I'm running a server with SuSE 7.1 and kernel 2.2.19 (self-made with openwall patch). I have really tight security, and one problem: If used by a normal user, passwd hangs (after successfully changing the password!) with 100% cpu load. It can only be killed by root, ctrl-c does not work, and because of the procfs patch, the user can't see his passwd process (it is running as root, because it is suid). I never had any problems like that, another server with suse 6.3 and openwall patch works fine. If root tells the user the right PID, he can kill -9 the passwd process. strace doesn't work with suid root executables, and as root it works as it should. any hints? thank you Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
I'm running a server with SuSE 7.1 and kernel 2.2.19 (self-made with openwall patch). I have really tight security, and one problem: If used by a normal user, passwd hangs (after successfully changing the password!) with 100% cpu load. It can only be killed by root, ctrl-c does not work, and because of the procfs patch, the user can't see his passwd process (it is running as root, because it is suid). I never had any problems like that, another server with suse 6.3 and openwall patch works fine. If root tells the user the right PID, he can kill -9 the passwd process. strace doesn't work with suid root executables, and as root it works as it should.
I haven't heard of a problem like this yet. I would bet that the process loops in system calls, retrying something that fails. YOu should be able to see what it is by strace'ing it. Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -
I'm running a server with SuSE 7.1 and kernel 2.2.19 (self-made with openwall patch). I have really tight security, and one problem: If used by a normal user, passwd hangs (after successfully changing the password!) with 100% cpu load. It can only be killed by root, ctrl-c does not work, and because of the procfs patch, the user can't see his passwd process (it is running as root, because it is suid). I never had any problems like that, another server with suse 6.3 and openwall patch works fine. If root tells the user the right PID, he can kill -9 the passwd process. strace doesn't work with suid root executables, and as root it works as it should. I would bet that the process loops in system calls, retrying something that fails. YOu should be able to see what it is by strace'ing it. ok, now i got an strace: as root: write(1, "Password changed\n", 17) = 17 munmap(0x2cc000, 43588) = 0 munmap(0x2f2000, 46992) = 0 munmap(0x2e7000, 41072) = 0 munmap(0x2dd000, 39548) = 0 munmap(0x128000, 18636) = 0 munmap(0x2d7000, 7708) = 0 munmap(0x2db000, 4096) = 0 _exit(0) = ? and as normal user: write(1, "Password changed\n", 17) = 17 munmap(0x2ab000, 43588) = 0 munmap(0x2d1000, 46992) = 0 munmap(0x2c6000, 41072) = 0 munmap(0x2bc000, 39548) = 0 ---NOW it hangs :( where can I find information about munmap?
thank you Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
I would bet that the process loops in system calls, retrying something that fails. YOu should be able to see what it is by strace'ing it. ok, now i got an strace: as root: write(1, "Password changed\n", 17) = 17 munmap(0x2cc000, 43588) = 0 munmap(0x2f2000, 46992) = 0 munmap(0x2e7000, 41072) = 0 munmap(0x2dd000, 39548) = 0 munmap(0x128000, 18636) = 0 munmap(0x2d7000, 7708) = 0 munmap(0x2db000, 4096) = 0 _exit(0) = ? and as normal user: write(1, "Password changed\n", 17) = 17 munmap(0x2ab000, 43588) = 0 munmap(0x2d1000, 46992) = 0 munmap(0x2c6000, 41072) = 0 munmap(0x2bc000, 39548) = 0 ---NOW it hangs :( where can I find information about munmap?
I was wrong. It loops in its own routines. This is now off-topic (not security related). Markus, please send me an ltrace (instead of an strace) of it, or run it in some debugger (as normal user, make /etc/shadow world-writeable, remove the suid-bit and see if it still loops.).
thank you
Markus
Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -
participants (2)
-
Markus Gaugusch -
Roman Drahtmueller