Hello,
just tried to reproduce this crash.
I got following call stack in gdb with original packages:
(gdb) bt
#0 0x00002b57561a5c86 in strtouq () from /lib/libc.so.6
#1 0x00002b57561a3712 in atoi () from /lib/libc.so.6
#2 0x000000000045f5fe in dgettext ()
#3 0x0000000000405778 in __libc_start_main ()
When rebuilding just noshell:
(gdb) bt
#0 0x00002ad26562fc86 in strtouq () from /lib/libc.so.6
#1 0x00002ad26562d712 in atoi () from /lib/libc.so.6
#2 0x000000000045f67e in main (argc=5, argv=0x7fff456d13f8,
envp=0x7fff456d1428) at runas.c:98
When even rebuilding glibc:
Program received signal SIGSEGV, Segmentation fault.
*__GI_____strtol_l_internal (nptr=0x7fff0a04fee6 "1000", endptr=0x0, base=10,
group=0, loc=0x0) at ../sysdeps/generic/strtol_l.c:239
239 struct locale_data *current = loc->__locales[LC_NUMERIC];
(gdb) bt
#0 *__GI_____strtol_l_internal (nptr=0x7fff0a04fee6 "1000", endptr=0x0,
base=10, group=0, loc=0x0) at ../sysdeps/generic/strtol_l.c:239
#1 0x00002ac5a0cae712 in atoi (nptr=0x7fff0a04fee6 "1000") at
../stdlib/stdlib.h:333
#2 0x000000000045f67e in main (argc=5, argv=0x7fff0a04dd78,
envp=0x7fff0a04dda8) at runas.c:98
It might be related to the link command:
gcc -o runas /usr/lib/libc.a -dn stubs.o runas.o
The link command seems to do dynamic linking but /usr/lib/libc.a seems
to be the static library judging from the size.
So either command produces an working executable:
gcc -static -o runas /usr/lib/libc.a -dn stubs.o runas.o
gcc -o runas /usr/lib/libc_nonshared.a -dn stubs.o runas.o
gcc -o runas -dn stubs.o runas.o
At least Squeeze contains a Makefile.linux that got
the "/usr/lib/libc.a" commented out [1] [2].
So this bug can probably be marked as done.
Kind regards,
Bernhard
[1] https://sources.debian.org/src/titantools/4.0.11-4/Makefile.linux/
[2] https://sources.debian.org/src/titantools/4.0.11+notdfsg1-2/Makefile.linux/
PS.: Was fun, but is there no automatic bug closing when the
release, the bug got reported against, is getting unsupported?
# cat /etc/apt/sources.list
deb http://snapshot.debian.org/archive/debian/20070920T000000Z/ etch main
non-free
deb-src http://snapshot.debian.org/archive/debian/20070920T000000Z/ etch main
non-free
apt-get install noshell gdb dpkg-dev libc6-dbg
apt-get build-dep titantools
apt-get build-dep glibc
# gdb -q --args runas 1000 1000 0022 /bin/bash
(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) run
Starting program: /usr/sbin/runas 1000 1000 0022 /bin/bash
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
Program received signal SIGSEGV, Segmentation fault.
0x00002b57561a5c86 in strtouq () from /lib/libc.so.6
(gdb) bt
#0 0x00002b57561a5c86 in strtouq () from /lib/libc.so.6
#1 0x00002b57561a3712 in atoi () from /lib/libc.so.6
#2 0x000000000045f5fe in dgettext ()
#3 0x0000000000405778 in __libc_start_main ()
#4 0x000000000040551a in ?? ()
#5 0x00007fff54b59878 in ?? ()
#6 0x0000000000000000 in ?? ()
(gdb) display/i $pc
1: x/i $pc 0x2b57561a5c86 <strtouq+54>: mov 0x8(%r8),%rdx
(gdb) disassemble strtouq
Dump of assembler code for function strtouq:
0x00002b57561a5c50 <strtouq+0>: mov 2114209(%rip),%rax #
0x2b57563a9ef8 <_IO_file_jumps+2328>
0x00002b57561a5c57 <strtouq+7>: xor %ecx,%ecx
0x00002b57561a5c59 <strtouq+9>: mov %fs:(%rax),%r8
0x00002b57561a5c5d <strtouq+13>: jmpq 0x2b57561a60a0 <strtoll_l+16>
0x00002b57561a5c62 <strtouq+18>: nop
0x00002b57561a5c63 <strtouq+19>: nop
0x00002b57561a5c64 <strtouq+20>: nop
0x00002b57561a5c65 <strtouq+21>: nop
0x00002b57561a5c66 <strtouq+22>: nop
0x00002b57561a5c67 <strtouq+23>: nop
0x00002b57561a5c68 <strtouq+24>: nop
0x00002b57561a5c69 <strtouq+25>: nop
0x00002b57561a5c6a <strtouq+26>: nop
0x00002b57561a5c6b <strtouq+27>: nop
0x00002b57561a5c6c <strtouq+28>: nop
0x00002b57561a5c6d <strtouq+29>: nop
0x00002b57561a5c6e <strtouq+30>: nop
0x00002b57561a5c6f <strtouq+31>: nop
0x00002b57561a5c70 <strtouq+32>: push %r15
0x00002b57561a5c72 <strtouq+34>: push %r14
0x00002b57561a5c74 <strtouq+36>: mov %r8,%r14
0x00002b57561a5c77 <strtouq+39>: push %r13
0x00002b57561a5c79 <strtouq+41>: mov %edx,%r13d
0x00002b57561a5c7c <strtouq+44>: push %r12
0x00002b57561a5c7e <strtouq+46>: push %rbp
0x00002b57561a5c7f <strtouq+47>: push %rbx
0x00002b57561a5c80 <strtouq+48>: sub $0x28,%rsp
0x00002b57561a5c84 <strtouq+52>: test %ecx,%ecx
0x00002b57561a5c86 <strtouq+54>: mov 0x8(%r8),%rdx
(gdb) print/x $r8
$1 = 0x0
mkdir -p noshell/orig
cd noshell/orig
apt-get source noshell
cd ..
cp orig/ try1 -a
cd try1/titantools-4.0.11/
DEB_BUILD_OPTIONS='nostrip' dpkg-buildpackage -b
cd ..
dpkg -i noshell_4.0.11-4_amd64.deb
# gdb -q --args runas 1000 1000 0022 /bin/bash
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) run
Starting program: /usr/sbin/runas 1000 1000 0022 /bin/bash
Program received signal SIGSEGV, Segmentation fault.
0x00002afb25313c86 in strtouq () from /lib/libc.so.6
(gdb) bt
#0 0x00002afb25313c86 in strtouq () from /lib/libc.so.6
#1 0x00002afb25311712 in atoi () from /lib/libc.so.6
#2 0x000000000045f67e in main ()
cp orig/ try2 -a
cd try2/titantools-4.0.11/
nano Makefile.linux
-CFLAGS =
+CFLAGS = -g
DEB_BUILD_OPTIONS='nostrip' dpkg-buildpackage -b
cd ..
dpkg -i noshell_4.0.11-4_amd64.deb
# gdb -q --args runas 1000 1000 0022 /bin/bash
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) run
Starting program: /usr/sbin/runas 1000 1000 0022 /bin/bash
Program received signal SIGSEGV, Segmentation fault.
0x00002ad26562fc86 in strtouq () from /lib/libc.so.6
(gdb) bt
#0 0x00002ad26562fc86 in strtouq () from /lib/libc.so.6
#1 0x00002ad26562d712 in atoi () from /lib/libc.so.6
#2 0x000000000045f67e in main (argc=5, argv=0x7fff456d13f8,
envp=0x7fff456d1428) at runas.c:98
(gdb) up
#1 0x00002ad26562d712 in atoi () from /lib/libc.so.6
(gdb)
#2 0x000000000045f67e in main (argc=5, argv=0x7fff456d13f8,
envp=0x7fff456d1428) at runas.c:98
98 newGID = atoi(argv[2]);
(gdb) print argv[2]
$1 = 0x7fff456d1ee4 "1000"
apt-get install libc6-dbg
# gdb -q --args runas 1000 1000 0022 /bin/bash
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) run
Starting program: /usr/sbin/runas 1000 1000 0022 /bin/bash
Program received signal SIGSEGV, Segmentation fault.
0x00002aec36cb1c86 in ____strtoll_l_internal () from /lib/libc.so.6
(gdb) bt
#0 0x00002aec36cb1c86 in ____strtoll_l_internal () from /lib/libc.so.6
#1 0x00002aec36caf712 in atoi () from /lib/libc.so.6
#2 0x000000000045f67e in main (argc=5, argv=0x7fff7404cd78,
envp=0x7fff7404cda8) at runas.c:98
mkdir -p libc6/orig
cd libc6/orig
apt-get source libc6
cd ..
cp orig try1 -a
cd try1/glibc-2.3.6.ds1
# search for -g1, replace by -g in amd64 and linux related files.
DEB_BUILD_OPTIONS='nostrip' dpkg-buildpackage -b
cd ..
dpkg -i libc6_2.3.6.ds1-13etch2_amd64.deb libc6-dbg_2.3.6.ds1-13etch2_amd64.deb
libc6-dev_2.3.6.ds1-13etch2_amd64.deb
libc6-dev-i386_2.3.6.ds1-13etch2_amd64.deb
libc6-i386_2.3.6.ds1-13etch2_amd64.deb locales_2.3.6.ds1-13etch2_all.deb
# gdb -q --args runas 1000 1000 0022 /bin/bash
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) b main
Breakpoint 1 at 0x45f502: file runas.c, line 42.
(gdb) run
Starting program: /usr/sbin/runas 1000 1000 0022 /bin/bash
Breakpoint 1, main (argc=5, argv=0x7fff0a04dd78, envp=0x7fff0a04dda8) at
runas.c:42
42 short errFlag = 0;
(gdb) b atoi
Breakpoint 2 at 0x2ac5a0cae700: file atoi.c, line 27.
(gdb) cont
Continuing.
Breakpoint 2, atoi (nptr=0x7fff0a04fee6 "1000") at atoi.c:27
27 {
(gdb) next
333 return __strtol_internal (__nptr, __endptr, __base, 0);
(gdb) step
*__GI___strtol_internal (nptr=0x7fff0a04fee6 "1000", endptr=0x0, base=10,
group=0) at ../sysdeps/generic/strtol.c:99
99 return INTERNAL (__strtol_l) (nptr, endptr, base, group,
_NL_CURRENT_LOCALE);
(gdb)
*__GI_____strtol_l_internal (nptr=0x7fff0a04fee6 "1000", endptr=0x0, base=10,
group=0, loc=0x0) at ../sysdeps/generic/strtol_l.c:225
225 {
(gdb)
251 if (__builtin_expect (group, 0))
(gdb) next
239 struct locale_data *current = loc->__locales[LC_NUMERIC];
(gdb) bt
#0 *__GI_____strtol_l_internal (nptr=0x7fff0a04fee6 "1000", endptr=0x0,
base=10, group=0, loc=0x0) at ../sysdeps/generic/strtol_l.c:239
#1 0x00002ac5a0cae712 in atoi (nptr=0x7fff0a04fee6 "1000") at
../stdlib/stdlib.h:333
#2 0x000000000045f67e in main (argc=5, argv=0x7fff0a04dd78,
envp=0x7fff0a04dda8) at runas.c:98
(gdb) next
Program received signal SIGSEGV, Segmentation fault.
*__GI_____strtol_l_internal (nptr=0x7fff0a04fee6 "1000", endptr=0x0, base=10,
group=0, loc=0x0) at ../sysdeps/generic/strtol_l.c:239
239 struct locale_data *current = loc->__locales[LC_NUMERIC];
(gdb) bt
#0 *__GI_____strtol_l_internal (nptr=0x7fff0a04fee6 "1000", endptr=0x0,
base=10, group=0, loc=0x0) at ../sysdeps/generic/strtol_l.c:239
#1 0x00002ac5a0cae712 in atoi (nptr=0x7fff0a04fee6 "1000") at
../stdlib/stdlib.h:333
#2 0x000000000045f67e in main (argc=5, argv=0x7fff0a04dd78,
envp=0x7fff0a04dda8) at runas.c:98
(gdb) display/i $pc
1: x/i $pc 0x2ac5a0cb0c86 <*__GI_____strtol_l_internal+22>: mov
0x8(%r8),%rdx
(gdb) disassemble __GI_____strtol_l_internal
Dump of assembler code for function ____strtoll_l_internal:
0x00002ac5a0cb0c70 <*__GI_____strtol_l_internal+0>: push %r15
0x00002ac5a0cb0c72 <*__GI_____strtol_l_internal+2>: push %r14
0x00002ac5a0cb0c74 <*__GI_____strtol_l_internal+4>: mov %r8,%r14
0x00002ac5a0cb0c77 <*__GI_____strtol_l_internal+7>: push %r13
0x00002ac5a0cb0c79 <*__GI_____strtol_l_internal+9>: mov %edx,%r13d
0x00002ac5a0cb0c7c <*__GI_____strtol_l_internal+12>: push %r12
0x00002ac5a0cb0c7e <*__GI_____strtol_l_internal+14>: push %rbp
0x00002ac5a0cb0c7f <*__GI_____strtol_l_internal+15>: push %rbx
0x00002ac5a0cb0c80 <*__GI_____strtol_l_internal+16>: sub $0x28,%rsp
0x00002ac5a0cb0c84 <*__GI_____strtol_l_internal+20>: test %ecx,%ecx
0x00002ac5a0cb0c86 <*__GI_____strtol_l_internal+22>: mov 0x8(%r8),%rdx
./glibc-2.3.6.ds1/build-tree/glibc-2.3.6/locale/localeinfo.h:#define
_NL_CURRENT_LOCALE ((__locale_t) __libc_tsd_get (LOCALE))
./glibc-2.3.6.ds1/build-tree/glibc-2.3.6/sysdeps/generic/bits/libc-tsd.h:#
define __libc_tsd_get(KEY) (__libc_tsd_##KEY)
./glibc-2.3.6.ds1/build-tree/glibc-2.3.6/sysdeps/generic/bits/libc-tsd.h:#
define __libc_tsd_get(KEY) (__libc_tsd_##KEY##_data)
./glibc-2.3.6.ds1/build-tree/glibc-2.3.6/locale/localeinfo.h:__libc_tsd_define
(extern, LOCALE)
./glibc-2.3.6.ds1/build-tree/glibc-2.3.6/locale/global-locale.c:__libc_tsd_define
(, LOCALE)
(gdb) print __libc_tsd_LOCALE
Cannot access memory at address 0x18
