From nobody@FreeBSD.ORG  Mon Jul 17 04:17:18 2000
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id D2A2C37B8C8; Mon, 17 Jul 2000 04:17:18 -0700 (PDT)
Message-Id: <20000717111718.D2A2C37B8C8@hub.freebsd.org>
Date: Mon, 17 Jul 2000 04:17:18 -0700 (PDT)
From: pfeifer@dbai.tuwien.ac.at
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@FreeBSD.org
Subject: /usr/bin/make segfaults w/o Makefile for root (over NFS)
X-Send-Pr-Version: www-1.0

>Number:         19978
>Category:       bin
>Synopsis:       /usr/bin/make segfaults w/o Makefile for root (over NFS)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    will
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 17 04:20:01 PDT 2000
>Closed-Date:    Tue Feb 13 09:11:46 PST 2001
>Last-Modified:  Tue Feb 13 09:12:11 PST 2001
>Originator:     Gerald Pfeifer
>Release:        4.0-RELEASE
>Organization:
>Environment:
FreeBSD taygeta.dbai.tuwien.ac.at 4.0-RELEASE FreeBSD 4.0-RELEASE #0:
Wed Jul 12 21:20:37 CEST 2000
root@taygeta.dbai.tuwien.ac.at:/usr/src/sys/compile/GERALD_MADE_4.0 i386

(This is a regular kernel with USER_LDT enabled.)
>Description:
Executing /usr/bin/make as root in an NFS-mounted directory belonging
to a regular user with limited permissions (0770) causes a core dump.
>How-To-Repeat:
/sw/test is NFS mounted (v2/UDP) from a Solaris 2.6 box.

taygeta:/sw/test% mkdir x
taygeta:/sw/test% chmod 0770 x
taygeta:/sw/test% ls -la x
total 2
drwxrwx---  2 pfeifer  staff     512 Jul 17 13:08 .
drwxrwx---  8 pfeifer  operator  512 Jul 17 13:08 ..
taygeta:/sw/test% su root
taygeta# make
Segmentation fault

>Fix:
GNU make gets this right:

  taygeta# /sw/gnu/bin/gmake
  gmake: *** No targets specified and no makefile found.  Stop.


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->will 
Responsible-Changed-By: will 
Responsible-Changed-When: Fri Sep 29 13:43:49 PDT 2000 
Responsible-Changed-Why:  
Over to MAINTAINER. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19978 
State-Changed-From-To: open->closed 
State-Changed-By: will 
State-Changed-When: Sun Oct 8 22:04:34 PDT 2000 
State-Changed-Why:  
Does not happen for me.  Probably a NFS fluke with Solaris. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19978 

From: Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at>
To: will@freebsd.org, bugs@freebsd.org
Cc: gnats-submit@freebsd.org
Subject: Re: bin/19978: /usr/bin/make segfaults w/o Makefile for root (over
 NFS)
Date: Mon, 9 Oct 2000 10:04:23 +0200 (CEST)

 On Sun, 8 Oct 2000 will@freebsd.org wrote:
 > Synopsis: /usr/bin/make segfaults w/o Makefile for root (over NFS)
 > 
 > State-Changed-From-To: open->closed
 > State-Changed-By: will
 > State-Changed-When: Sun Oct 8 22:04:34 PDT 2000
 > State-Changed-Why: 
 > Does not happen for me.  Probably a NFS fluke with Solaris.
 
 First of all, if it *was* a NFS fluke with Solaris, it still would be
 a bug. After all a FreeBSD program *is* crashing (ls for example, works
 as expected) and Solaris NFS *is* the standard everone else has to be
 measured again.
 
 Second, and more important: I just managed to reproduce this on an NFS
 mount from a 4.1-RELEASE client to a 4.1-RELEASE server (NFS v2, UDP).
 
   deneb[81]:/sw/FreeBSD% ls -lad 00TEST/
   drwx------  2 pfeifer  sysop  512 Oct  9 09:57 00TEST/
   deneb[82]:/sw/FreeBSD% cd 00TEST/
   deneb[83]:/sw/FreeBSD/00TEST% su
   Password:
   deneb# make
   Segmentation fault
 
 Please reopen this PR.
 
 Gerald
 -- 
 Gerald "Jerry" pfeifer@dbai.tuwien.ac.at http://www.dbai.tuwien.ac.at/~pfeifer/
 
 
 
State-Changed-From-To: closed->open 
State-Changed-By: dwmalone 
State-Changed-When: Sun Nov 5 07:15:16 PST 2000 
State-Changed-Why:  
Reopened at submitters request. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19978 

From: Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at>
To: David Malone <dwmalone@maths.tcd.ie>
Cc: <will@freebsd.org>, <bugs@freebsd.org>,
	<gnats-submit@freebsd.org>
Subject: Re: bin/19978: /usr/bin/make segfaults w/o Makefile for root (over
 NFS)
Date: Sun, 5 Nov 2000 23:35:09 +0100 (CET)

 On Sun, 5 Nov 2000, David Malone wrote:
 > I've reopened the PR.
 
 Thanks!
 
 > Can you either get a back trace of the core from make using gdb or
 > ktrace it, so we can see what it was doing when it died?
 
 I've done both! ;-) This is on 4.1-RELEASE with make from the current
 CVS tree:
 
  #0  Dir_Init () at dir.c:231
  231         dot->refCount += 1;
  (gdb) bt
  #0  Dir_Init () at dir.c:231
  #1  0x8051e10 in main (argc=1, argv=0xbfbff964) at main.c:652
  #2  0x8049745 in _start ()
 
 and
 
  15545 make     CALL  stat(0xbfbff4b0,0xbfbfebe4)
  15545 make     NAMI  "obj.i386"
  15545 make     RET   stat -1 errno 13 Permission denied
  15545 make     CALL  stat(0x805c78f,0xbfbfebe4)
  15545 make     NAMI  "obj"
  15545 make     RET   stat -1 errno 13 Permission denied
  15545 make     CALL  stat(0xbfbff4b0,0xbfbfebe4)
  15545 make     NAMI  ".../x" ---- THIS IS THE UNREADABLE DIRECTORY! ----
  15545 make     RET   stat -1 errno 2 No such file or directory
  15545 make     CALL  readlink(0x280f4154,0xbfbfeb74,0x3f)
  15545 make     NAMI  "/etc/malloc.conf"
  15545 make     RET   readlink -1 errno 2 No such file or directory
  15545 make     CALL  mmap(0,0x1000,0x3,0x1002,0xffffffff,0,0,0)
  15545 make     RET   mmap 672186368/0x2810c000
  15545 make     CALL  break(0x8062000)
  15545 make     RET   break 0
  15545 make     CALL  break(0x8063000)
  15545 make     RET   break 0
  15545 make     CALL  stat(0x805b887,0xbfbfeb64)
  15545 make     NAMI  "."
  15545 make     RET   stat 0
  15545 make     CALL  open(0x805b887,0x4,0x280f8190)
  15545 make     NAMI  "."
  15545 make     RET   open -1 errno 13 Permission denied
  15545 make     PSIG  SIGSEGV SIG_DFL
  15545 make     NAMI  "/tmp/make.core"
 
 Gerald
 -- 
 Gerald "Jerry" pfeifer@dbai.tuwien.ac.at http://www.dbai.tuwien.ac.at/~pfeifer/
 
 
 

From: Peter Pentchev <roam@orbitel.bg>
To: Bruce Evans <bde@zeta.org.au>
Cc: Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at>,
	David Malone <dwmalone@maths.tcd.ie>, will@FreeBSD.ORG,
	bugs@FreeBSD.ORG, gnats-submit@FreeBSD.ORG
Subject: Re: bin/19978: /usr/bin/make segfaults w/o Makefile for root (over NFS)
Date: Tue, 7 Nov 2000 12:45:32 +0200

 Could the attached patch do something about it? It's against RELENG_4
 (rev 1.10 of dir.c).
 
 G'luck,
 Peter
 
 -- 
 If this sentence were in Chinese, it would say something else.
 
 On Tue, Nov 07, 2000 at 09:29:39PM +1100, Bruce Evans wrote:
 > On Sun, 5 Nov 2000, Gerald Pfeifer wrote:
 > 
 > > On Sun, 5 Nov 2000, David Malone wrote:
 > > > I've reopened the PR.
 > > 
 > > Thanks!
 > > 
 > > > Can you either get a back trace of the core from make using gdb or
 > > > ktrace it, so we can see what it was doing when it died?
 > 
 > >  15545 make     CALL  stat(0x805b887,0xbfbfeb64)
 > >  15545 make     NAMI  "."
 > >  15545 make     RET   stat 0
 > >  15545 make     CALL  open(0x805b887,0x4,0x280f8190)
 > >  15545 make     NAMI  "."
 > >  15545 make     RET   open -1 errno 13 Permission denied
 > >  15545 make     PSIG  SIGSEGV SIG_DFL
 > >  15545 make     NAMI  "/tmp/make.core"
 > 
 > This output made it easy to reproduce the bug in a simpler way:
 > 
 >     $ cd /tmp
 >     $ mkdir z
 >     $ cd z
 >     $ chmod 0 /tmp/z
 >     $ make
 >     Segmentation fault
 
 diff -urN src/usr.bin/make/dir.c mysrc/usr.bin/make/dir.c
 --- src/usr.bin/make/dir.c	Sat Sep 11 16:08:01 1999
 +++ mysrc/usr.bin/make/dir.c	Tue Nov  7 12:42:20 2000
 @@ -225,6 +225,8 @@
       */
      Dir_AddDir (openDirectories, ".");
      dot = (Path *) Lst_DeQueue (openDirectories);
 +    if (dot == (Path *) NIL)
 +	err(1, "cannot open current directory");
  
      /*
       * We always need to have dot around, so we increment its reference count
 

From: Bruce Evans <bde@zeta.org.au>
To: Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at>
Cc: David Malone <dwmalone@maths.tcd.ie>, will@freebsd.org,
	bugs@freebsd.org, gnats-submit@freebsd.org
Subject: Re: bin/19978: /usr/bin/make segfaults w/o Makefile for root (over
 NFS)
Date: Tue, 7 Nov 2000 21:29:39 +1100 (EST)

 On Sun, 5 Nov 2000, Gerald Pfeifer wrote:
 
 > On Sun, 5 Nov 2000, David Malone wrote:
 > > I've reopened the PR.
 > 
 > Thanks!
 > 
 > > Can you either get a back trace of the core from make using gdb or
 > > ktrace it, so we can see what it was doing when it died?
 
 >  15545 make     CALL  stat(0x805b887,0xbfbfeb64)
 >  15545 make     NAMI  "."
 >  15545 make     RET   stat 0
 >  15545 make     CALL  open(0x805b887,0x4,0x280f8190)
 >  15545 make     NAMI  "."
 >  15545 make     RET   open -1 errno 13 Permission denied
 >  15545 make     PSIG  SIGSEGV SIG_DFL
 >  15545 make     NAMI  "/tmp/make.core"
 
 This output made it easy to reproduce the bug in a simpler way:
 
     $ cd /tmp
     $ mkdir z
     $ cd z
     $ chmod 0 /tmp/z
     $ make
     Segmentation fault
 
 Bruce
 
 

From: Will Andrews <will@physics.purdue.edu>
To: Bruce Evans <bde@zeta.org.au>
Cc: FreeBSD-gnats-submit@FreeBSD.org,
	Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at>
Subject: Re: bin/19978: /usr/bin/make segfaults w/o Makefile for root (over NFS)
Date: Tue, 7 Nov 2000 08:26:48 -0500

 On Tue, Nov 07, 2000 at 03:10:05AM -0800, Bruce Evans wrote:
 >  This output made it easy to reproduce the bug in a simpler way:
 >  
 >      $ cd /tmp
 >      $ mkdir z
 >      $ cd z
 >      $ chmod 0 /tmp/z
 >      $ make
 >      Segmentation fault
 
 Eek!  Shoo, bug!  Shoo!
 
 -- 
 wca
 

From: Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at>
To: <freebsd-gnats-submit@freebsd.org>
Cc: Will Andrews <will@physics.purdue.edu>
Subject: Re: bin/19978: /usr/bin/make segfaults w/o Makefile for root (overNFS)
Date: Thu, 28 Dec 2000 20:48:51 +0100 (CET)

 What happened to this PR?
 
 Please note that it also contains a patch which fixes the problem!
 
 Gerald
 -- 
 Gerald "Jerry" pfeifer@dbai.tuwien.ac.at http://www.dbai.tuwien.ac.at/~pfeifer/
 
 
State-Changed-From-To: open->suspended 
State-Changed-By: will 
State-Changed-When: Fri Feb 9 23:14:55 PST 2001 
State-Changed-Why:  
Fixed; will be MFC'd to RELENG_[43] in 3 days (along with the bugfix for 
readdir() assumption, which has been in -current for a lot longer). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19978 
State-Changed-From-To: suspended->closed 
State-Changed-By: will 
State-Changed-When: Tue Feb 13 09:11:46 PST 2001 
State-Changed-Why:  
MFC'd to RELENG_4 and RELENG_3 yesterday. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19978 
>Unformatted:
