[pkg-ntp-maintainers] Bug#640738: ntpd segfaults when using -i option (chroot jail)
Michael Gold
mgold at ncf.ca
Tue Sep 6 23:32:37 UTC 2011
Package: ntp
Version: 1:4.2.6.p3+dfsg-1
I recently upgraded to a new ntp package; later I found that ntpd had
stopped running and would segfault at startup. I traced it to this
line in /etc/default/ntp:
NTPD_OPTS='-i /var/lib/ntp/'
After removing the line, ntpd runs properly. This configuration had
worked previously. /var/log/apt/term.log shows that the previous
package version was 1:4.2.6.p2+dfsg-1+b2:
Preparing to replace ntp 1:4.2.6.p2+dfsg-1+b2 (using .../ntp_1%3a4.2.6.p3+dfsg-1_amd64.deb) ...
/var/lib/ntp has permissions 0755 with ownership ntp:ntp (115:116), and
contains a var/lib/ntp symlink pointing back to it (target "../..").
I've attached a partial strace at the end of this message. ntpd is
trying to open several files after the chroot call, which may be causing
the crash.
- Michael
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.39-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages ntp depends on:
ii adduser 3.113
ii dpkg 1.16.0.3
ii libc6 2.13-18
ii libcap2 1:2.22-1
ii libedit2 2.11-20080614-3
ii libopts25 1:5.12-0.1
ii libssl1.0.0 1.0.0d-3
ii lsb-base 3.2-28
ii netbase 4.46
Versions of packages ntp recommends:
ii perl 5.12.4-4
Versions of packages ntp suggests:
ii ntp-doc 1:4.2.6.p3+dfsg-1
-- Configuration Files:
/etc/default/ntp changed:
/etc/ntp.conf changed:
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 209.51.161.238 iburst
server 129.6.15.29 iburst
server ntp0.broadinstitute.org iburst
server time.nrc.ca iburst
server sundial.columbia.edu iburst
server 64.236.96.53 iburst
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1 nomodify nopeer
restrict ::1 nomodify nopeer
-- no debconf information
-- strace output:
6991 execve("/usr/sbin/ntpd", ["ntpd", "-u", "115", "-i", "/var/lib/ntp"], [/* 14 vars */]) = 0
...
6992 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
6992 lseek(4, 0, SEEK_CUR) = 0
6992 fstat(4, {st_mode=S_IFREG|0644, st_size=2722, ...}) = 0
6992 mmap(NULL, 2722, PROT_READ, MAP_SHARED, 4, 0) = 0x7f8a526b2000
6992 lseek(4, 2722, SEEK_SET) = 2722
6992 munmap(0x7f8a526b2000, 2722) = 0
6992 close(4) = 0
6992 chdir("/var/lib/ntp") = 0
6992 chroot("/var/lib/ntp") = 0
6992 chdir("/") = 0
6992 open("/proc/sys/kernel/ngroups_max", O_RDONLY) = -1 ENOENT (No such file or directory)
6992 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
6992 connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 EACCES (Permission denied)
6992 close(4) = 0
6992 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
6992 connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 EACCES (Permission denied)
6992 close(4) = 0
6992 open("/etc/group", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
6992 setgroups(1, [116]) = 0
6992 setuid(115) = 0
6992 setresuid(-1, 115, -1) = 0
6992 capget(0x20080522, 0, NULL) = 0
6992 capset(0x20080522, 0, {CAP_NET_BIND_SERVICE|CAP_SYS_TIME, CAP_NET_BIND_SERVICE|CAP_SYS_TIME, 0}) = 0
6992 select(30, [16 17 18 19 20 21 22 23 24 25 26 27 28 29], NULL, NULL, NULL) = 1 (in [19])
6992 clock_gettime(CLOCK_REALTIME, {1315349710, 467386301}) = 0
6992 select(30, [16 17 18 19 20 21 22 23 24 25 26 27 28 29], NULL, NULL, {0, 0}) = 1 (in [19], left {0, 0})
...
6992 select(30, [16 17 18 19 20 21 22 23 24 25 26 27 28 29], NULL, NULL, NULL) = ? ERESTARTNOHAND (To be restarted)
6992 --- SIGALRM (Alarm clock) @ 0 (0) ---
6992 rt_sigreturn(0xe) = -1 EINTR (Interrupted system call)
6992 clock_gettime(CLOCK_REALTIME, {1315349711, 165719128}) = 0
6992 clock_gettime(CLOCK_REALTIME, {1315349711, 165791763}) = 0
6992 sendto(19, "\343\0\6\362\0\0\0\0\0\0\0\0INIT\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 48, 0, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("209.51.161.238")}, 16) = 48
6992 clock_gettime(CLOCK_REALTIME, {1315349711, 166046824}) = 0
6992 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
6992 ioctl(4, SIOCGIFCONF, {240, {{"lo", {AF_INET, inet_addr("127.0.0.1")}}, {"ethint", {AF_INET, inet_addr("74.116.186.121")}}, {"ethint", {AF_INET, inet_addr("172.23.1.1")}}, {"ethext", {AF_INET, inet_addr("10.0.0.1")}}, {"ppp0", {AF_INET, inet_addr("173.246.8.173")}}, {"tun0", {AF_INET, inet_addr("172.23.2.1")}}}}) = 0
6992 open("/proc/net/if_inet6", O_RDONLY) = -1 ENOENT (No such file or directory)
6992 ioctl(4, SIOCGIFFLAGS, {ifr_name="lo", ifr_flags=IFF_UP|IFF_LOOPBACK|IFF_RUNNING}) = 0
6992 ioctl(4, SIOCGIFNETMASK, {ifr_name="lo", ifr_netmask={AF_INET, inet_addr("255.0.0.0")}}) = 0
6992 ioctl(4, SIOCGIFFLAGS, {ifr_name="ethint", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST}) = 0
6992 ioctl(4, SIOCGIFBRDADDR, {ifr_name="ethint", ifr_broadaddr={AF_INET, inet_addr("74.116.186.127")}}) = 0
6992 ioctl(4, SIOCGIFNETMASK, {ifr_name="ethint", ifr_netmask={AF_INET, inet_addr("255.255.255.248")}}) = 0
6992 ioctl(4, SIOCGIFFLAGS, {ifr_name="ethint", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST}) = 0
6992 ioctl(4, SIOCGIFBRDADDR, {ifr_name="ethint", ifr_broadaddr={AF_INET, inet_addr("74.116.186.127")}}) = 0
6992 ioctl(4, SIOCGIFNETMASK, {ifr_name="ethint", ifr_netmask={AF_INET, inet_addr("255.255.255.0")}}) = 0
6992 ioctl(4, SIOCGIFFLAGS, {ifr_name="ethext", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_PROMISC|IFF_MULTICAST}) = 0
6992 ioctl(4, SIOCGIFBRDADDR, {ifr_name="ethext", ifr_broadaddr={AF_INET, inet_addr("10.0.0.255")}}) = 0
6992 ioctl(4, SIOCGIFNETMASK, {ifr_name="ethext", ifr_netmask={AF_INET, inet_addr("255.255.255.0")}}) = 0
6992 ioctl(4, SIOCGIFFLAGS, {ifr_name="ppp0", ifr_flags=IFF_UP|IFF_POINTOPOINT|IFF_RUNNING|IFF_NOARP|IFF_MULTICAST}) = 0
6992 ioctl(4, SIOCGIFDSTADDR, {ifr_name="ppp0", ifr_dstaddr={AF_INET, inet_addr("74.116.184.12")}}) = 0
6992 ioctl(4, SIOCGIFNETMASK, {ifr_name="ppp0", ifr_netmask={AF_INET, inet_addr("255.255.255.255")}}) = 0
6992 ioctl(4, SIOCGIFFLAGS, {ifr_name="tun0", ifr_flags=IFF_UP|IFF_POINTOPOINT|IFF_RUNNING|IFF_NOARP|IFF_MULTICAST}) = 0
6992 ioctl(4, SIOCGIFDSTADDR, {ifr_name="tun0", ifr_dstaddr={AF_INET, inet_addr("172.23.2.2")}}) = 0
6992 ioctl(4, SIOCGIFNETMASK, {ifr_name="tun0", ifr_netmask={AF_INET, inet_addr("255.255.255.255")}}) = 0
6992 close(4) = 0
6992 sendto(3, "<30>Sep 6 18:55:11 ntpd[6992]: "..., 134, MSG_NOSIGNAL, NULL, 0) = 134
6992 close(29) = 0
6992 sendto(3, "<30>Sep 6 18:55:11 ntpd[6992]: "..., 157, MSG_NOSIGNAL, NULL, 0) = 157
6992 close(28) = 0
6992 sendto(3, "<30>Sep 6 18:55:11 ntpd[6992]: "..., 158, MSG_NOSIGNAL, NULL, 0) = 158
6992 close(27) = 0
6992 sendto(3, "<30>Sep 6 18:55:11 ntpd[6992]: "..., 152, MSG_NOSIGNAL, NULL, 0) = 152
6992 close(26) = 0
6992 sendto(3, "<30>Sep 6 18:55:11 ntpd[6992]: "..., 158, MSG_NOSIGNAL, NULL, 0) = 158
6992 close(25) = 0
6992 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ntp-maintainers/attachments/20110906/992a3186/attachment.pgp>
More information about the pkg-ntp-maintainers
mailing list