From owner-freebsd-current@FreeBSD.ORG Sat Jan 12 08:50:11 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9807816A418 for ; Sat, 12 Jan 2008 08:50:11 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout7.cac.washington.edu (mxout7.cac.washington.edu [140.142.32.178]) by mx1.freebsd.org (Postfix) with ESMTP id 744A213C45B for ; Sat, 12 Jan 2008 08:50:11 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.32.139]) by mxout7.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW07.09) with ESMTP id m0C8oAAg006116 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sat, 12 Jan 2008 00:50:11 -0800 X-Auth-Received: from [192.168.1.105] (c-76-22-52-184.hsd1.wa.comcast.net [76.22.52.184]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW07.09) with ESMTP id m0C8oApS021409 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Sat, 12 Jan 2008 00:50:10 -0800 In-Reply-To: <3aaaa3a0801111919w138a5d77o201d0521b95d1e01@mail.gmail.com> References: <3aaaa3a0801111919w138a5d77o201d0521b95d1e01@mail.gmail.com> Mime-Version: 1.0 (Apple Message framework v753) X-Gpgmail-State: !signed Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Garrett Cooper Date: Sat, 12 Jan 2008 00:50:28 -0800 To: Chris X-Mailer: Apple Mail (2.753) X-PMX-Version: 5.4.1.325704, Antispam-Engine: 2.6.0.325393, Antispam-Data: 2008.1.12.3255 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0' Cc: FreeBSD Current Subject: Re: csh core dumping 7.0-rc1 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jan 2008 08:50:11 -0000 On Jan 11, 2008, at 7:19 PM, Chris wrote: > After rebooting a FreeBSD 7.0-RC1 server I noticed I could not login > as root either via ssh or su, I initially thought I forgot my password > but soon noticed that csh was crashing. After reading advice its > always safe to keep the default shell for root user I have kept it on > all my servers but now this supposedbly safe option has prevented me > from logging in. > > Luckily I had enabled root login (via keys) on sshd and added my ssh > key to the root .ssh dir and then logged in as toor over ssh which was > using /bin/sh. > > I have gone through rebuilding world, I am not using any unsafe flags > in /etc/make.conf in fact using default compile flags but after all > this when running csh it core dumps. > > ~ # csh > Segmentation fault: 11 (core dumped) > > however /rescue/csh works. > > I ran ldd to check what its compiled against. > > # ldd /bin/csh > /bin/csh: > libncurses.so.7 => /lib/libncurses.so.7 (0x280c5000) > libcrypt.so.4 => /lib/libcrypt.so.4 (0x28108000) > libc.so.7 => /lib/libc.so.7 (0x28121000) > > all the above 3 files exist. > > the rescue binary is static. > > 1 - Is the rescue csh version the same as the one in the base system > with the only difference its statically compiled? > > 2 - Is it safe and a workaround to copy the /rescue/csh to /bin/csh? > > 3 - Is this a known problem? if not I can do a PR as this is > potentially a serious issue if I had no backdoor way in setup with > toor I would have been locked out of a remote server with the > situation of having to pay a premium for a kvm to get myself back in. > > not sure if using gbd properly but I ran it and see this. > > This GDB was configured as "i386-marcel-freebsd"...(no debugging > symbols found)... > Core was generated by `csh'. > Program terminated with signal 11, Segmentation fault. > Reading symbols from /lib/libncurses.so.7...(no debugging symbols > found)...done. > Loaded symbols for /lib/libncurses.so.7 > Reading symbols from /lib/libcrypt.so.4...(no debugging symbols > found)...done. > Loaded symbols for /lib/libcrypt.so.4 > Reading symbols from /lib/libc.so.7...(no debugging symbols > found)...done. > Loaded symbols for /lib/libc.so.7 > Reading symbols from /usr/local/lib/libiconv.so...done. > Loaded symbols for /usr/local/lib/libiconv.so > Reading symbols from /libexec/ld-elf.so.1...done. > Loaded symbols for /libexec/ld-elf.so.1 > #0 0x00000000 in ?? () > > bt shows this > > #0 0x00000000 in ?? () > #1 0x08057c65 in ?? () > #2 0x281f7b08 in in6addr_linklocal_allnodes () from /lib/libc.so.7 > #3 0x0808c120 in ?? () > #4 0x00000001 in ?? () > #5 0x0808c120 in ?? () > #6 0xbfbfed20 in ?? () > #7 0x00000001 in ?? () > #8 0xbfbfecd8 in ?? () > #9 0x0804bf7a in ?? () > #10 0x00000002 in ?? () > #11 0x0808c0c5 in ?? () > #12 0xbfbfeb48 in ?? () > #13 0x280988a6 in dlopen () from /libexec/ld-elf.so.1 > Previous frame inner to this frame (corrupt stack?) > > Chris I'd ldd libcrypt, libncurses, and libiconv, just to be sure.. -Garrett