[sles-beta] SLES11 SP4 RC1 bug/crash

Stefan Behlert behlert at suse.com
Wed May 13 06:27:04 MDT 2015 

Hi,

be so kind to open a Service Request. I've relayed this to our kernel
developers, but in case there are questions it would be good to have a
bugreport where collaboration can happen.

        Stefan

On May 13, 15 11:23:31 +0000, Jelen, Petr (EXT) wrote:
> Dear all,
> 
> We localized a bug in SLES11 SP4 RC1 x86_64 kernel. Description follows:
> 
> ---- SLES11 SP4 RC1 x86_64 kernel crash ----------------------------------------------
> 
> The kernel oops happens when accessing a symlink in a directory, which has sticky bit set and has another owner, than the symlink itself:
> In our case, there is a  /opt/bin
> 
> linux-SLES11-SP4-RC1:/ # ls -ld /opt/bin
> drwxrwxrwt 2 root root 4096 May 12 14:21 /opt/bin
> 
> The problem is triggered, when a root process tries to access the symlink which has non-root ownership (bin:bin).
> 
> linux-SLES11-SP4-RC1:/opt/bin #  l cryco_*
> lrwxrwxrwx 1 bin  bin       9 May 12 09:36 cryco_cleanup -> cryco_cmd*
> -r-xr-x--- 1 bin  bin  255880 Apr 28 14:16 cryco_cmd*
> lrwxrwxrwx 1 bin  bin       9 May 12 09:36 cryco_new -> cryco_cmd*
> 
> If I try to read the file through the symlink, I get “No such file or directory” error:
> linux-SLES11-SP4-RC1:/opt/bin # ldd /opt/bin/cryco_new
> ldd: /opt/bin/cryco_new: No such file or directory
> 
> If I try to execute it, kernel crashes “Oops”
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
> 
> When I change the symlink ownership to root:root, then it works normally:
> linux-SLES11-SP4-RC1:/opt/bin # l cryco_*
> lrwxrwxrwx 1 bin  bin       9 May 12 09:36 cryco_cleanup -> cryco_cmd*
> -r-xr-x--- 1 bin  bin  255880 Apr 28 14:16 cryco_cmd*
> lrwxrwxrwx 1 root root      9 May 12 09:36 cryco_new -> cryco_cmd*
> 
> linux-SLES11-SP4-RC1:/opt/bin # ldd /opt/bin/cryco_new
>         linux-vdso.so.1 =>  (0x00007ffcfa48b000)
>         libc.so.6 => /lib64/libc.so.6 (0x00007f31e619d000)
>         /lib64/ld-linux-x86-64.so.2 (0x00007f31e654e000)
> 
> Steps to reproduce the bug on SLES11 SP4 RC1:
> 
> 1.       mkdir /root/dir_sticky
> 
> 2.       chmod 777 /root/dir_sticky
> 
> 3.       chmod +t  /root/dir_sticky
> 
> 4.       chown root:root /root/dir_sticky
> 
> 5.       ln -s /bin/true /root/dir_sticky/true_link
> 
> 6.       chown -h bin:bin /root/dir_sticky/true_link
> 
> 7.       ls -H /root/dir_sticky/true_link
> ls: cannot access /root/dir_sticky/true_link: Permission denied
> 
> 8.       /root/dir_sticky/true_link   --> will cause kernel crash and reboot
> 
> 
> 
> If possible, deliver us the fixed kernel rpm before rc2, to confirm, that the bug is fixed.
> 
> Thank you in advance,
> Petr Jelen
> +420266061220
> 

-- 
Stefan Behlert, SUSE LINUX
Release Manager Enterprise Server
 
Maxfeldstr. 5, D-90409 Nuernberg, Germany
Phone +49-911-74053-173
SUSE LINUX GmbH, Nuernberg; GF: Felix Imendoerffer, Jane Smithard, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nuernberg)

More information about the sles-beta mailing list