[Pkg-javascript-devel] Bug#912986: Bug#912986: nodejs segfaults in selinux enforcing mode
Bernhard Übelacker
bernhardu at mailbox.org
Mon Nov 5 19:08:11 GMT 2018
Hello Jade McCormick,
I just tried to reproduce this issue too.
I started inside an testing amd64 qemu VM and applied
the instructions from [1] to enable selinux,
and set it by "setenforce 1" from permissive mode to
enforcing mode.
Then I did not find a "yarn" command related to nodejs,
therefore I assumed this is installed using instructions from [2]?
I hit a SIGILL, but isn't this intentional, as nodejs uses
some JIT transformations and probably needs to be explicitly
allowed to execute that way?
You probably could provide at least the console output of
your "yarn init" command and if you have really installed it
from [2]?
Some more details on my attempt are in attached file.
Kind regards,
Bernhard
[1] https://wiki.debian.org/SELinux/Setup
[2] https://yarnpkg.com/lang/en/docs/install/#debian-stable
-------------- next part --------------
# current amd64 testing qemu VM
apt update
apt dist-upgrade
https://wiki.debian.org/SELinux
https://wiki.debian.org/SELinux/Setup
apt-get install selinux-basics selinux-policy-default auditd
selinux-activate
reboot
root at debian:~# check-selinux-installation
Traceback (most recent call last):
File "/usr/sbin/check-selinux-installation", line 33, in <module>
results += test.test()
File "/usr/share/selinux-basics/tests/24_fsckfix.py", line 24, in test
raise IOError("/etc/default/rcS not found, is this Debian?")
OSError: /etc/default/rcS not found, is this Debian?
--> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860522
audit2why -al
# Show audit messages where policy would be broken
setenforce 1
# Change to "enforcing mode"
apt install curl gnupg2
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
apt update
apt install nodejs yarn systemd-coredump gdb
export LANG=C
benutzer at debian:~$ yarn init
<--- Last few GCs --->
[2152:0x55fb74c34820] 1215710 ms: Mark-sweep 0.1 (3.0) -> 0.1 (2.0) MB, 0.3 / 0.0 ms allocation failure GC in old space requested
[2152:0x55fb74c34820] 1215711 ms: Mark-sweep 0.1 (2.0) -> 0.1 (2.0) MB, 0.3 / 0.0 ms last resort GC in old space requested
[2152:0x55fb74c34820] 1215711 ms: Mark-sweep 0.1 (2.0) -> 0.1 (2.0) MB, 0.2 / 0.0 ms last resort GC in old space requested
<--- JS stacktrace --->
#
# Fatal javascript OOM in CALL_AND_RETRY_LAST
#
Illegal instruction (core dumped)
[ 1215.733337] traps: node[2152] trap invalid opcode ip:55fb73c0ae89 sp:7fff66519608 error:0 in node[55fb72f72000+1118000]
root at debian:~# coredumpctl list
TIME PID UID GID SIG COREFILE EXE
Mon 2018-11-05 19:37:46 CET 2152 1000 1000 4 none /usr/bin/node
root at debian:~# coredumpctl gdb 2152
PID: 2152 (node)
UID: 1000 (benutzer)
GID: 1000 (benutzer)
Signal: 4 (ILL)
Timestamp: Mon 2018-11-05 19:37:46 CET (1min 29s ago)
Command Line: node /usr/share/yarn/bin/yarn.js init
Executable: /usr/bin/node
Control Group: /user.slice/user-1000.slice/session-5.scope
Unit: session-5.scope
Slice: user-1000.slice
Session: 5
Owner UID: 1000 (benutzer)
Boot ID: a44a9c97142b4baea867cbd70d6d3a96
Machine ID: 32f43b50ac8c4b21941bc0b02f8e7811
Hostname: debian
Storage: none
Message: Process 2152 (node) of user 1000 dumped core.
Coredump entry has no core attached (neither internally in the journal nor externally on disk).
benutzer at debian:~$ gdb -q --args /bin/sh /usr/bin/yarn init
Reading symbols from /bin/sh...(no debugging symbols found)...done.
(gdb) run
Starting program: /bin/sh /usr/bin/yarn init
process 2316 is executing new program: /usr/bin/node
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff4c7d700 (LWP 2330)]
[New Thread 0x7ffff447c700 (LWP 2331)]
[New Thread 0x7ffff3c7b700 (LWP 2332)]
[New Thread 0x7ffff347a700 (LWP 2333)]
<--- Last few GCs --->
[2316:0x5555568e2820] 1390670 ms: Mark-sweep 0.1 (3.0) -> 0.1 (2.0) MB, 0.3 / 0.0 ms allocation failure GC in old space requested
[2316:0x5555568e2820] 1390670 ms: Mark-sweep 0.1 (2.0) -> 0.1 (2.0) MB, 0.3 / 0.0 ms last resort GC in old space requested
[2316:0x5555568e2820] 1390670 ms: Mark-sweep 0.1 (2.0) -> 0.1 (2.0) MB, 0.3 / 0.0 ms last resort GC in old space requested
<--- JS stacktrace --->
#
# Fatal javascript OOM in CALL_AND_RETRY_LAST
#
Thread 1 "node" received signal SIGILL, Illegal instruction.
0x00005555561ece89 in v8::base::OS::Abort() ()
(gdb) bt
#0 0x00005555561ece89 in v8::base::OS::Abort() ()
#1 0x0000555555aee9d2 in v8::Utils::ReportOOMFailure(char const*, bool) ()
#2 0x0000555555aeebd9 in v8::internal::V8::FatalProcessOutOfMemory(char const*, bool) ()
#3 0x0000555555e13219 in v8::internal::Factory::NewCode(v8::internal::CodeDesc const&, unsigned int, v8::internal::Handle<v8::internal::Object>, bool, int) ()
#4 0x0000555555c0402f in v8::internal::PlatformCodeStub::GenerateCode() ()
#5 0x0000555555c0422f in v8::internal::CodeStub::GetCode() ()
#6 0x00005555561d4474 in v8::internal::MacroAssembler::CallStub(v8::internal::CodeStub*) ()
#7 0x00005555561d453c in v8::internal::MacroAssembler::CallRuntime(v8::internal::Runtime::Function const*, int, v8::internal::SaveFPRegsMode) ()
#8 0x00005555561eeac8 in ?? ()
#9 0x00005555561eecae in v8::internal::SetupIsolateDelegate::PopulateWithPlaceholders(v8::internal::Isolate*) ()
#10 0x00005555561ef5df in v8::internal::SetupIsolateDelegate::SetupBuiltinsInternal(v8::internal::Isolate*) ()
#11 0x0000555555efae25 in v8::internal::Isolate::Init(v8::internal::StartupDeserializer*) ()
#12 0x0000555555b03e86 in v8::IsolateNewImpl(v8::internal::Isolate*, v8::Isolate::CreateParams const&) ()
#13 0x000055555599ce3f in node::Start(uv_loop_s*, int, char const* const*, int, char const* const*) ()
#14 0x0000555555995131 in node::Start(int, char**) ()
#15 0x00007ffff4cbfb17 in __libc_start_main (main=0x5555559608c0 <main>, argc=3, argv=0x7fffffffe648, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe638) at ../csu/libc-start.c:310
#16 0x00005555559609aa in _start ()
apt install nodejs-dbgsym
benutzer at debian:~$ gdb -q --args /bin/sh /usr/bin/yarn init
Reading symbols from /bin/sh...(no debugging symbols found)...done.
(gdb) run
Starting program: /bin/sh /usr/bin/yarn init
process 2418 is executing new program: /usr/bin/node
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff4c7d700 (LWP 2432)]
[New Thread 0x7ffff447c700 (LWP 2433)]
[New Thread 0x7ffff3c7b700 (LWP 2434)]
[New Thread 0x7ffff347a700 (LWP 2435)]
<--- Last few GCs --->
[2418:0x5555568e2820] 1797719 ms: Mark-sweep 0.1 (3.0) -> 0.1 (2.0) MB, 0.3 / 0.0 ms allocation failure GC in old space requested
[2418:0x5555568e2820] 1797719 ms: Mark-sweep 0.1 (2.0) -> 0.1 (2.0) MB, 0.2 / 0.0 ms last resort GC in old space requested
[2418:0x5555568e2820] 1797719 ms: Mark-sweep 0.1 (2.0) -> 0.1 (2.0) MB, 0.3 / 0.0 ms last resort GC in old space requested
<--- JS stacktrace --->
#
# Fatal javascript OOM in CALL_AND_RETRY_LAST
#
Thread 1 "node" received signal SIGILL, Illegal instruction.
v8::base::OS::Abort () at ../deps/v8/src/base/platform/platform-posix.cc:248
248 ../deps/v8/src/base/platform/platform-posix.cc: No such file or directory.
(gdb) set width 0
(gdb) set pagination off
(gdb) bt
#0 v8::base::OS::Abort () at ../deps/v8/src/base/platform/platform-posix.cc:248
#1 0x0000555555aee9d2 in v8::Utils::ReportOOMFailure (location=0x55555649ffd7 "CALL_AND_RETRY_LAST", is_heap_oom=<optimized out>) at ../deps/v8/src/api.cc:415
#2 0x0000555555aeebd9 in v8::internal::V8::FatalProcessOutOfMemory (location=location at entry=0x55555649ffd7 "CALL_AND_RETRY_LAST", is_heap_oom=is_heap_oom at entry=true) at ../deps/v8/src/api.cc:386
#3 0x0000555555e47eee in v8::internal::Heap::FatalProcessOutOfMemory (location=location at entry=0x55555649ffd7 "CALL_AND_RETRY_LAST", is_heap_oom=is_heap_oom at entry=true) at ../deps/v8/src/heap/heap.cc:6325
#4 0x0000555555e13219 in v8::internal::Factory::NewCodeRaw (immovable=false, object_size=384, this=0x5555568e2820) at ../deps/v8/src/factory.cc:1727
#5 v8::internal::Factory::NewCode (this=this at entry=0x5555568e2820, desc=..., flags=flags at entry=6, self_ref=..., immovable=<optimized out>, prologue_offset=prologue_offset at entry=-1) at ../deps/v8/src/factory.cc:1750
#6 0x0000555555c0402f in v8::internal::PlatformCodeStub::GenerateCode (this=0x7fffffffcbc0) at ../deps/v8/src/code-stubs.cc:152
#7 0x0000555555c0422f in v8::internal::CodeStub::GetCode (this=this at entry=0x7fffffffcbc0) at ../deps/v8/src/code-stubs.cc:172
#8 0x00005555561d4474 in v8::internal::MacroAssembler::CallStub (this=this at entry=0x7fffffffcc50, stub=stub at entry=0x7fffffffcbc0) at ../deps/v8/src/x64/macro-assembler-x64.cc:496
#9 0x00005555561d453c in v8::internal::MacroAssembler::CallRuntime (this=this at entry=0x7fffffffcc50, f=0x5555568ac6c0 <v8::internal::kIntrinsicFunctions+15424>, num_arguments=<optimized out>, save_doubles=save_doubles at entry=v8::internal::kDontSaveFPRegs) at ../deps/v8/src/x64/macro-assembler-x64.cc:535
#10 0x00005555561eeac8 in v8::internal::MacroAssembler::CallRuntime (save_doubles=v8::internal::kDontSaveFPRegs, fid=v8::internal::Runtime::kSystemBreak, this=0x7fffffffcc50) at ../deps/v8/src/x64/macro-assembler-x64.h:1106
#11 v8::internal::(anonymous namespace)::BuildPlaceholder (isolate=isolate at entry=0x5555568e2820) at ../deps/v8/src/builtins/setup-builtins-internal.cc:50
#12 0x00005555561eecae in v8::internal::SetupIsolateDelegate::PopulateWithPlaceholders (isolate=isolate at entry=0x5555568e2820) at ../deps/v8/src/builtins/setup-builtins-internal.cc:157
#13 0x00005555561ef5df in v8::internal::SetupIsolateDelegate::SetupBuiltinsInternal (isolate=isolate at entry=0x5555568e2820) at ../deps/v8/src/builtins/setup-builtins-internal.cc:220
#14 0x00005555561ee749 in v8::internal::SetupIsolateDelegate::SetupBuiltins (this=<optimized out>, isolate=isolate at entry=0x5555568e2820, create_heap_objects=create_heap_objects at entry=true) at ../deps/v8/src/setup-isolate-full.cc:18
#15 0x0000555555efae25 in v8::internal::Isolate::Init (this=this at entry=0x5555568e2820, des=des at entry=0x0) at ../deps/v8/src/isolate.cc:2782
#16 0x0000555555b03e86 in v8::IsolateNewImpl (isolate=0x5555568e2820, params=...) at ../deps/v8/src/api.cc:8595
#17 0x0000555555b03f70 in v8::Isolate::New (params=...) at ../deps/v8/src/api.cc:8539
#18 0x000055555599ce3f in node::Start (event_loop=0x7ffff7b9e240, argc=argc at entry=3, argv=argv at entry=0x5555568e10f0, exec_argc=exec_argc at entry=0, exec_argv=exec_argv at entry=0x5555568e11d0) at ../src/node.cc:4830
#19 0x0000555555995131 in node::Start (argc=<optimized out>, argv=0x5555568e10f0) at ../src/node.cc:4912
#20 0x00007ffff4cbfb17 in __libc_start_main (main=0x5555559608c0 <main(int, char**)>, argc=3, argv=0x7fffffffe648, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe638) at ../csu/libc-start.c:310
#21 0x00005555559609aa in _start ()
(gdb) display/i $pc
1: x/i $pc
=> 0x5555561ece89 <v8::base::OS::Abort()+9>: ud2
root at debian:~# audit2why -al
...
type=AVC msg=audit(1541443648.393:165): avc: denied { execmem } for pid=2418 comm="node" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0
Was caused by:
One of the following booleans was set incorrectly.
Description:
Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
Allow access by executing:
# setsebool -P allow_execmem 1
Description:
Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
Allow access by executing:
# setsebool -P allow_execstack 1
type=AVC msg=audit(1541443648.393:166): avc: denied { execmem } for pid=2418 comm="node" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0
Was caused by:
One of the following booleans was set incorrectly.
Description:
Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
Allow access by executing:
# setsebool -P allow_execmem 1
Description:
Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
Allow access by executing:
# setsebool -P allow_execstack 1
type=AVC msg=audit(1541443648.393:167): avc: denied { execmem } for pid=2418 comm="node" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0
Was caused by:
One of the following booleans was set incorrectly.
Description:
Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
Allow access by executing:
# setsebool -P allow_execmem 1
Description:
Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
Allow access by executing:
# setsebool -P allow_execstack 1
type=AVC msg=audit(1541443648.393:168): avc: denied { execmem } for pid=2418 comm="node" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0
Was caused by:
One of the following booleans was set incorrectly.
Description:
Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
Allow access by executing:
# setsebool -P allow_execmem 1
Description:
Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
Allow access by executing:
# setsebool -P allow_execstack 1
type=AVC msg=audit(1541443648.393:169): avc: denied { execmem } for pid=2418 comm="node" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0
Was caused by:
One of the following booleans was set incorrectly.
Description:
Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
Allow access by executing:
# setsebool -P allow_execmem 1
Description:
Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
Allow access by executing:
# setsebool -P allow_execstack 1
type=AVC msg=audit(1541443648.393:170): avc: denied { execmem } for pid=2418 comm="node" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0
Was caused by:
One of the following booleans was set incorrectly.
Description:
Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
Allow access by executing:
# setsebool -P allow_execmem 1
Description:
Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
Allow access by executing:
# setsebool -P allow_execstack 1
type=AVC msg=audit(1541443648.393:164): avc: denied { execmem } for pid=2418 comm="node" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0
Was caused by:
One of the following booleans was set incorrectly.
Description:
Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
Allow access by executing:
# setsebool -P allow_execmem 1
Description:
Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
Allow access by executing:
# setsebool -P allow_execstack 1
More information about the Pkg-javascript-devel
mailing list