[Bug 2024585] Re: dbus-daemon segfault if group lookup fails

Thu Jun 22 19:53:01 UTC 2023

Done. I found someone else reporting a problem that had the same
underlying cause, which led to an interesting conversation with a
developer. You can read it here:
https://gitlab.freedesktop.org/dbus/dbus/-/issues/343

The tl;dr version is to use dbus 1.14.x in which the code path that
triggers the fault is replaced by SO_PEERGROUPS.

This makes it immune to nss disappearing under its feet, though it is a slight change in behaviour. When applying a policy, it will be the user's current groups that count, rather than the groups they would get if they logged in now.

Peter

** Bug watch added: gitlab.freedesktop.org/dbus/dbus/-/issues #343
   https://gitlab.freedesktop.org/dbus/dbus/-/issues/343

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dbus in Ubuntu.
https://bugs.launchpad.net/bugs/2024585

Title:
  dbus-daemon segfault if group lookup fails

Status in dbus package in Ubuntu:
  New

Bug description:
  Ubuntu release: Ubuntu 22.04.2 LTS (but also tested on Ubuntu 20.04.6 LTS)
  dbus version: 1.12.20-2ubuntu4.1

  This is related to
  https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2023598, in which
  an sssd was upgraded before its libraries. This caused dbus-daemon to
  crash, which in turn ended the user's X session along with many other
  programs. It also triggered NetworkManager to exit so it was no longer
  doing DHCP renewals; he network connection was lost a few hours later
  when the lease expired.

  The failure of dbus-daemon was triggered by it reloading its
  configuration while group lookups were not functioning, which revealed
  an error in the dbus's error handling code.

  The failure happened in two stages.

  First, it failed to load the policy, and reported this error:
  dbus-daemon[1207]: Unable to reload configuration: (null)

  Then, a few seconds later, dbus-daemon reloaded its config again, and
  this time it segfaulted.

  dbus-daemon[1207]: segfault at 0 ip 00005602b18336e4 sp 00007ffe2579de28 error 6 in dbus-daemon[5602b181b000+24000]
  Code: 00 00 00 48 83 c4 08 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 83 07 01 48 89 f8 c3
        0f 1f 44 00 00 f3 0f 1e fa <83> 2f 01 74 07 c3 66 0f 1f 44 00 00 e9 bb fb ff ff 66 66 2e 0f 1f

  The code corresponds to policy->refcount -= 1, inside
  bus_client_policy_unref(). This error can only happen if policy was
  NULL on entry.

  bus_connections_reload_policy() has this code:

  // connection.c line 1644
        bus_client_policy_unref (d->policy);
        d->policy = bus_context_create_client_policy (connections->context,
                                                      connection,
                                                      error);
        if (d->policy == NULL)
          {
            _dbus_verbose ("Failed to create security policy for connection %p\n",
                        connection);
            _DBUS_ASSERT_ERROR_IS_SET (error);
            return FALSE;
          }

  If bus_context_create_client_policy fails, the code decrements the
  policy reference count and sets d->policy to NULL. The second time
  round, the reference count is decremented again, but policy is already
  NULL from last time round, hence the crash.

  I've included a patch that I think should fix the error, but note that
  it is not well tested!

  Peter

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/2024585/+subscriptions