Date: Fri, 27 Aug 2010 13:58:25 -0400 From: Glen Barber <glen.j.barber@gmail.com> To: Jeremy Chadwick <freebsd@jdc.parodius.com> Cc: ports@freebsd.org, Kurt Jaeger <lists@opsec.eu> Subject: Re: security/clamav: Segmentation fault when running clamav in a 32-bit jail on a 64-bit host Message-ID: <4C77FCC1.9070906@gmail.com> In-Reply-To: <20100827173210.GA33018@icarus.home.lan> References: <4C77DB15.5010501@gmail.com> <20100827163310.GD67795@home.opsec.eu> <4C77EBF8.9020405@gmail.com> <20100827165423.GA32102@icarus.home.lan> <4C77F0A9.6030807@gmail.com> <20100827173210.GA33018@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/27/10 1:32 PM, Jeremy Chadwick wrote: >> Of course. The new backtrace is here: http://gist.github.com/553734 > > I want to make sure I understand the environment -- on a native i386 > (32-bit) FreeBSD host, the software works fine. But on a native amd64 > (64-bit) FreeBSD host, the software segfaults. Correct? > The clamav instance runs on a 64-bit host in a 32-bit jail. In a 32-bit host/32-bit jail environment, the software runs fine, as you suggest above. > If so -- it appears as if the system you're providing the backtrace from > is a 32-bit system, or within a 32-bit environment? I would expect to > see 64-bit addresses in the backtrace, yet they're all 32-bit. > > I'm not familiar with jailed environments (or the concept/possibility of > running a mixed-architecture jail (e.g. 64-bit host OS with 32-bit > jails)). I don't use lib32 on my amd64 systems. > To be honest, this is the first non-base software I've had an issue with in a mixed-arch environment. > I did take a look at the clamav code itself (I'd have to spend a few > hundred lines outlining it here and would rather not). My guess is that > there's a conflict between what the running OS architecture is and what > the build process determines the architecture is. > > Given that you have jails, and possibly a mixed architecture environment > on a single host (e.g. 64-bit host OS with 32-bit jails), can you > explain exactly how you go about building clamav, followed by how you go > about running it? > The build is done from ports with no special options excluding the latest build, being: make -DWITH_DEBUG DEBUG_FLAGS=-g The only make.conf entry is PERL_VERSION=5.10.1. The clamd service runs under djb's supervise (/usr/local/sbin/clamd). Additionally, port builds were done after setting UNAME_m and UNAME_p [1], but I haven't had luck with that overriding the machine hardware type. If this provides any clues, here's what file(1) sees, as well as ldd: % file /usr/local/sbin/clamd /usr/local/sbin/clamd: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), dynamically linked (uses shared libs), for FreeBSD 8.1, not stripped % ldd /usr/local/sbin/clamd /usr/local/sbin/clamd: libclamav.so.7 => /usr/local/lib/libclamav.so.7 (0x280ac000) libz.so.5 => /lib/libz.so.5 (0x281f8000) libbz2.so.4 => /usr/lib/libbz2.so.4 (0x2820a000) libm.so.5 => /lib/libm.so.5 (0x2821b000) libthr.so.3 => /lib/libthr.so.3 (0x28235000) libc.so.7 => /lib/libc.so.7 (0x2824a000) [1] - http://www.mail-archive.com/freebsd-amd64@freebsd.org/msg00248.html Cheers, -- Glen Barber
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C77FCC1.9070906>