| Subject | Re: Buffer Overflow on Gentoo Linux Kernel 3.0.6 |
|---|---|
| Author | alexpeshkoff |
| Post date | 2011-11-14T08:00:26Z |
--- In firebird-support@yahoogroups.com, Matthias Hanft <mh@...> wrote:
You are _highly_recommended to use latest subrelease from SF.
I do not remember details of this message ..
If BOF still persists - try to follow http://www.ibphoenix.com/resources/documents/search/doc_36
>First of all I have to say (looking at this version) that gentoo currently does not support firebird packaging :-(
> Hi,
>
> since many years, I've been using Firebird with Gentoo Linux kernels up to
> 2.6.38 without any problems - currently FB "2.0.3.12981.0-r6" (the newest
> "stable" version which is available as a Gentoo package).
>
You are _highly_recommended to use latest subrelease from SF.
> Now, I have built a new Gentoo system from scratch, of course with kernelI even do not remember - may be there was really BOF in that 2.0.3 dinosaurus:) And I do not know what method of user management is used in proprietary software like IBExpert. Can you try to reproduce using flamerobin if you prefer GUI tools?
> 3.0.6 (different hardware, slightly different Linux .config). First,
> Firebird runs just normal, but when calling some special functions (for
> example, user rights management from IBExpert), it crashes because of a
> buffer overflow.
>
> syslog says:Yes, 64 bit mode was something new 6 years ago.
>
> Nov 13 18:43:41 n *** buffer overflow detected ***: fbserver - terminated
> Nov 13 18:43:41 n fbserver: buffer overflow attack in function <unknown> - terminated
> Nov 13 18:43:41 n Report to http://bugs.gentoo.org/
>
> I did report to bugs.gentoo.org - https://bugs.gentoo.org/show_bug.cgi?id=390429 -
> but I'm not quite sure if this is a Gentoo or a Firebird issue.
>
> In addition, on the new system, in firebird.log, there are two messages at
> server start which I have never seen on the old system:
>
> n (Server) Sun Nov 13 18:43:41 2011
> 64 bit i/o support is on.
I do not remember details of this message ..
> n (Server) Sun Nov 13 18:43:41 2011.. and this too. But IMHO nothing bad happened.
> Open file limit increased from 1024 to 4096
>
> Perhaps this is a result of the slightly different Linux .config? ThereTry with 2.5.1. Or if you prefer 2.0 - 2.0.6.
> must be some more differences because starting FB (with /etc/init.d/
> firebird start) on the old server says:
>
> * Starting Firebird server ...
> * WARNING: -o/--oknodo is deprecated and will be removed in the future
> * WARNING: -c/--chuid is deprecated and will be removed in the future, please use -u/--user instead
> * WARNING: -a/--startas is deprecated and will be removed in the future, please use -x/--exec or
> -n/--name instead
> server has been successfully started [ ok ]
>
> and on the new server
>
> * Starting Firebird server ...
> * WARNING: -o/--oknodo is deprecated and will be removed in the future
> * WARNING: -c/--chuid is deprecated and will be removed in the future, please use -u/--user instead
> * WARNING: -a/--startas is deprecated and will be removed in the future, please use -x/--exec or
> -n/--name instead
> check /var/log/firebird/firebird.log file for errors
> can not start server [ ok ]
>
> but the server is started anyway (sometimes the start scripts even hangs);
> in firebird.log, there is
> n (Client) Sun Nov 13 19:15:39 2011
> INET/inet_error: connect errno = 111
> (but only if the server is not listening on localhost; as it seems)
>
> While it's just uncomfortable not using IBExpert's rights management
> (GRANT etc. with "fbsql" *does* work), I'm afraid to put that FB
> installation into a production environment - what if those buffer
> overflows would also happen just in normal operation? This would
> be _real_bad_ ...
>
> Any hints?
If BOF still persists - try to follow http://www.ibphoenix.com/resources/documents/search/doc_36