Bug 731719

Summary: Socket-activated services with TCPWrapName cause segfault
Product: [openSUSE] openSUSE 12.1 Reporter: Peter Conrad <conrad-novell.com>
Component: BasesystemAssignee: Frederic Crozat <fcrozat>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Final   
Target Milestone: ---   
Hardware: x86-64   
OS: SUSE Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Example socket unit

Description Peter Conrad 2011-11-21 13:15:42 UTC 
Created attachment 463156 [details]
Example socket unit

User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.8 (KHTML, like Gecko) Chrome/17.0.922.0 Safari/535.8 SUSE/17.0.922.0

When a socket-activated service has a TCPWrapName configured and access is denied via /etc/hosts.{allow,deny}, a systemd child segfaults. Log excerpt:

Nov 21 13:34:04 rowling kernel: [15126.302549] sd(EXEC)[15030]: segfault at 7fff25f88fa8 ip 00007fb93d0cb885 sp 00007fff25f88fb0 error 6 in libc-2.14.1.so[7fb93d087000+185000]
Nov 21 13:34:04 rowling systemd[1]: time@::1:13-::1:51570.service: main process exited, code=killed, status=11
Nov 21 13:34:04 rowling systemd[1]: Unit time@::1:13-::1:51570.service entered failed state.

---Example time.socket---
[Unit]
Description=Provides socket for daytime service

[Socket]
ListenStream=13
Accept=true
---/Example---


---Example time@.service---
[Unit]
Description=Provides daytime service via time.socket

[Service]
ExecStart=/bin/date
StandardInput=null
StandardOutput=socket
StandardError=syslog
TCPWrapName=daytime
---/Example---


Reproducible: Always

Steps to Reproduce:
1. Copy above example files to /etc/systemd/system
2. systemctl start time.socket
3. Make sure /etc/hosts.deny denies access to daytime
4. netcat localhost 13

5. Make sure /etc/hosts.* allows access to daytime, or remove TCPWrapName from service
6. netcat localhost 13
Mo 21. Nov 12:56:33 CET 2011

Actual Results:  
/var/log/messages contains segfault message


Apparently, openSUSE doesn't ship any socket-activated services using TCPWrapName. At least I haven't found any on my system. And it seems that the segfault only occurs when the service would have been denied, anyway.
That's why I chose severity "Normal", not "Major".
Comment 1 Frederic Crozat 2011-12-02 16:36:21 UTC 
there was a bug in upstream sd(EXEC) logging code which has been fixed.

I've pushed the fix in package in home:fcrozat:systemd / systemd (on OBS) and it will be part of next maintenance update.

could you test (it does fix the issue for me) ?
Comment 2 Peter Conrad 2011-12-07 15:15:43 UTC 
Tested home:fcrozat:systemd / systemd-37-308.1.x86_64. Logfile now reads

Dec  7 16:10:41 rowling systemd[10015]: Failed at step TCPWRAP spawning /bin/date: Permission denied

Looks good to me. :-)

Thanks!
Comment 3 Frederic Crozat 2011-12-09 14:42:53 UTC 
sr 96122 pushed to openSUSE:12.1:Update:Test
requesting maintenance update for 12.1
Comment 4 Bernhard Wiedemann 2011-12-09 15:00:52 UTC 
This is an autogenerated message for OBS integration:
This bug (731719) was mentioned in
https://build.opensuse.org/request/show/96122 12.1 / systemd
https://build.opensuse.org/request/show/96125 Factory / systemd
Comment 5 Bernhard Wiedemann 2011-12-09 18:00:45 UTC 
This is an autogenerated message for OBS integration:
This bug (731719) was mentioned in
https://build.opensuse.org/request/show/96193 Factory / systemd
Comment 6 Bernhard Wiedemann 2011-12-12 17:00:58 UTC 
This is an autogenerated message for OBS integration:
This bug (731719) was mentioned in
https://build.opensuse.org/request/show/96377 12.1 / systemd
Comment 8 Frederic Crozat 2012-01-04 09:31:05 UTC 
maintenance update has been released for 12.1, closing as fixed