Bug 19978

Summary: /usr/bin/make segfaults w/o Makefile for root (over NFS)
Product: Base System Reporter: pfeifer <pfeifer>
Component: binAssignee: Will Andrews <will>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.0-RELEASE   
Hardware: Any   
OS: Any   

Description pfeifer 2000-07-17 12:20:01 UTC 
Executing /usr/bin/make as root in an NFS-mounted directory belonging
to a regular user with limited permissions (0770) causes a core dump.

Fix: 

GNU make gets this right:

  taygeta# /sw/gnu/bin/gmake
  gmake: *** No targets specified and no makefile found.  Stop.
How-To-Repeat: /sw/test is NFS mounted (v2/UDP) from a Solaris 2.6 box.

taygeta:/sw/test% mkdir x
taygeta:/sw/test% chmod 0770 x
taygeta:/sw/test% ls -la x
total 2
drwxrwx---  2 pfeifer  staff     512 Jul 17 13:08 .
drwxrwx---  8 pfeifer  operator  512 Jul 17 13:08 ..
taygeta:/sw/test% su root
taygeta# make
Segmentation fault
Comment 1 Will Andrews freebsd_committer freebsd_triage 2000-09-29 21:43:49 UTC 
Responsible Changed
From-To: freebsd-bugs->will

Over to MAINTAINER.
Comment 2 Will Andrews freebsd_committer freebsd_triage 2000-10-09 06:04:34 UTC 
State Changed
From-To: open->closed

Does not happen for me.  Probably a NFS fluke with Solaris.
Comment 3 pfeifer 2000-10-09 09:04:23 UTC 
On Sun, 8 Oct 2000 will@freebsd.org wrote:
> Synopsis: /usr/bin/make segfaults w/o Makefile for root (over NFS)
> 
> State-Changed-From-To: open->closed
> State-Changed-By: will
> State-Changed-When: Sun Oct 8 22:04:34 PDT 2000
> State-Changed-Why: 
> Does not happen for me.  Probably a NFS fluke with Solaris.

First of all, if it *was* a NFS fluke with Solaris, it still would be
a bug. After all a FreeBSD program *is* crashing (ls for example, works
as expected) and Solaris NFS *is* the standard everone else has to be
measured again.

Second, and more important: I just managed to reproduce this on an NFS
mount from a 4.1-RELEASE client to a 4.1-RELEASE server (NFS v2, UDP).

  deneb[81]:/sw/FreeBSD% ls -lad 00TEST/
  drwx------  2 pfeifer  sysop  512 Oct  9 09:57 00TEST/
  deneb[82]:/sw/FreeBSD% cd 00TEST/
  deneb[83]:/sw/FreeBSD/00TEST% su
  Password:
  deneb# make
  Segmentation fault

Please reopen this PR.

Gerald
-- 
Gerald "Jerry" pfeifer@dbai.tuwien.ac.at http://www.dbai.tuwien.ac.at/~pfeifer/
Comment 4 dwmalone freebsd_committer freebsd_triage 2000-11-05 15:15:16 UTC 
State Changed
From-To: closed->open

Reopened at submitters request.
Comment 5 pfeifer 2000-11-05 22:35:09 UTC 
On Sun, 5 Nov 2000, David Malone wrote:
> I've reopened the PR.

Thanks!

> Can you either get a back trace of the core from make using gdb or
> ktrace it, so we can see what it was doing when it died?

I've done both! ;-) This is on 4.1-RELEASE with make from the current
CVS tree:

 #0  Dir_Init () at dir.c:231
 231         dot->refCount += 1;
 (gdb) bt
 #0  Dir_Init () at dir.c:231
 #1  0x8051e10 in main (argc=1, argv=0xbfbff964) at main.c:652
 #2  0x8049745 in _start ()

and

 15545 make     CALL  stat(0xbfbff4b0,0xbfbfebe4)
 15545 make     NAMI  "obj.i386"
 15545 make     RET   stat -1 errno 13 Permission denied
 15545 make     CALL  stat(0x805c78f,0xbfbfebe4)
 15545 make     NAMI  "obj"
 15545 make     RET   stat -1 errno 13 Permission denied
 15545 make     CALL  stat(0xbfbff4b0,0xbfbfebe4)
 15545 make     NAMI  ".../x" ---- THIS IS THE UNREADABLE DIRECTORY! ----
 15545 make     RET   stat -1 errno 2 No such file or directory
 15545 make     CALL  readlink(0x280f4154,0xbfbfeb74,0x3f)
 15545 make     NAMI  "/etc/malloc.conf"
 15545 make     RET   readlink -1 errno 2 No such file or directory
 15545 make     CALL  mmap(0,0x1000,0x3,0x1002,0xffffffff,0,0,0)
 15545 make     RET   mmap 672186368/0x2810c000
 15545 make     CALL  break(0x8062000)
 15545 make     RET   break 0
 15545 make     CALL  break(0x8063000)
 15545 make     RET   break 0
 15545 make     CALL  stat(0x805b887,0xbfbfeb64)
 15545 make     NAMI  "."
 15545 make     RET   stat 0
 15545 make     CALL  open(0x805b887,0x4,0x280f8190)
 15545 make     NAMI  "."
 15545 make     RET   open -1 errno 13 Permission denied
 15545 make     PSIG  SIGSEGV SIG_DFL
 15545 make     NAMI  "/tmp/make.core"

Gerald
-- 
Gerald "Jerry" pfeifer@dbai.tuwien.ac.at http://www.dbai.tuwien.ac.at/~pfeifer/
Comment 6 Bruce Evans 2000-11-07 10:29:39 UTC 
On Sun, 5 Nov 2000, Gerald Pfeifer wrote:

> On Sun, 5 Nov 2000, David Malone wrote:
> > I've reopened the PR.
> 
> Thanks!
> 
> > Can you either get a back trace of the core from make using gdb or
> > ktrace it, so we can see what it was doing when it died?

>  15545 make     CALL  stat(0x805b887,0xbfbfeb64)
>  15545 make     NAMI  "."
>  15545 make     RET   stat 0
>  15545 make     CALL  open(0x805b887,0x4,0x280f8190)
>  15545 make     NAMI  "."
>  15545 make     RET   open -1 errno 13 Permission denied
>  15545 make     PSIG  SIGSEGV SIG_DFL
>  15545 make     NAMI  "/tmp/make.core"

This output made it easy to reproduce the bug in a simpler way:

    $ cd /tmp
    $ mkdir z
    $ cd z
    $ chmod 0 /tmp/z
    $ make
    Segmentation fault

Bruce
Comment 7 Peter Pentchev 2000-11-07 10:45:32 UTC 
Could the attached patch do something about it? It's against RELENG_4
(rev 1.10 of dir.c).

G'luck,
Peter

-- 
If this sentence were in Chinese, it would say something else.

On Tue, Nov 07, 2000 at 09:29:39PM +1100, Bruce Evans wrote:
> On Sun, 5 Nov 2000, Gerald Pfeifer wrote:
> 
> > On Sun, 5 Nov 2000, David Malone wrote:
> > > I've reopened the PR.
> > 
> > Thanks!
> > 
> > > Can you either get a back trace of the core from make using gdb or
> > > ktrace it, so we can see what it was doing when it died?
> 
> >  15545 make     CALL  stat(0x805b887,0xbfbfeb64)
> >  15545 make     NAMI  "."
> >  15545 make     RET   stat 0
> >  15545 make     CALL  open(0x805b887,0x4,0x280f8190)
> >  15545 make     NAMI  "."
> >  15545 make     RET   open -1 errno 13 Permission denied
> >  15545 make     PSIG  SIGSEGV SIG_DFL
> >  15545 make     NAMI  "/tmp/make.core"
> 
> This output made it easy to reproduce the bug in a simpler way:
> 
>     $ cd /tmp
>     $ mkdir z
>     $ cd z
>     $ chmod 0 /tmp/z
>     $ make
>     Segmentation fault

diff -urN src/usr.bin/make/dir.c mysrc/usr.bin/make/dir.c
--- src/usr.bin/make/dir.c	Sat Sep 11 16:08:01 1999
+++ mysrc/usr.bin/make/dir.c	Tue Nov  7 12:42:20 2000
@@ -225,6 +225,8 @@
      */
     Dir_AddDir (openDirectories, ".");
     dot = (Path *) Lst_DeQueue (openDirectories);
+    if (dot == (Path *) NIL)
+	err(1, "cannot open current directory");
 
     /*
      * We always need to have dot around, so we increment its reference count
Comment 8 Will Andrews 2000-11-07 13:26:48 UTC 
On Tue, Nov 07, 2000 at 03:10:05AM -0800, Bruce Evans wrote:
>  This output made it easy to reproduce the bug in a simpler way:
>  
>      $ cd /tmp
>      $ mkdir z
>      $ cd z
>      $ chmod 0 /tmp/z
>      $ make
>      Segmentation fault

Eek!  Shoo, bug!  Shoo!

-- 
wca
Comment 9 pfeifer 2000-12-28 19:48:51 UTC 
What happened to this PR?

Please note that it also contains a patch which fixes the problem!

Gerald
-- 
Gerald "Jerry" pfeifer@dbai.tuwien.ac.at http://www.dbai.tuwien.ac.at/~pfeifer/
Comment 10 Will Andrews freebsd_committer freebsd_triage 2001-02-10 07:14:55 UTC 
State Changed
From-To: open->suspended

Fixed; will be MFC'd to RELENG_[43] in 3 days (along with the bugfix for 
readdir() assumption, which has been in -current for a lot longer).
Comment 11 Will Andrews freebsd_committer freebsd_triage 2001-02-13 17:11:46 UTC 
State Changed
From-To: suspended->closed

MFC'd to RELENG_4 and RELENG_3 yesterday.