View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0008079 | Kali Linux | [All Projects] Kali Package Bug | public | 2022-12-03 00:34 | 2023-02-16 04:23 |
Reporter | jojonas | Assigned To | arnaudr | ||
Priority | normal | Severity | crash | Reproducibility | always |
Status | resolved | Resolution | fixed | ||
Product Version | kali-dev | ||||
Target Version | Fixed in Version | ||||
Summary | 0008079: The DNS server "named" (from the bind9) package crashes with the following error message: | ||||
Description | ┌──(kali㉿kali)-[~] └─$ named --help tls.c:88: fatal error: RUNTIME_CHECK(OPENSSL_init_ssl((0x00000200L | 0x00000400L | 0x00001000L | 0x00002000L | 0x00004000L) | 0x00000040L, ((void *)0)) == 1) failed zsh: IOT instruction named --help | ||||
Steps To Reproduce | Install package "bind9": $ sudo apt install bind9 Start named (either via systemctl service or directly from the command line): $ sudo systemctl start named $ named --help | ||||
|
The reason for the crash is that named is not allowed to read Kali's OpenSSL configuration at /etc/ssl/kali.cnf which is included by /etc/ssl/openssl.cnf, as the following strace output shows: ┌──(kali㉿kali)-[~] └─$ sudo strace -e trace=file named --help execve("/usr/sbin/named", ["named", "--help"], 0x7ffe20ca96c8 /* 13 vars */) = 0 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 [... loading .so libraries ...] readlink("/etc/malloc.conf", 0x7ffe3c544760, 4096) = -1 ENOENT (No such file or directory) open("/proc/sys/vm/overcommit_memory", O_RDONLY|O_CLOEXEC) = 3 open("/sys/kernel/mm/transparent_hugepage/enabled", O_RDONLY) = -1 EACCES (Permission denied) openat(AT_FDCWD, "/sys/devices/system/cpu/online", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/sys/devices/system/cpu/online", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/lib/ssl/openssl.cnf", O_RDONLY) = 3 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=12550, ...}, AT_EMPTY_PATH) = 0 newfstatat(AT_FDCWD, "/etc/ssl/kali.cnf", {st_mode=S_IFREG|0644, st_size=653, ...}, 0) = 0 openat(AT_FDCWD, "/etc/ssl/kali.cnf", O_RDONLY) = -1 EACCES (Permission denied) tls.c:88: fatal error: RUNTIME_CHECK(OPENSSL_init_ssl((0x00000200L | 0x00000400L | 0x00001000L | 0x00002000L | 0x00004000L) | 0x00000040L, ((void *)0)) == 1) failed --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=2631, si_uid=0} --- +++ killed by SIGABRT +++ zsh: IOT instruction sudo strace -e trace=file named --help This is due to the file /etc/ssl/kali.cnf not being included in the Apparmor policy /etc/apparmor.d/usr.sbin.named which is shipped as part of the "bind9" package. Adding a line like "/etc/ssl/kali.cnf r," to the Apparmor policy fixes the issue. |
|
Thanks for the excellent bug report! I opened an issue on the Debian bug tracker, to see if the bind9 maintainers would be willing to relax the apparmor profile for named: https://bugs.debian.org/1025519. |
|
This is solved in package bind9 version 9.18.10-2, in Debian. The package didn't reach Kali yet. |
|
The package bind9 9.18.10-2 is now in kali-rolling, so the issue is solved with:apt update && apt full-upgrade -y Closing. |
Date Modified | Username | Field | Change |
---|---|---|---|
2022-12-03 00:34 | jojonas | New Issue | |
2022-12-03 00:35 | jojonas | Note Added: 0017121 | |
2022-12-06 07:37 | arnaudr | Note Added: 0017148 | |
2022-12-06 07:37 | arnaudr | Assigned To | => arnaudr |
2022-12-06 07:37 | arnaudr | Status | new => assigned |
2022-12-27 03:06 | arnaudr | Note Added: 0017284 | |
2023-01-17 15:43 | arnaudr | Note Added: 0017403 | |
2023-01-17 15:44 | arnaudr | Status | assigned => resolved |
2023-01-17 15:44 | arnaudr | Resolution | open => fixed |