc.so.7...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /usr/local/lib/libiconv.so...done.
Loaded symbols for /usr/local/lib/libiconv.so
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x00000000 in ?? ()

bt shows this

#0  0x00000000 in ?? ()
#1  0x08057c65 in ?? ()
#2  0x281f7b08 in in6addr_linklocal_allnodes () from /lib/libc.so.7
#3  0x0808c120 in ?? ()
#4  0x00000001 in ?? ()
#5  0x0808c120 in ?? ()
#6  0xbfbfed20 in ?? ()
#7  0x00000001 in ?? ()
#8  0xbfbfecd8 in ?? ()
#9  0x0804bf7a in ?? ()
#10 0x00000002 in ?? ()
#11 0x0808c0c5 in ?? ()
#12 0xbfbfeb48 in ?? ()
#13 0x280988a6 in dlopen () from /libexec/ld-elf.so.1
Previous frame inner to this frame (corrupt stack?)

Chris