[sles-beta] SLES11 SP4 RC1 bug/crash
Stefan Behlert
behlert at suse.com
Wed May 13 06:27:04 MDT 2015
Hi,
be so kind to open a Service Request. I've relayed this to our kernel
developers, but in case there are questions it would be good to have a
bugreport where collaboration can happen.
Stefan
On May 13, 15 11:23:31 +0000, Jelen, Petr (EXT) wrote:
> Dear all,
>
> We localized a bug in SLES11 SP4 RC1 x86_64 kernel. Description follows:
>
> ---- SLES11 SP4 RC1 x86_64 kernel crash ----------------------------------------------
>
> The kernel oops happens when accessing a symlink in a directory, which has sticky bit set and has another owner, than the symlink itself:
> In our case, there is a /opt/bin
>
> linux-SLES11-SP4-RC1:/ # ls -ld /opt/bin
> drwxrwxrwt 2 root root 4096 May 12 14:21 /opt/bin
>
> The problem is triggered, when a root process tries to access the symlink which has non-root ownership (bin:bin).
>
> linux-SLES11-SP4-RC1:/opt/bin # l cryco_*
> lrwxrwxrwx 1 bin bin 9 May 12 09:36 cryco_cleanup -> cryco_cmd*
> -r-xr-x--- 1 bin bin 255880 Apr 28 14:16 cryco_cmd*
> lrwxrwxrwx 1 bin bin 9 May 12 09:36 cryco_new -> cryco_cmd*
>
> If I try to read the file through the symlink, I get “No such file or directory” error:
> linux-SLES11-SP4-RC1:/opt/bin # ldd /opt/bin/cryco_new
> ldd: /opt/bin/cryco_new: No such file or directory
>
> If I try to execute it, kernel crashes “Oops”
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
>
> When I change the symlink ownership to root:root, then it works normally:
> linux-SLES11-SP4-RC1:/opt/bin # l cryco_*
> lrwxrwxrwx 1 bin bin 9 May 12 09:36 cryco_cleanup -> cryco_cmd*
> -r-xr-x--- 1 bin bin 255880 Apr 28 14:16 cryco_cmd*
> lrwxrwxrwx 1 root root 9 May 12 09:36 cryco_new -> cryco_cmd*
>
> linux-SLES11-SP4-RC1:/opt/bin # ldd /opt/bin/cryco_new
> linux-vdso.so.1 => (0x00007ffcfa48b000)
> libc.so.6 => /lib64/libc.so.6 (0x00007f31e619d000)
> /lib64/ld-linux-x86-64.so.2 (0x00007f31e654e000)
>
> Steps to reproduce the bug on SLES11 SP4 RC1:
>
> 1. mkdir /root/dir_sticky
>
> 2. chmod 777 /root/dir_sticky
>
> 3. chmod +t /root/dir_sticky
>
> 4. chown root:root /root/dir_sticky
>
> 5. ln -s /bin/true /root/dir_sticky/true_link
>
> 6. chown -h bin:bin /root/dir_sticky/true_link
>
> 7. ls -H /root/dir_sticky/true_link
> ls: cannot access /root/dir_sticky/true_link: Permission denied
>
> 8. /root/dir_sticky/true_link --> will cause kernel crash and reboot
>
>
>
> If possible, deliver us the fixed kernel rpm before rc2, to confirm, that the bug is fixed.
>
> Thank you in advance,
> Petr Jelen
> +420266061220
>
--
Stefan Behlert, SUSE LINUX
Release Manager Enterprise Server
Maxfeldstr. 5, D-90409 Nuernberg, Germany
Phone +49-911-74053-173
SUSE LINUX GmbH, Nuernberg; GF: Felix Imendoerffer, Jane Smithard, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nuernberg)
More information about the sles-beta
mailing list