Re: static PIE & corrupted trace

Wed, 12 Jul 2017 10:07:10 -0700 

> Date: Tue, 11 Jul 2017 14:45:36 +0200
> From: Martin Pieuchot <[email protected]>
> 
> Binaries linked with '-static -pie' produce unusable core dumps at least
> on amd64.  This is a real problem to debug isakmpd(8)/iked(8) crashing on
> production machines.

Did you try using the gdb from ports?

> With the diff below, I trigger a NULL-dereference in ntpd(8).  When
> compiled with '-static -pie' I obtain the following trace:
> 
>   # gdb /sbin/ntpd /var/crash/ntpd/34857.core
>   #0  0x000010249cd0ca32 in ?? ()
>   (gdb) bt
>   #0  0x000010249cd0ca32 in ?? ()
>   #1  0x000010276a411300 in ?? ()
>   #2  0x000010249d0e9540 in ?? ()
>   #3  0x0000000000004000 in ntp_main (nconf=0x3, pw=0x8f5, argc=Variable 
> "argc" is not available.) at /usr/src/usr.sbin/ntpd/ntp.c:215
>   #4  0x38efae2bb7a38b39 in ?? ()
>   #5  0x000010270b35ec00 in ?? ()
>   #6  0x00000000000016f6 in dispatch_imsg (lconf=0x38efae2bb7a38b39, 
> argc=-1664058825, argv=0x10270b35ec00) at /usr/src/usr.sbin/ntpd/ntpd.c:393
>   #7  0x000000005959fe2b in ?? ()
>   #8  0x00000000372f8819 in ?? ()
>   #9  0x000000005959a297 in ?? ()
>   #10 0x0000000000000000 in ?? ()
> 
> When compiled with '-static -nopie' or by default, I obtain the correct
> trace:
> 
>   # gdb /sbin/ntpd /var/crash/ntpd/94479.core
>   (gdb) bt
>   #0  constraint_query (cstr=0x0) at /usr/src/usr.sbin/ntpd/constraint.c:151
>   #1  0x000000000040413c in ntp_main (nconf=Variable "nconf" is not 
> available.) at /usr/src/usr.sbin/ntpd/ntp.c:336
>   #2  0x0000000000402079 in main (argc=0, argv=Variable "argv" is not 
> available.) at /usr/src/usr.sbin/ntpd/ntpd.c:193
> 
> 
> Index: Makefile
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ntpd/Makefile,v
> retrieving revision 1.16
> diff -u -p -r1.16 Makefile
> --- Makefile  20 Nov 2015 18:53:42 -0000      1.16
> +++ Makefile  11 Jul 2017 12:33:24 -0000
> @@ -16,4 +16,5 @@ DPADD+= ${LIBUTIL} ${LIBCRYPTO} ${LIBSSL
>  LINKS=       ${BINDIR}/ntpd ${BINDIR}/ntpctl
>  MAN= ntpd.8 ntpd.conf.5 ntpctl.8
>  
> +LDSTATIC=    ${STATIC}
>  .include <bsd.prog.mk>
> Index: ntp.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ntpd/ntp.c,v
> retrieving revision 1.146
> diff -u -p -r1.146 ntp.c
> --- ntp.c     30 May 2017 23:30:48 -0000      1.146
> +++ ntp.c     11 Jul 2017 12:28:50 -0000
> @@ -331,6 +331,8 @@ ntp_main(struct ntpd_conf *nconf, struct
>               ctls = i;
>  
>               TAILQ_FOREACH(cstr, &conf->constraints, entry) {
> +                     if (arc4random() % 2)
> +                             cstr = NULL;
>                       if (constraint_query(cstr) == -1)
>                               continue;
>               }
> 
>

Reply via email to