One simple stupid users trick owns all your bases ...
Richard Sharpe
realrichardsharpe at gmail.com
Fri Sep 1 17:15:22 UTC 2023
On Fri, Sep 1, 2023 at 10:04 AM Jeremy Allison <jra at samba.org> wrote:
>
> On Fri, Sep 01, 2023 at 09:21:09AM -0700, Richard Sharpe via samba-technical wrote:
> >Hi folks,
> >
> >I didn't follow the instructions carefully enough.
> >
> >I set up resolv.conf to point at 127.0.0.1 and an upstream nameserver
> >(10.20.1.100).
> >
> >During provisioning that created an entry of 'dns resolver = 127.0.0.1'.
> >
> >That resulted in the following crash. Looks like a bug.
> >
> >Provisioning should not use any of the aliases for the current system
> >as forwarders.
> >
> >In addition, perhaps the code should not crash if it gets a timeout.
> >
> >4.19.0rc4.
>
> Can you add a "panic action = /bin/sleep 99999999"
> and catch it in gdb. Knowing *exactly* what line
> it goes down on will help. A lot :-).
OK:
#0 0x00007fa0f256dd98 in nanosleep () from /lib64/libc.so.6
#1 0x00007fa0f256dc9e in sleep () from /lib64/libc.so.6
#2 0x00007fa0f8e1c13b in log_stack_trace () at ../../lib/util/fault.c:306
#3 0x00007fa0f8e1c33f in smb_panic_log (
why=why at entry=0x7ffc3acd6050 "Signal 11: Segmentation fault")
at ../../lib/util/fault.c:195
#4 0x00007fa0f8e1c4b3 in smb_panic (
why=why at entry=0x7ffc3acd6050 "Signal 11: Segmentation fault")
at ../../lib/util/fault.c:206
#5 0x00007fa0f8e1c619 in fault_report (sig=11) at ../../lib/util/fault.c:83
#6 sig_fault (sig=11) at ../../lib/util/fault.c:94
#7 <signal handler called>
#8 0x00007fa0f7b90049 in dns_cli_request_udp_done (subreq=<optimized out>)
at ../../libcli/dns/dns.c:497
#9 0x00007fa0f7b9134d in dns_udp_request_done (subreq=0x618001b18900)
at ../../libcli/dns/dns.c:157
#10 0x00007fa0f9764929 in tdgram_recvfrom_done (subreq=0x61800533cd00)
at ../../lib/tsocket/tsocket.c:239
#11 0x00007fa0f976b1f7 in tdgram_bsd_recvfrom_handler (
private_data=<optimized out>) at ../../lib/tsocket/tsocket_bsd.c:1186
#12 0x00007fa0f9769c18 in tdgram_bsd_fde_handler (ev=<optimized out>,
fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>)
at ../../lib/tsocket/tsocket_bsd.c:910
#13 0x00007fa0f3dc53a7 in tevent_common_invoke_fd_handler ()
Here is the code:
(gdb) frame 8
#8 0x00007fa0f7b90049 in dns_cli_request_udp_done (subreq=<optimized out>)
at ../../libcli/dns/dns.c:497
497 tevent_req_error(req, ENOMSG);
(gdb) list
492
493 reply_id = PULL_BE_U16(reply.data, 0);
494 if (reply_id != state->req_id) {
495 DBG_DEBUG("Got id %"PRIu16", expected %"PRIu16"\n",
496 state->reply->id, state->req_id);
497 tevent_req_error(req, ENOMSG);
498 return;
499 }
500
501 operation = PULL_BE_U16(reply.data, 2);
I still think provision should not allow this but it should also not crash.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)
More information about the samba-technical
mailing list