[Bug 1926379] Re: stack smashing attack detected in bash host tab completion
Hello Seth, or anyone else affected, Accepted glibc into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/glibc/2.31-0ubuntu9.5 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Tags removed: verification-done verification-done-focal ** Tags added: verification-needed verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926379 Title: stack smashing attack detected in bash host tab completion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926379] Re: stack smashing attack detected in bash host tab completion
I tested an upgrade from 0ubuntu9.2 to 0ubuntu9.4 in a vm and could not reproduce this problem. ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926379 Title: stack smashing attack detected in bash host tab completion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926379] Re: stack smashing attack detected in bash host tab completion
I'm more interested in people updating from the version currently in updates to the version currently in proposed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926379 Title: stack smashing attack detected in bash host tab completion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926379] Re: stack smashing attack detected in bash host tab completion
What kinds of tests are we hoping for, here? From people who never backed out the broken glibc manually? (This might be a difficult group to reach.) Or from just anyone, to try to find out if the revert and new fixes were done correctly? Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926379 Title: stack smashing attack detected in bash host tab completion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926379] Re: stack smashing attack detected in bash host tab completion
Hello Seth, or anyone else affected, Accepted glibc into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/glibc/2.31-0ubuntu9.4 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: glibc (Ubuntu Focal) Status: New => Fix Committed ** Tags added: verification-needed verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926379 Title: stack smashing attack detected in bash host tab completion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926379] Re: stack smashing attack detected in bash host tab completion
So I don't know exactly what was going on with sarnold's machine but I now finally understand why the 0ubuntu9.3 update caused problems: The tls accounting patch added a glibc tunable (https://www.gnu.org/software/libc/manual/html_node/Tunables.html). A tunable is defined internally as a name and a type (and some other data) but during the build it also gets assigned an ID and unfortunately the tunable added by the tls accounting patch ends changing the ID of the glibc.pthread.mutex_spin_count tunable. The problems occur when you have a new dynamic linker / ld.so but an old libpthread.so: libpthread.so's _init function calls get_tunable with the ID for glibc.pthread.mutex_spin_count, but get_tunable is implemented in ld.so, where this ID corresponds to the new glibc.rtld.nns tunable. The type for glibc.pthread.mutex_spin_count is int32 and the type for glibc.rtld.nns is size_t, so when get_tunable writes the value into the pointer it is passed, it does indeed smash the stack. Even if this doesn't happen, libpthread might well misbehave in all sorts of ways if gets back values appropriate for glibc.rtld.nns when it's expecting values for glibc.pthread.mutex_spin_count. So this explains the behaviour seen in bug 1926355, completely. What I don't understand wrt this bug is that "new ld.so / old libpthread.so" should be a very temporary situation during an upgrade. I guess a process that has the old ld.so loaded might dlopen the new libpthread.so and experience a similar issue, although dlopening libpthread isn't really a think that works aiui. But it could be a similar problem with some other library. Unfortunately, this means that upgrades from 0ubuntu9.3 to 0ubuntu9.4 are vulnerable to the same issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926379 Title: stack smashing attack detected in bash host tab completion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926379] Re: stack smashing attack detected in bash host tab completion
There is a WIP branch to prevent upgrades from 2.31-0ubuntu9.3 and cause crashes again on that path: https://code.launchpad.net/~rbalint/ubuntu/+source/glibc/+git/glibc/+ref/ubuntu/focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926379 Title: stack smashing attack detected in bash host tab completion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926379] Re: stack smashing attack detected in bash host tab completion
** Changed in: glibc (Ubuntu) Assignee: Balint Reczey (rbalint) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926379 Title: stack smashing attack detected in bash host tab completion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926379] Re: stack smashing attack detected in bash host tab completion
We're also seeing this with rsyncd: | Apr 28 09:35:04 behaim rsync[2152929]: *** stack smashing detected ***: terminated >From apt history logs: | Upgrade: libldap-2.4-2:amd64 (2.4.49+dfsg-2ubuntu1.7, 2.4.49+dfsg-2ubuntu1.8), libc6-dev:amd64 (2.31-0ubuntu9.2, 2.31-0ubuntu9.3), grub-common:amd64 (2.04-1ubuntu26.9, 2.04-1ubuntu26.11), python3-pip:amd64 (20.0.2-5ubuntu1.1, 20.0.2-5ubuntu1.3), libc6:amd64 (2.31-0ubuntu9.2, 2.31-0ubuntu9.3)... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926379 Title: stack smashing attack detected in bash host tab completion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926379] Re: stack smashing attack detected in bash host tab completion
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: glibc (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926379 Title: stack smashing attack detected in bash host tab completion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926379] Re: stack smashing attack detected in bash host tab completion
** Changed in: glibc (Ubuntu) Assignee: (unassigned) => Balint Reczey (rbalint) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926379 Title: stack smashing attack detected in bash host tab completion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926379] Re: stack smashing attack detected in bash host tab completion
Thank you for the bug report. The update has been reverted, please downgrade glibc binary packges to 2.31-0ubuntu9.2 until the new update becomes available. The problem seems to be caused by the fix for LP: #1914044. ** Tags added: regression-update -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926379 Title: stack smashing attack detected in bash host tab completion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926379] Re: stack smashing attack detected in bash host tab completion
I couldn't install the debug symbols: bash-dbgsym : Depends: bash (= 5.0-6ubuntu1) but 5.0-6ubuntu1.1 is to be installed And I had to add a Package: bash line to my crash file.. Here's the frames that look most likely related: #13 0x7f29177a85fa in _dl_find_dso_for_object () from /lib64/ld-linux-x86-64.so.2 No symbol table info available. #14 0x55f19a675880 in ?? () No symbol table info available. #15 0x7ffd864d6140 in ?? () No symbol table info available. #16 0x7f298002 in ?? () No symbol table info available. #17 0x7f291769c62c in nss_load_library (ni=0x0) at nsswitch.c:359 shlen = saved_errno = 1 shlib_name = Backtrace stopped: previous frame inner to this frame (corrupt stack?) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926379 Title: stack smashing attack detected in bash host tab completion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926379] Re: stack smashing attack detected in bash host tab completion
Possibly a duplicate of bug LP: #1926355 https://bugs.launchpad.net/bugs/1926355 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926379 Title: stack smashing attack detected in bash host tab completion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
