Ubuntu
dosemu package

dosemu.bin crashed with SIGSEGV in memcpy()

Bug #217710 reported by Adilson Oliveira
This bug report is a duplicate of:  Bug #216398: default mmap_min_addr breaks dosemu. Edit Remove
36
Affects Status Importance Assigned to Milestone
dosemu (Ubuntu)
Invalid
Undecided
Kees Cook

Bug Description

Binary package hint: dosemu

After the latest update, dosemu stopped working. Now, when one tries to run it gives a:
LOWRAM mmap: Invalid argument
Falha de segmentação (core dumped)
It looks like it fails when tries to allocate memory to the emulation. If one run it as root it does work which makes me suspect some security problem.

ProblemType: Crash
Architecture: i386
Date: Tue Apr 15 09:36:34 2008
DistroRelease: Ubuntu 8.04
ExecutablePath: /usr/bin/dosemu.bin
NonfreeKernelModules: nvidia
Package: dosemu 1.4.0+svn.1828-1
PackageArchitecture: i386
ProcCmdline: /usr/bin/dosemu.bin -p
ProcEnviron:
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=pt_BR.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: dosemu
Stacktrace:
 #0 0xb7e5d9b5 in memcpy () from /lib/tls/i686/cmov/libc.so.6
 #1 0x0810c928 in memory_init ()
 #2 0x080649f1 in main ()
StacktraceTop:
 memcpy () from /lib/tls/i686/cmov/libc.so.6
 memory_init ()
 main ()
ThreadStacktrace:
 .
 Thread 1 (process 9442):
 #0 0xb7e5d9b5 in memcpy () from /lib/tls/i686/cmov/libc.so.6
 #1 0x0810c928 in memory_init ()
 #2 0x080649f1 in main ()
Title: dosemu.bin crashed with SIGSEGV in memcpy()
Uname: Linux 2.6.24-16-generic i686
UserGroups: adm admin audio cdrom dialout dip floppy lpadmin plugdev scanner video

Revision history for this message
Adilson Oliveira (agoliveira) wrote :
Revision history for this message
Adilson Oliveira (agoliveira) wrote :

Looks like AppArmor is on the way
* AppArmor: implement mmap_min_addr check as done in mainline.
According to the kernel logs.
I tried to create a dosemu profile but it didn't work:
# Last Modified: Tue Apr 15 10:53:53 2008
#include <tunables/global>
/usr/bin/dosemu {
  #include <abstractions/base>

  /bin/dash ixr,
  /bin/mkdir ixr,
  /dev/shm/dosemu_13075 w,
  /dev/shm/dosemu_13427 w,
  /dev/shm/dosemu_13720 w,
  /dev/shm/dosemu_13814 w,
  /dev/shm/dosemu_14158 w,
  /dev/shm/dosemu_14412 w,
  /dev/shm/dosemu_14584 w,
  /dev/shm/dosemu_15211 w,
  /dev/shm/dosemu_15321 w,
  /dev/shm/dosemu_15664 w,
  /etc/dosemu/dosemu.conf r,
  /etc/dosemu/dosemu.users r,
  /home/*/.dosemu/boot.log w,
  /home/*/.dosemu/drives/ r,
  /proc/*/maps r,
  /proc/*/mounts r,
  /proc/cpuinfo r,
  /proc/filesystems r,
  /usr/bin/basename ixr,
  /usr/bin/dosemu mr,
  /usr/bin/dosemu.bin mpxr,
  /usr/bin/id ixr,
  /usr/share/locale-langpack/pt_BR/LC_MESSAGES/libc.mo r,
}

Revision history for this message
Adilson Oliveira (agoliveira) wrote :

Those are the last messages from the kernel

Apr 15 10:55:23 cartman kernel: [ 5336.100648] audit(1208267723.303:2980): type=1502 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/lib/tls/i686/cmov/libc-2.7.so" pid=16112 profile="null-complain-profile" namespace="default"
Apr 15 10:55:23 cartman kernel: [ 5336.100665] audit(1208267723.303:2981): type=1502 operation="file_mmap" requested_mask="::mr" denied_mask="::mr" name="/lib/tls/i686/cmov/libc-2.7.so" pid=16112 profile="null-complain-profile" namespace="default"
Apr 15 10:55:23 cartman kernel: [ 5336.100676] audit(1208267723.303:2982): type=1502 operation="file_mmap" requested_mask="::r" denied_mask="::r" name="/lib/tls/i686/cmov/libc-2.7.so" pid=16112 profile="null-complain-profile" namespace="default"
Apr 15 10:55:23 cartman kernel: [ 5336.100771] audit(1208267723.303:2983): type=1502 operation="file_mprotect" requested_mask="::r" denied_mask="::r" name="/lib/tls/i686/cmov/libc-2.7.so" pid=16112 profile="null-complain-profile" namespace="default"
Apr 15 10:55:23 cartman kernel: [ 5336.102186] audit(1208267723.303:2984): type=1502 operation="inode_create" requested_mask="w::" denied_mask="w::" name="/dev/shm/dosemu_16083" pid=16083 profile="/usr/bin/dosemu.bin" namespace="default"
Apr 15 10:55:23 cartman kernel: [ 5336.102205] audit(1208267723.303:2985): type=1502 operation="inode_unlink" requested_mask="w::" denied_mask="w::" name="/dev/shm/dosemu_16083" pid=16083 profile="/usr/bin/dosemu.bin" namespace="default"
Apr 15 10:55:23 cartman kernel: [ 5336.103697] audit(1208267723.303:2986): type=1502 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/usr/share/locale-langpack/pt_BR/LC_MESSAGES/libc.mo" pid=16083 profile="/usr/bin/dosemu.bin" namespace="default"
Apr 15 10:55:23 cartman kernel: [ 5336.103710] audit(1208267723.303:2987): type=1502 operation="file_mmap" requested_mask="::r" denied_mask="::r" name="/usr/share/locale-langpack/pt_BR/LC_MESSAGES/libc.mo" pid=16083 profile="/usr/bin/dosemu.bin" namespace="default"
Apr 15 10:55:23 cartman kernel: [ 5336.103784] dosemu.bin[16083]: segfault at 000f0000 eip b7dce9b5 esp bfaec81c error 6
Apr 15 10:59:30 cartman kernel: [ 5583.216670] dosemu.bin[16391]: segfault at 000f0000 eip b7e6c9b5 esp bfe16b4c error 6

Revision history for this message
Kees Cook (kees) wrote :

This is a result of the new "mmap_min_addr" setting in /etc/sysctl.conf. To disable the protection (and allow dosemu to access this memory area), set the value to 0, and reload the sysctl settings: sudo /etc/init.d/procps restart

Changed in dosemu:
assignee: nobody → keescook
status: New → Invalid
Revision history for this message
rexset (rexset) wrote :

 Mmmm....

Revision history for this message
Samat (gsamat) wrote :

Is it good to change that?
 Are developers aware of the problem?

Revision history for this message
Kees Cook (kees) wrote :

Changing mmap_min_addr makes your system slightly less secure -- you will not be protected from potential kernel exploits that use NULL derefs.

Revision history for this message
Adilson Oliveira (agoliveira) wrote :

I know next to nothing about emulation but I believe that, if isn't possible for dosemu to overcome this situation, at least a message giving a clue about mmap_min_addr should be issued so the user can choose.
That's quite easy to do so, if you don't see any problems with that I'll do it and add a patch here.

Revision history for this message
Samat (gsamat) wrote :

It works fine after changing that!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.