前一陣子上班時, Samuel 跑過來問:

“咦? 你們之前寫某個 Server 的時候, 怎麼讓程式自己產生 Core dump 啊?”

“那幫我看一下為啥我照著那樣寫不會動..”

沒想到就開始了殘酷的惡夢~ 讓我們花費了不少工夫才發現為甚麼.

在 Linux 上, 預設是不會有 Core dump 的, 而要讓程式產生 Core dump 的方法就是利用 bash built-in 的 ulimit 指令. 我去年這篇 How to enlarge Coredump Size and File Descriptor Limitations 剛好也有寫到.

不過意外常常有, 所以除了讓 System administrator 設 ulimit -c unlimited 之外, 我自己也會在程式裡面利用 setrlimit(2) 這隻 system call, 讓程式在執行時, 能夠不管 administrator 有沒有用 ulimit 設定 Core dump size, 保證一定會產生 Core dump. 在程式 crash 的時候, Core dump 是很重要線索啊! 就像 CSI 一樣, 讓證據會說話.

可是在看完 Samuel 的程式時, 我和他兩個就覺得很奇怪, 應該是會 work 才對, 因為同樣的 code 寫的程式已經在 production server 上跑了一段時間, 應該不會有問題才對, 這時候, 我才猛然想起來, 管機器的 administrator 曾說過有時候 Core dump 不會出現. “God! 該不會就是同一個問題吧?”

和 Samuel 兩個人找完資料的答案, 就是寫這篇文章的動機了. 我們發現, 如果一個程式按照上面的方法都無法產生 Core dump, 那要看看這個程式是否是用了 setuid(2) 這個 System call. 我們發現, 一個 setuid(2) 或 seteuid(2) 過後的程式, 是沒有辦法產生 Core dump 的.

好巧不巧, 通常 Server 為了一些安全性的考量, 也會實作 setuid(2) 或 seteuid(2) 來達到 Running with Least Privilege (相對應 Windows 的指令就是 Run As). 也就是說, setuid(2) 一定是不能略過的. 解決方法有兩種.

第一種是只有這個程式有效. 用的方法就是 prctl(2). 這個方法是可以改 source, 然後 rebuild 的狀況下才能用. Sample code 如下:

#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
#include <pwd.h>
#include <sys/resource.h>
#include <sys/prctl.h>

#define SU_USER "nobody"

int main(void)
{
    struct rlimit corelimit;
    struct passwd *pw = NULL;
    char          *cp = NULL;

    /* if switch to nobody failed */
    if (NULL == (pw = getpwnam(SU_USER)))
    {
        fprintf(stderr, "Cannot get uid from user(%s). Error: %s\n",
                         SU_USER, strerror(errno));
        return -1;
    }

    /* try to switch to nobody */
    if ((setuid(pw->pw_uid) < 0) || (seteuid(pw->pw_uid) < 0))
    {
        fprintf(stderr, "Cannot switch to user(%s). Error: %s\n",
                         SU_USER, strerror(errno));
        return -2;
    }

    /* force to make coredump */
    if (prctl(PR_SET_DUMPABLE, 1) < 0)
    {
        fprintf(stderr, "Cannot enable core dumping. Error: %s\n",
                         strerror(errno));
        return -3;
    }

    /* set core size to unlimited */
    corelimit.rlim_cur = RLIM_INFINITY;
    corelimit.rlim_max = RLIM_INFINITY;
    if (setrlimit(RLIMIT_CORE, &corelimit) < 0)
    {
        fprintf(stderr, "Setrlimit failed! Error: %s\n",
                         strerror(errno));
        return -4;
    }

    /* force to coredump */
    *cp = '1';

    return 0;
}

這種方法要注意的事情有:

• 一定要用 root 執行.
  setuid 然後讓一般 user 去執行的方法不行.
  (e.g. sudo chown root a.out; sudo chgrp root a.out; sudo chmod 4755 a.out)
• 因為 Core dump 產生的目錄和執行檔在同一個目錄下, 這個目錄的權限一定要是 root 這個 user, root 這個 group 同時都可以寫入才行. 要注意這個 case, 不要把 root 當成是 super-user, 而是要當作 regular user.
  比方說, (drwxrwxr-x, root root) 和 (drwxrwxrwx, nobody nogroup) 可以, 但是 (drwxr-xr-x root root) 和 (drwxrwxr-x root nogroup) 都不行. 很弔詭吧! 我也不知道為甚麼~

第二種方法是 system-wide 的, 也就是會影響到所有在系統執行的程式. 方法就是 /proc/sys/fs/suid_dumpable. 因為這個和 kernel 的版本有關, 請 man 5 proc 比較保險. 這是在無法動 source code, 而且原程式沒有用 prctl(2) 情況下的殺手鐧.

要注意的事情和第一種方法一樣, 把 /proc/sys/fs/suid_dumpable 設成 1 或 2 的差別, 是會決定 core dump file 的擁有者. 如果設成 1, 就會和第一種方法一樣是被 switch 的 owner (本例是 nobody). 如果設 2 就一定是 root, 但是這個似乎要 kernel 2.6.13 以上才有 support? 我不是很確定.

希望這篇文章給大家當作個參考囉!

PS: 這篇竟然寫了快二個周末, 真是夠久的~

Popularity: 68% [?]

今天更新 Gentoo Linux 時, 在 sudo emerge -uvDNat world 之後, 發現 php-5.2.3 升到 php-5.2.4_pre200708051230, 然後 expat-1.95.8 升到 expat-2.0.1, 當下暗暗感覺不妙, 果不其然, 升級完之後 apache 就不會動了, 比方說執行 sudo /etc/init.d/apache2 stop 時, 會出現:

sojia [~] -pigfoot- sudo /etc/init.d/apache2 stop
/usr/sbin/apache2: error while loading shared libraries: libexpat.so.0: cannot open shared object file: No such file or directory

果然, 因為 expat-1.95.8 的是編出來的 libexpat.so.0, expat-2.0.1 會編出 libexpat.so.1. 我試著 rebuild apache 結果也一樣不行.

正確答案要這樣:

sojia [~] -pigfoot- sudo revdep-rebuild

就是把系統中, 會用到 libexpat 的套件都 rebuild 之後才會動. 給大家作個參考.

Popularity: 57% [?]

When we write a network server program, I think lots of system calls have their own explicit parameters like socket(), bind(), accept(). But it’s very interesting when we use this system call listen(). Let’s see its prototype:

int listen(int sockfd, int backlog);

Yes, it’s very obvious that the first parameter is the socket fd. But, what’s the meaning of backlog number? Some body would tell us like manpage LISTEN(2) says: “The backlog parameter defines the maximum length the queue of pending connections may grow to. If a connection request arrives with the queue full the client may receive an error with an indication of ECONNREFUSED or, if the underlying protocol supports retransmission, the request may be ignored so that retries succeed.”

From a robust server’s perspective, what’s the maximum value it should be assign? At first, I assigned very large number like 1,024 (of course, listen system call still returns successfully). After saw the manpage LISTEN(2) in Linux, I was wrong..

If the socket is of type AF_INET, and the backlog argument is greater than the constant SOMAXCONN (128 in Linux 2.0 & 2.2), it is silently truncated to SOMAXCONN.

It doesn’t mention kernel 2.6. But it’s fine. Let’s investigate into Linux kernel source code.

In Linux kernel 2.6.20.1, we can see the listen system call implementation in net/socket.c line 1306. As it shows, the maximum number of backlog cannot be large than sysctl_somaxconn, which is assigned to SOMAXCONN. Furthermore, SOMAXCONN is defined 128 in include/linux/socket.h line 226.

In my opinion, in Linux 2.0 to 2.6, this means backlog cannot exceed 128 by default, or it would be truncated to SOMAXCONN silently like the manpage says.

How about FreeBSD? We can see the note of manpage LISTEN(2) in FreeBSD 6:

The listen() system call appeared in 4.2BSD. The ability to configure the maximum backlog at run-time, and to use a negative backlog to request the maximum allowable value, was introduced in FreeBSD 2.2.

I’m not very familiar with FreeBSD kernel, but let me try to trace. The start point is to check sys/kern/uipc_syscalls.c of cvstag RELENG_6 in FreeBSD. We can see listen system call will invoke solisten(so, uap->backlog, td). Thus, we go to sys/kern/uipc_socket.c now to see the implementation of solisten(struct socket *so, int backlog, struct thread *td). The same, the maximum value is somaxconn which is assigned to SOMAXCONN by default. Finally, we can see the value is defined in sys/sys/socket.h. The value is the same as Linux — 128.

To put it another way, if you’re writing a server program in either Linux or FreeBSD platform, it’s very appropriate to assign the value of backlog to 128. in FreeBSD, however, you can assign a negative backlog to request the maximum allowable value.

You may ask what’s the value of backlog in popular modern server? Let’s check the source of Apache HTTP Server. As you see in /server/listen.c, ap_listenbacklog is assigned to DEFAULT_LISTENBACKLOG which is defined 511 in /include/mpm_common.h.

Popularity: 57% [?]

When I read the portage log of Gentoo Linux, I saw a interesting software called ngrep - network grep (net-analyzer/ngrep). Here is the description from official site:

ngrep strives to provide most of GNU grep’s common features, applying them to the network layer.

ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets.

It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

We can visit the Usage Section and learn more about how ngrep works and can be leveraged to see all sorts of neat things.

Example: Debugging HTTP interactions:

# ngrep -W byline port 80
interface: eth0 (10.1.1.10/255.255.252.0)
filter: ip and ( port 80 )
####
T 10.1.1.10:42177 -> 64.90.164.74:80 [AP]
GET / HTTP/1.1.
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686) Opera …
Host: www.darkridge.com.
Accept: text/html, application/xml;q=0.9, application/xhtml+xml;q=0.9 …
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1.
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0.
Cookie: SQMSESSID=5272f9ae21c07eca4dfd75f9a3cda22e.
Cookie2: $Version=1.
Cache-Control: no-cache.
Connection: Keep-Alive, TE.
TE: deflate, gzip, chunked, identity, trailers.
.
##
T 64.90.164.74:80 -> 10.1.1.10:42177 [AP]
HTTP/1.1 200 OK.
Date: Mon, 29 Mar 2004 00:47:25 GMT.
Server: Apache/2.0.49 (Unix).
Last-Modified: Tue, 04 Nov 2003 12:09:41 GMT.
ETag: “210e23-326-f8200b40″.
Accept-Ranges: bytes.
Vary: Accept-Encoding,User-Agent.
Content-Encoding: gzip.
Content-Length: 476.
Keep-Alive: timeout=15, max=100.
Connection: Keep-Alive.
Content-Type: text/html; charset=ISO-8859-1.
Content-Language: en.
.
……….}S]..0.|………..H…8……..@..\….(…..Dw.%.,..;.k.. …
.;kw*U.j.< ...\0Tn.l.:......>Fs….’….h.’…u.H4..’.6.vIDI…….N.r …
..H..#..J….u.?..]….^..2…..e8v/gP…..].48…qD!……….#y…m …
####

Popularity: 48% [?]

Another GPL win in Germany, from LWN.

The gpl-violations.org project has announced that it has won a court case against D-Link in Germany.

On September 6, 2006 the district court issued its judgement, confirming the claims by gpl-violations.org, specifically its rights on the subject-matter source code, the violation of the GNU GPL by D-Link, the validity of the GPL under German law, and D-Link’s obligation to reimburse gpl-violations.org for legal expenses, test purchase and cost of re-engineering.

D-Link Germany GmbH, a subsidiary of D-Link Corporation, Taiwan R.O.C., distributed DSM-G600, a network attached storage (NAS) device which uses a Linux-based Operating System.

However, this distribution was incompliant with the GNU General Public License (GPL) which covers the Linux Kernel and many other software programs used in the product.

Popularity: 25% [?]

From LWN.

Linus has announced the 2.6.17 kernel. Some of the highlights from the 2.6.17 development cycle include:

• SPARC “Niagara” architecture support
• an H.323 netfilter connection tracking helper
• lightweight robust futexes
• on-the-fly RAID5 array resizing
• user-space software suspend
• splice(), vmsplice(), tee(), and sync_file_range() system calls (Interesting system calls!)

After several months, the 2.6.18 stable kernel is out at Sep 20, 2006. You can read LWN 2.6 kernel API changes page for information on internal programming interface changes, or the long-format changelog for thousands of patches’ worth of detail.

Besides, Andrew Morton has posted his patch queue with numerous comments about merge plans into the mainline kernel. Among his comments he noted that he would not yet be merging the Reiser4 filesystem:

reiser4. I was planning on merging this, but the batch_write/writev problemight wreck things, and I don’t think the patches arising from my recent partial review have come through yet. So it’s looking more like 2.6.20.

The upcoming Red Hat Enterprise Linux 5 (short for RHEL5) will use 2.6.18 or 2.6.19. You can read the “Kernel Notes” section in RHEL 5 Beta 1 Announcement.

Popularity: 24% [?]

Since openssl-0.9.8c, dev-libs/openssl has provided USE flag of sse2 to gain more performance on all ssl-enabled applications.

If you, however, remerge openssl with this new flag, it will break ABI (#147758) and cause openssh can not work regularly.

It’s recommended to remerge openssh and all other ssl-enabled applications after upgrading from previous 0.9.8 versions. If you are having problems with ssh segfaults, you are affected and will need to remerge the affected packages.

Here is my upgrading steps from openssl 0.9.7. You can use 0.9.8 instead of 0.9.7 to remerge all ssl-enabled applications.

1. Remerge all packages that are linked against OpenSSL 0.9.7 by using revdep-rebuild from app-portage/gentoolkit:

   # revdep-rebuild –library libssl.so.0.9.7
   # revdep-rebuild –library libcrypto.so.0.9.7

2. After this, you can delete /usr/lib/libssl.so.0.9.7 and /usr/lib/libcrypto.so.0.9.7

Popularity: 31% [?]