[Aide] aide segfault when using acls

Discussion:

John Ratliff

2018-02-21 18:31:01 UTC

A couple weeks back, my daily AIDE jobs started failing. I've traced it
to using acl in my config. If I remove them, it no longer segfaults. I'm
not sure why this is happening.

I'm using Debian 8 Jessie. I've used the packaged version of aide, and
I've also built it from source from the 0.16 tarball and the last daily
tarball release. This made no difference.

Is there a way I can find out why this is happening and what to do to
fix it?

Thanks.

Hannes von Haugwitz

2018-02-22 13:01:07 UTC

Permalink

Hi John,

A couple weeks back, my daily AIDE jobs started failing. I've traced it to
using acl in my config. If I remove them, it no longer segfaults. I'm not
sure why this is happening.
I'm using Debian 8 Jessie. I've used the packaged version of aide, and I've
also built it from source from the 0.16 tarball and the last daily tarball
release. This made no difference.
Is there a way I can find out why this is happening and what to do to fix
it?

Can you reproduce your issue with a single file configuration:

/path/to/file$ p+acl

?

If yes, please provide the output of

$ getfacl /path/to/file

Thanks

Best regards

Hannes

John Ratliff

2018-02-28 14:47:06 UTC

Permalink

Post by Hannes von Haugwitz
Hi John,

A couple weeks back, my daily AIDE jobs started failing. I've traced it to
using acl in my config. If I remove them, it no longer segfaults. I'm not
sure why this is happening.
I'm using Debian 8 Jessie. I've used the packaged version of aide, and I've
also built it from source from the 0.16 tarball and the last daily tarball
release. This made no difference.
Is there a way I can find out why this is happening and what to do to fix
it?

/path/to/file$ p+acl
?

database = file:/root/temp/aide.db.gz
database_out = file:/root/temp/aide.db.new.gz
database_new = file:/root/temp/aide.db.new.gz
gzip_dbout = yes
verbose = 10

report_url = stdout

/var/www/smithville.com/htdocs/xmlrpc.php p+acl

Post by Hannes von Haugwitz
If yes, please provide the output of
$ getfacl /path/to/file

# getfacl /var/www/smithville.com/htdocs/xmlrpc.php
getfacl: Removing leading '/' from absolute path names
# file: var/www/smithville.com/htdocs/xmlrpc.php
# owner: www-data
# group: www-data
user::rw-
group::r--
group:mek:rw-
mask::rw-
other::r--

Yes, it segfaulted. The group mek is in our RedHat Idm solution. If I
remove the ACL from that file, the segfault goes away.

Thanks.

dreamwvr

2018-02-21 01:29:41 UTC

Permalink

If this is occurring it is a read file overflow problem. :(
I will say that much.. they would want the version and
the likely the file contents sent the conditions that
create the SEGV.
Best Regards,

Post by John Ratliff
A couple weeks back, my daily AIDE jobs started failing. I've traced
it to using acl in my config. If I remove them, it no longer
segfaults. I'm not sure why this is happening.
I'm using Debian 8 Jessie. I've used the packaged version of aide,
and I've also built it from source from the 0.16 tarball and the
last daily tarball release. This made no difference.
Is there a way I can find out why this is happening and what to do
to fix it?
Thanks.
_______________________________________________
Aide mailing list
https://www.ipi.fi/mailman/listinfo/aide
!DSPAM:5a8bb264196351429914202!