mandos general protection error ...

Teddy Hogeborn teddy at fukt.bsnet.se
Sat Jan 24 00:15:00 CET 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dick Middleton <dick at fouter.net> writes:

>> [pid 31328] --- SIGSEGV (Segmentation fault) @ 0 (0) ---
>> 
>> That is worrying.  It's *Python*; it's not supposed to do that.
>
> I saw that too.  Matches error in syslog:
>
> Jan 23 20:58:03 Geronimo kernel: [861794.318211] python[32636] general 
> protection ip:b7a6b4bc sp:bf995494 error:0 in libgcrypt.so.11.4.4[b7a49000+66000]

This seems to indicate that the crash is inside libgcrypt?  I don't
really know how to find out where such a crash happens in the server
code except to litter it with logger.debug("foo") statements.  If you
know some Python you could try that, I suppose; the prime suspects are
the TCP_handler.handle() method and the fingerprint() and
peer_certificate() functions.

> This gpg thing is the showstopper; ipv6 and avahi are looking
> manageable now.

I think the time has come for some more heavy duty debugging.  Could
you please do the following:

First, make sure the official Mandos server is not running; run
"invoke-rc.d mandos stop" as root.  Then, install the following
packages:

bzr bzr-builddeb debhelper docbook-xml docbook-xsl libavahi-core-dev
libgpgme11-dev libgpgme11-dev libgnutls-dev xsltproc pkg-config

Run the following commands (as a normal user or root, it should not
matter, but be consistent):

bzr branch http://ftp.fukt.bsnet.se/pub/mandos/trunk mandos-trunk
cd mandos-trunk
make run-server SERVERARGS="--no-dbus --servicename=Test"

After generating keys it will (eventually) ask for a passphrase; just
type something random you will recognize later.  Then in another
window, run, in the same directory, on the same machine, as the same
user, this command:

make run-client

This *should* work, and should output the password typed earlier.  If
it does not, there is some fundamental difference between your system
and ours.  (Are you really using Debian lenny and not unstable?  Does
this machine have an "eth0" network interface which is directly
usable?)  If it *does* work, you have some configuration file and/or
key file difference(s) which triggers some obscure bug.

> Thanks for your suggestions and patience.

Thanks very much for sticking with it and helping us find the source
of your problems!

/Teddy Hogeborn

- -- 
The Mandos Project
http://www.fukt.bsnet.se/mandos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJek94OWBmT5XqI90RAlXBAJ9fmkxdgaHNxLokKX+MixcxRKaDRQCfUGXq
7FR220b2NLJPYDEHInmZSyU=
=VRyd
-----END PGP SIGNATURE-----

More information about the Mandos-Dev mailing list