Subject | [Ticket #390] [firebird-support] Buffer Overflow on Gentoo Linux Kernel 3.0.6 |
---|---|
Author | Desarrollo |
Post date | 2014-03-07T18:33:25Z |
This is a notification from the Help Desk.
On Mar 07, 2014 @ 03:32 pm, peshkoff@... wrote:
--- In firebird-support@yahoogroups.com, Matthias Hanft <mh@...> wrote:
>
> Hi,
>
> since many years, I've been using Firebird with Gentoo Linux kernels up to
> 2.6.38 without any problems - currently FB "2.0.3.12981.0-r6" (the newest
> "stable" version which is available as a Gentoo package).
>
First of all I have to say (looking at this version) that gentoo currently does not support firebird packaging :-(
You are _highly_recommended to use latest subrelease from SF.
> Now, I have built a new Gentoo system from scratch, of course with kernel
> 3.0.6 (different hardware, slightly different Linux .config). First,
> Firebird runs just normal, but when calling some special functions (for
> example, user rights management from IBExpert), it crashes because of a
> buffer overflow.
>
I even do not remember - may be there was really BOF in that 2.0.3 dinosaurus:) And I do not know what method of user management is used in proprietary software like IBExpert. Can you try to reproduce using flamerobin if you prefer GUI tools?
> syslog says:
>
> Nov 13 18:43:41 n *** buffer overflow detected ***: fbserver - terminated
> Nov 13 18:43:41 n fbserver: buffer overflow attack in function <unknown> - terminated
> Nov 13 18:43:41 n Report to http://bugs.gentoo.org/
>
> I did report to bugs.gentoo.org - https://bugs.gentoo.org/show_bug.cgi?id=390429 -
> but I'm not quite sure if this is a Gentoo or a Firebird issue.
>
> In addition, on the new system, in firebird.log, there are two messages at
> server start which I have never seen on the old system:
>
> n (Server) Sun Nov 13 18:43:41 2011
> 64 bit i/o support is on.
Yes, 64 bit mode was something new 6 years ago.
I do not remember details of this message ..
> n (Server) Sun Nov 13 18:43:41 2011
> Open file limit increased from 1024 to 4096
>
.. and this too. But IMHO nothing bad happened.
> Perhaps this is a result of the slightly different Linux .config? There
> must be some more differences because starting FB (with /etc/init.d/
> firebird start) on the old server says:
>
> * Starting Firebird server ...
> * WARNING: -o/--oknodo is deprecated and will be removed in the future
> * WARNING: -c/--chuid is deprecated and will be removed in the future, please use -u/--user instead
> * WARNING: -a/--startas is deprecated and will be removed in the future, please use -x/--exec or
> -n/--name instead
> server has been successfully started [ ok ]
>
> and on the new server
>
> * Starting Firebird server ...
> * WARNING: -o/--oknodo is deprecated and will be removed in the future
> * WARNING: -c/--chuid is deprecated and will be removed in the future, please use -u/--user instead
> * WARNING: -a/--startas is deprecated and will be removed in the future, please use -x/--exec or
> -n/--name instead
> check /var/log/firebird/firebird.log file for errors
> can not start server [ ok ]
>
> but the server is started anyway (sometimes the start scripts even hangs);
> in firebird.log, there is
> n (Client) Sun Nov 13 19:15:39 2011
> INET/inet_error: connect errno = 111
> (but only if the server is not listening on localhost; as it seems)
>
> While it's just uncomfortable not using IBExpert's rights management
> (GRANT etc. with "fbsql" *does* work), I'm afraid to put that FB
> installation into a production environment - what if those buffer
> overflows would also happen just in normal operation? This would
> be _real_bad_ ...
>
> Any hints?
Try with 2.5.1. Or if you prefer 2.0 - 2.0.6.
If BOF still persists - try to follow http://www.ibphoenix.com/resources/documents/search/doc_36
==Ticket History==
On Mar 07, 2014 @ 03:32 pm, mh@... wrote:
Hi,
since many years, I've been using Firebird with Gentoo Linux kernels up to
2.6.38 without any problems - currently FB "2.0.3.12981.0-r6" (the newest
"stable" version which is available as a Gentoo package).
Now, I have built a new Gentoo system from scratch, of course with kernel
3.0.6 (different hardware, slightly different Linux .config). First,
Firebird runs just normal, but when calling some special functions (for
example, user rights management from IBExpert), it crashes because of a
buffer overflow.
syslog says:
Nov 13 18:43:41 n *** buffer overflow detected ***: fbserver - terminated
Nov 13 18:43:41 n fbserver: buffer overflow attack in function <unknown> - terminated
Nov 13 18:43:41 n Report to http://bugs.gentoo.org/
I did report to bugs.gentoo.org - https://bugs.gentoo.org/show_bug.cgi?id=390429 -
but I'm not quite sure if this is a Gentoo or a Firebird issue.
In addition, on the new system, in firebird.log, there are two messages at
server start which I have never seen on the old system:
n (Server) Sun Nov 13 18:43:41 2011
64 bit i/o support is on.
n (Server) Sun Nov 13 18:43:41 2011
Open file limit increased from 1024 to 4096
Perhaps this is a result of the slightly different Linux .config? There
must be some more differences because starting FB (with /etc/init.d/
firebird start) on the old server says:
* Starting Firebird server ...
* WARNING: -o/--oknodo is deprecated and will be removed in the future
* WARNING: -c/--chuid is deprecated and will be removed in the future, please use -u/--user instead
* WARNING: -a/--startas is deprecated and will be removed in the future, please use -x/--exec or
-n/--name instead
server has been successfully started [ ok ]
and on the new server
* Starting Firebird server ...
* WARNING: -o/--oknodo is deprecated and will be removed in the future
* WARNING: -c/--chuid is deprecated and will be removed in the future, please use -u/--user instead
* WARNING: -a/--startas is deprecated and will be removed in the future, please use -x/--exec or
-n/--name instead
check /var/log/firebird/firebird.log file for errors
can not start server [ ok ]
but the server is started anyway (sometimes the start scripts even hangs);
in firebird.log, there is
n (Client) Sun Nov 13 19:15:39 2011
INET/inet_error: connect errno = 111
(but only if the server is not listening on localhost; as it seems)
While it's just uncomfortable not using IBExpert's rights management
(GRANT etc. with "fbsql" *does* work), I'm afraid to put that FB
installation into a production environment - what if those buffer
overflows would also happen just in normal operation? This would
be _real_bad_ ...
Any hints?
Thank you,
-Matt
------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Visit http://www.firebirdsql.org and click the Resources item
on the main (top) menu. Try Knowledgebase and FAQ links !
Also search the knowledgebases at http://www.ibphoenix.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Yahoo! Groups Links
------
This is an automated response. Your issue has been noted. We'll be in touch soon.
Please reply to this email or visit the URL below with any additional details.
http://DANTOIN:9675/portal/view-help-request/390
[Non-text portions of this message have been removed]