DNS using Name Service Switch module and Casper
Mark Johnston
markj at freebsd.org
Thu Jan 14 15:56:50 UTC 2021
On Sun, Jan 10, 2021 at 04:32:13PM +0300, Vasily Postnicov wrote:
> This is as minimal as I can get. If I knew where to find, what to fix, I
> would never waste my time seeking for help on mailing lists.
>
> Just put FreeBSD in that damn bhyve and play with it, get your hands dirty,
> you are the developer after all, not me! Your knowledge of FreeBSD is
> supposedly much greater that mine.
>
> For me acceptable solutions are:
> 1) Remove unsandboxed call to getaddrinfo() from ping.
> 2) Do not compile with that casper crap which gives false sense of security
> or whatsoever.
>
> I just wanted to help you find a bug where fork() hangs for no reason. So I
> provided you with all I can get from this situation. Just 20 lines of code
> to reproduce the bug. And you tell me this is not what you want. So what do
> you want? A patch that fixes your problem?
>
> Sorry for harsh words in your address. But in such situations I question
> myself should I really report anything and ask anything in FreeBSD
> community.
>
> Btw, if you are still interested, I think I can provide you with the whole
> bhyve image in which you can reproduce the bug. It contains modified
> /etc/nsswitch.conf if you cannot change it yourself.
Just to follow up, we got a simpler repro based on the one you provided.
A few bugs were found and fixed as a result:
https://cgit.freebsd.org/src/commit/?id=21f749da82e755aafab127618affeffb86cff9a5
https://cgit.freebsd.org/src/commit/?id=513320c0f1122f096468c0b01623ba7c7e77cbe2
https://cgit.freebsd.org/src/commit/?id=85d028223bc2768651f4d44881644ceb5dc2a664
https://cgit.freebsd.org/src/commit/?id=57f22c828ec01e0d92bc8858f61df06b4d81ea5c
> сб, 9 янв. 2021 г., 21:47 Konstantin Belousov <kostikbel at gmail.com>:
>
> > On Sat, Jan 09, 2021 at 08:25:46PM +0300, Vasily Postnicov wrote:
> > > Brilliant! It took me almost a day to dive into ZeroMQ to reassure
> > > myself that there is nothing wrong with it. When I tried to write
> > > minimal test programs which call fork after pthread_create() in all
> > > combinations. When I realized that NSS stub module is what I need.
> > >
> > > Instructions:
> > >
> > > 1) Compile NSS stub module: cc -shared -fPIC -pthread -o
> > > nss_zerodns.so.1 test.c (Note '.1' at the end).
> > > 2) Copy nss_zerodns.so.1 to /usr/local/lib
> > > 3) Apply the patch src_sbin_ping_main.c to ping source code. With this
> > > patch ping will not quit too early when the initial call to
> > > getaddrinfo() fails.
> > > 4) Add stub module to /etc/nsswitch.conf: edit 'hosts' line to be
> > > 'hosts: files dns zerodns'
> > > 5) Ping non-existent host, like 'ping foo.bar'
> > > 6) Ping will hang. The child process which it creates cannot be killed
> > > even with killall -9 ping
> >
> > This is exactly what I do not want. Provide a standalone binary (or
> > binaries) that can be just run and demonstrate the issue. Without
> > editing nsswitch.conf or patching ping.
> >
More information about the freebsd-net
mailing list