0008079: The DNS server "named" (from the bind9) package crashes with the following error message: - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0008079	Kali Linux	Kali Package Bug	public	2022-12-03 00:34	2023-02-16 04:23

Reporter	jojonas	Assigned To	arnaudr
Priority	normal	Severity	crash	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	kali-dev

Summary	0008079: The DNS server "named" (from the bind9) package crashes with the following error message:
Description	┌──(kali㉿kali)-[~] └─$ named --help tls.c:88: fatal error: RUNTIME_CHECK(OPENSSL_init_ssl((0x00000200L \| 0x00000400L \| 0x00001000L \| 0x00002000L \| 0x00004000L) \| 0x00000040L, ((void *)0)) == 1) failed zsh: IOT instruction named --help
Steps To Reproduce	Install package "bind9": $ sudo apt install bind9 Start named (either via systemctl service or directly from the command line): $ sudo systemctl start named $ named --help

jojonas 2022-12-03 00:35 reporter ~0017121	The reason for the crash is that named is not allowed to read Kali's OpenSSL configuration at /etc/ssl/kali.cnf which is included by /etc/ssl/openssl.cnf, as the following strace output shows: ┌──(kali㉿kali)-[~] └─$ sudo strace -e trace=file named --help execve("/usr/sbin/named", ["named", "--help"], 0x7ffe20ca96c8 / 13 vars /) = 0 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY\|O_CLOEXEC) = 3 [... loading .so libraries ...] readlink("/etc/malloc.conf", 0x7ffe3c544760, 4096) = -1 ENOENT (No such file or directory) open("/proc/sys/vm/overcommit_memory", O_RDONLY\|O_CLOEXEC) = 3 open("/sys/kernel/mm/transparent_hugepage/enabled", O_RDONLY) = -1 EACCES (Permission denied) openat(AT_FDCWD, "/sys/devices/system/cpu/online", O_RDONLY\|O_CLOEXEC) = 3 openat(AT_FDCWD, "/sys/devices/system/cpu/online", O_RDONLY\|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/lib/ssl/openssl.cnf", O_RDONLY) = 3 newfstatat(3, "", {st_mode=S_IFREG\|0644, st_size=12550, ...}, AT_EMPTY_PATH) = 0 newfstatat(AT_FDCWD, "/etc/ssl/kali.cnf", {st_mode=S_IFREG\|0644, st_size=653, ...}, 0) = 0 openat(AT_FDCWD, "/etc/ssl/kali.cnf", O_RDONLY) = -1 EACCES (Permission denied) tls.c:88: fatal error: RUNTIME_CHECK(OPENSSL_init_ssl((0x00000200L \| 0x00000400L \| 0x00001000L \| 0x00002000L \| 0x00004000L) \| 0x00000040L, ((void *)0)) == 1) failed --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=2631, si_uid=0} --- +++ killed by SIGABRT +++ zsh: IOT instruction sudo strace -e trace=file named --help This is due to the file /etc/ssl/kali.cnf not being included in the Apparmor policy /etc/apparmor.d/usr.sbin.named which is shipped as part of the "bind9" package. Adding a line like "/etc/ssl/kali.cnf r," to the Apparmor policy fixes the issue.

arnaudr 2022-12-06 07:37 manager ~0017148	Thanks for the excellent bug report! I opened an issue on the Debian bug tracker, to see if the bind9 maintainers would be willing to relax the apparmor profile for named: https://bugs.debian.org/1025519.

arnaudr 2022-12-27 03:06 manager ~0017284	This is solved in package bind9 version 9.18.10-2, in Debian. The package didn't reach Kali yet.

arnaudr 2023-01-17 15:43 manager ~0017403	The package bind9 9.18.10-2 is now in kali-rolling, so the issue is solved with: <pre> apt update && apt full-upgrade -y </pre> Closing.

Date Modified	Username	Field	Change
2022-12-03 00:34	jojonas	New Issue
2022-12-03 00:35	jojonas	Note Added: 0017121
2022-12-06 07:37	arnaudr	Note Added: 0017148
2022-12-06 07:37	arnaudr	Assigned To	=> arnaudr
2022-12-06 07:37	arnaudr	Status	new => assigned
2022-12-27 03:06	arnaudr	Note Added: 0017284
2023-01-17 15:43	arnaudr	Note Added: 0017403
2023-01-17 15:44	arnaudr	Status	assigned => resolved
2023-01-17 15:44	arnaudr	Resolution	open => fixed