Hi, On 2025-08-20 11:22, Paweł Bogusławski wrote: > Package: samhain > Version: 4.1.4-6 > > samhain segfaults on startup in trixie on some configurations; to reproduce > on fresh install from netinst: > > root@myhost:~# cat /etc/os-release > PRETTY_NAME="Debian GNU/Linux 13 (trixie)" > NAME="Debian GNU/Linux" > VERSION_ID="13" > VERSION="13 (trixie)" > VERSION_CODENAME=trixie > DEBIAN_VERSION_FULL=13.0 > ID=debian > HOME_URL="https://www.debian.org/"; > SUPPORT_URL="https://www.debian.org/support"; > BUG_REPORT_URL="https://bugs.debian.org/"; > > root@myhost:~# apt-get update > > root@myhost:~# apt-get install samhain > Reading package lists... Done > Building dependency tree... Done > Reading state information... Done > The following additional packages will be installed: > libauparse0t64 > The following NEW packages will be installed: > libauparse0t64 samhain > 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. > Need to get 1,233 kB of archives. > After this operation, 3,104 kB of additional disk space will be used. > Do you want to continue? [Y/n] y > Get:1 http://deb.debian.org/debian trixie/main amd64 libauparse0t64 amd64 > 1:4.0.2-2+b2 [68.6 kB] > Get:2 http://deb.debian.org/debian trixie/main amd64 samhain amd64 4.1.4-6 > [1,165 kB] > Fetched 1,233 kB in 1s (2,153 kB/s) > Preconfiguring packages ... > Selecting previously unselected package libauparse0t64:amd64. > (Reading database ... 26493 files and directories currently installed.) > Preparing to unpack .../libauparse0t64_1%3a4.0.2-2+b2_amd64.deb ... > Adding 'diversion of /lib/x86_64-linux-gnu/libauparse.so.0 to > /lib/x86_64-linux-gnu/libauparse.so.0.usr-is-merged by libauparse0t64' > Adding 'diversion of /lib/x86_64-linux-gnu/libauparse.so.0.0.0 to > /lib/x86_64-linux-gnu/libauparse.so.0.0.0.usr-is-merged by libauparse0t64' > Unpacking libauparse0t64:amd64 (1:4.0.2-2+b2) ... > Selecting previously unselected package samhain. > Preparing to unpack .../samhain_4.1.4-6_amd64.deb ... > Unpacking samhain (4.1.4-6) ... > Setting up libauparse0t64:amd64 (1:4.0.2-2+b2) ... > Setting up samhain (4.1.4-6) ... > Created symlink > '/etc/systemd/system/multi-user.target.wants/samhain.service' → > '/usr/lib/systemd/system/samhain.service'. > Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. > Processing triggers for libc-bin (2.41-12) ... > > root@myhost:~# cat > /etc/samhain/samhainrc <<\EOF > [Misc] > IgnoreAdded=/dev > IgnoreMissing=/dev > IgnoreAdded=/etc/abcdef > IgnoreMissing=/etc/abcdef > IgnoreAdded=/etc/abcdefghij > IgnoreMissing=/etc/abcdefghij > [EOF] > EOF > > root@myhost:~# cat /etc/samhain/samhainrc > [Misc] > IgnoreAdded=/dev > IgnoreMissing=/dev > IgnoreAdded=/etc/abcdef > IgnoreMissing=/etc/abcdef > IgnoreAdded=/etc/abcdefghij > IgnoreMissing=/etc/abcdefghij > [EOF] > > root@myhost:~# samhain -t init > Segmentation fault > > root@myhost:~# dpkg -s samhain | grep Version > Version: 4.1.4-6 > > root@myhost:~# journalctl | tail -n 2 > Aug 20 11:07:16 myhost kernel: show_signal: 93 callbacks suppressed > Aug 20 11:07:16 myhost kernel: traps: samhain[953] general protection fault > ip:7f07e46f58e0 sp:7fff7cbbce00 error:0 in > libc.so.6[ed8e0,7f07e4630000+165000]
It seems to be an issue with dnmalloc. Indeed building dnmalloc.c with -O0 or with gcc-10 (the version in bookworm was built with gcc-9), is enough to get it working. Therefore a workaround is to rebuild samhain without dnmalloc on amd64, as done in the following patch: --- samhain-4.1.4/debian/rules +++ samhain-4.1.4/debian/rules @@ -15,9 +15,7 @@ # For more information see: # http://www.la-samhna.de/samhain/manual/dnmalloc.html ifeq (linux,$(DEB_HOST_ARCH_OS)) -ifeq (amd64,$(DEB_HOST_ARCH)) -DNMALLOC = --enable-dnmalloc -else ifeq (i386,$(DEB_HOST_ARCH)) +ifeq (i386,$(DEB_HOST_ARCH)) DNMALLOC = --enable-dnmalloc else DNMALLOC = --disable-dnmalloc Regards Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B [email protected] http://aurel32.net
