security/clamav: Segmentation fault when running clamav in a
32-bit jail on a 64-bit host
Jeremy Chadwick
freebsd at jdc.parodius.com
Fri Aug 27 17:32:13 UTC 2010
On Fri, Aug 27, 2010 at 01:06:49PM -0400, Glen Barber wrote:
> On 8/27/10 12:54 PM, Jeremy Chadwick wrote:
> > On Fri, Aug 27, 2010 at 12:46:48PM -0400, Glen Barber wrote:
> >> On 8/27/10 12:33 PM, Kurt Jaeger wrote:
> >>> Hi!
> >>>
> >>>> I have a few clamav instances running in jails on 32-bit hosts without
> >>>> any issues. A few days ago one of these jails was migrated to a 64-bit
> >>>> host (8.1-RELEASE), where I noticed clamd (0.96.2_1) segfaults when queried.
> >>>>
> >>>> The issue seems specific to 32bit/64bit compatibility. I have a gdb
> >>>> session available here: http://gist.github.com/549964
> >>>>
> >>>> Any thoughts on if this is possible?
> >>>
> >>> Try
> >>>
> >>> Bytecode no
> >>>
> >>> in clamd.conf ?
> >>>
> >>
> >> It was set to 'yes' initially. I thought it was disabled with building
> >> without JIT. At any rate, no, it still segfaults with the same backtrace.
> >
> > 1) Is clamd built with debugging symbols enabled? If not, you might want
> > to rebuild it with such, else it might be difficult to debug the
> > problem.
> >
>
> It wasn't initially, but is now.
>
> > Also, if the segfault happens after performing the above, can you
> > provide output from "bt full" instead of just "bt"?
> >
>
> Of course. The new backtrace is here: http://gist.github.com/553734
I want to make sure I understand the environment -- on a native i386
(32-bit) FreeBSD host, the software works fine. But on a native amd64
(64-bit) FreeBSD host, the software segfaults. Correct?
If so -- it appears as if the system you're providing the backtrace from
is a 32-bit system, or within a 32-bit environment? I would expect to
see 64-bit addresses in the backtrace, yet they're all 32-bit.
I'm not familiar with jailed environments (or the concept/possibility of
running a mixed-architecture jail (e.g. 64-bit host OS with 32-bit
jails)). I don't use lib32 on my amd64 systems.
I did take a look at the clamav code itself (I'd have to spend a few
hundred lines outlining it here and would rather not). My guess is that
there's a conflict between what the running OS architecture is and what
the build process determines the architecture is.
Given that you have jails, and possibly a mixed architecture environment
on a single host (e.g. 64-bit host OS with 32-bit jails), can you
explain exactly how you go about building clamav, followed by how you go
about running it?
Thanks.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
More information about the freebsd-ports
mailing list