[Bug 1082230] New: mlmmj - subscribe causes a segfault
http://bugzilla.opensuse.org/show_bug.cgi?id=1082230 Bug ID: 1082230 Summary: mlmmj - subscribe causes a segfault Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: bnc-team-screening@forge.provo.novell.com Reporter: per@computer.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- See https://progress.opensuse.org/issues/31990 When someone attempts to subscribe to list "election-officials", mlmmj-sub segfaults. 2018-02-20T13:24:01.491613+00:00 baloo kernel: [3535355.455657] traps: mlmmj-sub[13393] general protection ip:7fe293ae9829 sp:7ffc29e1ab10 error:0 in libc-2.22.so[7fe293aa0000+198000]traps: 2018-02-20T13:24:01.559929+00:00 baloo systemd-coredump[13394]: Process 13393 (mlmmj-sub) of user 65534 dumped core. 2018-02-20T14:24:03.071636+00:00 baloo kernel: [3538957.035230] traps: mlmmj-sub[2410] general protection ip:7fba7d0f9829 sp:7ffe5b0730d0 error:0 in libc-2.22.so[7fba7d0b0000+198000]traps: 2018-02-20T14:24:03.143163+00:00 baloo systemd-coredump[2411]: Process 2410 (mlmmj-sub) of user 65534 dumped core. AFAICT, it is reproducable. I'll check out the core dumps and see if there is anything obvious. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1082230 http://bugzilla.opensuse.org/show_bug.cgi?id=1082230#c1 --- Comment #1 from Per Jessen <per@computer.org> --- in mlmmj-sub.c, line 87, mlmmj tries to create a file /var/spool/mlmmj/election-officials/ + /moderation/subscribe/something and fails, probably due to lack of permissions. When logging the error with a call of log_error(), there isn't sufficient parameters for the pattern. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1082230 http://bugzilla.opensuse.org/show_bug.cgi?id=1082230#c2 --- Comment #2 from Per Jessen <per@computer.org> --- Just taking notes for myself - the creation of that file is part of the moderated subscription process. The list is limited (control/submod), so the moderator has to be notified to approve or deny a subscription. In log_error() call, the name of the file to be created was left out . The filename is probably 'moderation/subscribeXXXXXXXXXXXXXXXX'. Aha - apparmor is getting in the way. apparmor="DENIED" operation="mknod" profile="/usr/bin/mlmmj-sub" name="/var/spool/mlmmj/election-officials/moderation/subscribe725c8faa3e83cae7" Great, that easily fixed then. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1082230 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aj@ajaissle.de, | |suse-beta@cboltz.de Assignee|bnc-team-screening@forge.pr |aj@ajaissle.de |ovo.novell.com | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1082230 http://bugzilla.opensuse.org/show_bug.cgi?id=1082230#c3 --- Comment #3 from Per Jessen <per@computer.org> --- Fix apparmor: diff -u a/usr.bin.mlmmj-sub b/usr.bin.mlmmj-sub --- a/usr.bin.mlmmj-sub 2018-02-22 09:44:29.971325820 +0000 +++ b/usr.bin.mlmmj-sub 2018-02-22 09:44:21.239673734 +0000 @@ -37,4 +37,6 @@ /var/spool/mlmmj/*/digesters.d/ rw, /var/spool/mlmmj/*/digesters.d/* rwk, + /var/spool/mlmmj/*/moderation/ rw, + } Fix mlmmj-sub: In mlmmj-sub.c line 90-100, insert 'modfilename' before 'str' in the log_error() calls (2). -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1082230 http://bugzilla.opensuse.org/show_bug.cgi?id=1082230#c4 --- Comment #4 from Per Jessen <per@computer.org> --- moderated subscription (control/submod) does not actually appear to work. Sigh. The process looks okay, but when someone tries to subscribe, the moderator (or whoever is listed in control/submod) is never notified. When the subscription is confirmed, it still never happens. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1082230 http://bugzilla.opensuse.org/show_bug.cgi?id=1082230#c5 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Other |AppArmor --- Comment #5 from Christian Boltz <suse-beta@cboltz.de> --- [setting component AppArmor to follow the major issue] (In reply to Per Jessen from comment #2)
apparmor="DENIED" operation="mknod" profile="/usr/bin/mlmmj-sub" name="/var/spool/mlmmj/election-officials/moderation/ subscribe725c8faa3e83cae7"
(In reply to Per Jessen from comment #3)
Fix apparmor: + /var/spool/mlmmj/*/moderation/ rw, + }
This rule does _not_ cover what you quote in the log event. Based on the log event, you'll need a rule like /var/spool/mlmmj/election-officials/moderation/subscribe* rw, (you didn't quote the requested permissions, so "rw" is only a guess)
Fix mlmmj-sub:
In mlmmj-sub.c line 90-100, insert 'modfilename' before 'str' in the log_error() calls (2).
That sounds like a logging improvement that should be implemented upstream ;-) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1082230 http://bugzilla.opensuse.org/show_bug.cgi?id=1082230#c6 --- Comment #6 from Per Jessen <per@computer.org> --- (In reply to Christian Boltz from comment #5)
[setting component AppArmor to follow the major issue]
(In reply to Per Jessen from comment #2)
apparmor="DENIED" operation="mknod" profile="/usr/bin/mlmmj-sub" name="/var/spool/mlmmj/election-officials/moderation/ subscribe725c8faa3e83cae7"
(In reply to Per Jessen from comment #3)
Fix apparmor: + /var/spool/mlmmj/*/moderation/ rw, + }
This rule does _not_ cover what you quote in the log event. Based on the log event, you'll need a rule like
/var/spool/mlmmj/election-officials/moderation/subscribe* rw,
(you didn't quote the requested permissions, so "rw" is only a guess)
Hi Christian Hmm, that's true. Interesting - I added that rule, and now I don't get the segfault. I'll try this instead: /var/spool/mlmmj/election-officials/moderation/* rw, -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1082230 http://bugzilla.opensuse.org/show_bug.cgi?id=1082230#c7 --- Comment #7 from Per Jessen <per@computer.org> --- (In reply to Per Jessen from comment #6)
Hmm, that's true. Interesting - I added that rule, and now I don't get the segfault. I'll try this instead:
/var/spool/mlmmj/election-officials/moderation/* rw,
Okay, this one works: /var/spool/mlmmj/election-officials/moderation/* rw, Moderated subscriptions now also work. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1082230 http://bugzilla.opensuse.org/show_bug.cgi?id=1082230#c8 --- Comment #8 from Per Jessen <per@computer.org> --- (In reply to Per Jessen from comment #7)
Okay, this one works:
/var/spool/mlmmj/election-officials/moderation/* rw,
Moderated subscriptions now also work.
THis one of course: /var/spool/mlmmj/*/moderation/* rw, -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1082230 http://bugzilla.opensuse.org/show_bug.cgi?id=1082230#c9 --- Comment #9 from Christian Boltz <suse-beta@cboltz.de> --- I took the liberty to login on baloo, and noticed two groups of denials: profile /usr/bin/mlmmj-receive /var/spool/mlmmj-gone/gone2/incoming/* rw, Any idea what the difference between /var/spool/mlmmj/ and /var/spool/mlmmj-gone/ is and if allowing this makes sense? profile /usr/bin/mlmmj-sub /var/spool/mlmmj/*/moderation/subscribe* rw, .../moderation/* of course also works, but I'd tend to restrict mlmmj to .../moderation/subscribe* - given the binary name, I hope it doesn't do other things ;-) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1082230 http://bugzilla.opensuse.org/show_bug.cgi?id=1082230#c10 --- Comment #10 from Per Jessen <per@computer.org> --- (In reply to Christian Boltz from comment #9)
I took the liberty to login on baloo, and noticed two groups of denials:
profile /usr/bin/mlmmj-receive /var/spool/mlmmj-gone/gone2/incoming/* rw,
Any idea what the difference between /var/spool/mlmmj/ and /var/spool/mlmmj-gone/ is and if allowing this makes sense?
I have no idea what mlmmj-gone is - I have chosen to leave it alone. I would not add it to the profile.
profile /usr/bin/mlmmj-sub /var/spool/mlmmj/*/moderation/subscribe* rw,
.../moderation/* of course also works, but I'd tend to restrict mlmmj to .../moderation/subscribe* - given the binary name, I hope it doesn't do other things ;-)
That's probably fine. I've grepped the source and mlmmj-process is the only other one that touches /moderation/, and that's already in the profile. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1082230 http://bugzilla.opensuse.org/show_bug.cgi?id=1082230#c11 --- Comment #11 from Christian Boltz <suse-beta@cboltz.de> --- mlmmj-sub fixed upstream (including backport to 2.9.x up to 2.12.x): https://gitlab.com/apparmor/apparmor/merge_requests/70 The mlmmj profiles are in the "extra" directory and aren't active by default, therefore I won't submit an update just for this. Of course,the next maintenance update (whenever I submit it) will include the fix. (In reply to Christian Boltz from comment #5)
Fix mlmmj-sub:
In mlmmj-sub.c line 90-100, insert 'modfilename' before 'str' in the log_error() calls (2).
That sounds like a logging improvement that should be implemented upstream ;-)
This part is still unfixed - Per or Aeneas, can one of you please push this upstream? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1082230 http://bugzilla.opensuse.org/show_bug.cgi?id=1082230#c12 Per Jessen <per@computer.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #12 from Per Jessen <per@computer.org> --- (In reply to Christian Boltz from comment #11)
This part is still unfixed - Per or Aeneas, can one of you please push this upstream?
I have posted a patch to the mlmmj mailing list, hopefully that will be enough. Closing this report. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1082230 http://bugzilla.opensuse.org/show_bug.cgi?id=1082230#c13 --- Comment #13 from Per Jessen <per@computer.org> --- Created attachment 763068 --> http://bugzilla.opensuse.org/attachment.cgi?id=763068&action=edit patch for mlmmj-sub.c -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com