Menu
▾
▴
sshguard-users
|
From: Sebastian H. <seb...@gm...> - 2009-03-02 15:24:37
|
further investigation shows a problem in blacklist_load():
# cat /var/log/sshguard.fifo | valgrind --tool=memcheck /usr/local/sbin/sshguard
==9364== Memcheck, a memory error detector.
==9364== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==9364== Using LibVEX rev 1732, a library for dynamic binary translation.
==9364== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==9364== Using valgrind-3.2.3, a dynamic binary instrumentation framework.
==9364== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==9364== For more details, rerun with: -v
==9364==
==9364== Syscall param open(filename) points to unaddressable byte(s)
==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
==9364== by 0x804D6A3: blacklist_load (sshguard_blacklist.c:151)
==9364== by 0x804D6D5: blacklist_lookup_address (sshguard_blacklist.c:199)
==9364== by 0x804BAD9: report_address (sshguard.c:368)
==9364== by 0x804C415: main (sshguard.c:240)
==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==9364==
==9364== Syscall param open(filename) points to unaddressable byte(s)
==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
==9364== by 0x804D6A3: blacklist_load (sshguard_blacklist.c:151)
==9364== by 0x804D78C: blacklist_add (sshguard_blacklist.c:173)
==9364== by 0x804BC28: report_address (sshguard.c:372)
==9364== by 0x804C415: main (sshguard.c:240)
==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==9364==
==9364== Syscall param open(filename) points to unaddressable byte(s)
==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
==9364== by 0x804D7C7: blacklist_add (sshguard_blacklist.c:182)
==9364== by 0x804BC28: report_address (sshguard.c:372)
==9364== by 0x804C415: main (sshguard.c:240)
==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
But currently sshguard is not yet running at 100%... It's idle as it should.
---------- Weitergeleitete Nachricht ----------
Betreff: sshguard using 100% CPU
Datum: Montag 02 März 2009
Von: Sebastian Held <seb...@gm...>
An: ssh...@li...
Hello,
sshguard (svn rev. 74 + mod, but same issue is found in pristine rev 74) is started like this:
cat /var/log/sshguard.fifo | /usr/local/sbin/sshguard -w 192.168.90.86 -w 192.168.90.52 >&/dev/null &
After a short time (around an hour) CPU utilization increases to 100%.
A core dump is attached. There was only one sshguard process running.
Stacktrace:
# gdb /usr/local/sbin/sshguard core.23814
GNU gdb 6.6.50.20070726-cvs
Copyright (C) 2007 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i586-suse-linux"...
Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `/usr/local/sbin/sshguard'.
#0 0x0804b7dc in pardonBlocked (par=0x0) at sshguard.c:431
431 for (pos = 0; pos < list_size(& hell); ) {
(gdb) bt full
#0 0x0804b7dc in pardonBlocked (par=0x0) at sshguard.c:431
now = 1235994775
tmpel = (attacker_t *) 0x8060128
ret = 0
pos = 0
#1 0xb7fc9192 in ?? ()
No symbol table info available.
#2 0x00000000 in ?? ()
No symbol table info available.
(gdb) p *tmpel
$2 = {attack = {address = {value = "62.109.4.89\00041\000\blvps92-51-146-81 sshd[23934]: ", kind = 4}, service = 400}, whenfirst = 1235994599, whenlast = 1235994603,
pardontime = 0, numhits = 4}
(gdb)
br,
Sebastian
-------------------------------------------------------
|
|
From: Mij <mi...@bi...> - 2009-03-07 17:04:57
|
Hi Sebastian
thanks for reporting. Can you give a try to the version currently in
the SVN?
On Mar 2, 2009, at 16:24 , Sebastian Held wrote:
> further investigation shows a problem in blacklist_load():
>
> # cat /var/log/sshguard.fifo | valgrind --tool=memcheck /usr/local/
> sbin/sshguard
> ==9364== Memcheck, a memory error detector.
> ==9364== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et
> al.
> ==9364== Using LibVEX rev 1732, a library for dynamic binary
> translation.
> ==9364== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
> ==9364== Using valgrind-3.2.3, a dynamic binary instrumentation
> framework.
> ==9364== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et
> al.
> ==9364== For more details, rerun with: -v
> ==9364==
> ==9364== Syscall param open(filename) points to unaddressable byte(s)
> ==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
> ==9364== by 0x804D6A3: blacklist_load (sshguard_blacklist.c:151)
> ==9364== by 0x804D6D5: blacklist_lookup_address
> (sshguard_blacklist.c:199)
> ==9364== by 0x804BAD9: report_address (sshguard.c:368)
> ==9364== by 0x804C415: main (sshguard.c:240)
> ==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
> ==9364==
> ==9364== Syscall param open(filename) points to unaddressable byte(s)
> ==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
> ==9364== by 0x804D6A3: blacklist_load (sshguard_blacklist.c:151)
> ==9364== by 0x804D78C: blacklist_add (sshguard_blacklist.c:173)
> ==9364== by 0x804BC28: report_address (sshguard.c:372)
> ==9364== by 0x804C415: main (sshguard.c:240)
> ==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
> ==9364==
> ==9364== Syscall param open(filename) points to unaddressable byte(s)
> ==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
> ==9364== by 0x804D7C7: blacklist_add (sshguard_blacklist.c:182)
> ==9364== by 0x804BC28: report_address (sshguard.c:372)
> ==9364== by 0x804C415: main (sshguard.c:240)
> ==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
>
> But currently sshguard is not yet running at 100%... It's idle as it
> should.
>
>
>
>
> ---------- Weitergeleitete Nachricht ----------
>
> Betreff: sshguard using 100% CPU
> Datum: Montag 02 März 2009
> Von: Sebastian Held <seb...@gm...>
> An: ssh...@li...
>
> Hello,
>
> sshguard (svn rev. 74 + mod, but same issue is found in pristine rev
> 74) is started like this:
> cat /var/log/sshguard.fifo | /usr/local/sbin/sshguard -w
> 192.168.90.86 -w 192.168.90.52 >&/dev/null &
>
> After a short time (around an hour) CPU utilization increases to 100%.
> A core dump is attached. There was only one sshguard process running.
>
> Stacktrace:
> # gdb /usr/local/sbin/sshguard core.23814
> GNU gdb 6.6.50.20070726-cvs
> Copyright (C) 2007 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and
> you are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for
> details.
> This GDB was configured as "i586-suse-linux"...
> Using host libthread_db library "/lib/libthread_db.so.1".
> Core was generated by `/usr/local/sbin/sshguard'.
> #0 0x0804b7dc in pardonBlocked (par=0x0) at sshguard.c:431
> 431 for (pos = 0; pos < list_size(& hell); ) {
> (gdb) bt full
> #0 0x0804b7dc in pardonBlocked (par=0x0) at sshguard.c:431
> now = 1235994775
> tmpel = (attacker_t *) 0x8060128
> ret = 0
> pos = 0
> #1 0xb7fc9192 in ?? ()
> No symbol table info available.
> #2 0x00000000 in ?? ()
> No symbol table info available.
> (gdb) p *tmpel
> $2 = {attack = {address = {value =
> "62.109.4.89\00041\000\blvps92-51-146-81 sshd[23934]: ", kind = 4},
> service = 400}, whenfirst = 1235994599, whenlast = 1235994603,
> pardontime = 0, numhits = 4}
> (gdb)
>
>
>
> br,
> Sebastian
>
> -------------------------------------------------------
>
> ------------------------------------------------------------------------------
> Open Source Business Conference (OSBC), March 24-25, 2009, San
> Francisco, CA
> -OSBC tackles the biggest issue in open source: Open Sourcing the
> Enterprise
> -Strategies to boost innovation and cut costs with open source
> participation
> -Receive a $600 discount off the registration fee with the source
> code: SFAD
> http://p.sf.net/sfu/XcvMzF8H
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
|
|
From: Sebastian H. <seb...@gm...> - 2009-03-09 07:33:03
|
Hi,
seems to work quite well - thanks.
br,
Sebastian
Am Samstag 07 März 2009 18:04:32 schrieb Mij:
> Hi Sebastian
>
> thanks for reporting. Can you give a try to the version currently in
> the SVN?
>
> On Mar 2, 2009, at 16:24 , Sebastian Held wrote:
> > further investigation shows a problem in blacklist_load():
> >
> > # cat /var/log/sshguard.fifo | valgrind --tool=memcheck /usr/local/
> > sbin/sshguard
> > ==9364== Memcheck, a memory error detector.
> > ==9364== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et
> > al.
> > ==9364== Using LibVEX rev 1732, a library for dynamic binary
> > translation.
> > ==9364== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
> > ==9364== Using valgrind-3.2.3, a dynamic binary instrumentation
> > framework.
> > ==9364== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et
> > al.
> > ==9364== For more details, rerun with: -v
> > ==9364==
> > ==9364== Syscall param open(filename) points to unaddressable byte(s)
> > ==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
> > ==9364== by 0x804D6A3: blacklist_load (sshguard_blacklist.c:151)
> > ==9364== by 0x804D6D5: blacklist_lookup_address
> > (sshguard_blacklist.c:199)
> > ==9364== by 0x804BAD9: report_address (sshguard.c:368)
> > ==9364== by 0x804C415: main (sshguard.c:240)
> > ==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
> > ==9364==
> > ==9364== Syscall param open(filename) points to unaddressable byte(s)
> > ==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
> > ==9364== by 0x804D6A3: blacklist_load (sshguard_blacklist.c:151)
> > ==9364== by 0x804D78C: blacklist_add (sshguard_blacklist.c:173)
> > ==9364== by 0x804BC28: report_address (sshguard.c:372)
> > ==9364== by 0x804C415: main (sshguard.c:240)
> > ==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
> > ==9364==
> > ==9364== Syscall param open(filename) points to unaddressable byte(s)
> > ==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
> > ==9364== by 0x804D7C7: blacklist_add (sshguard_blacklist.c:182)
> > ==9364== by 0x804BC28: report_address (sshguard.c:372)
> > ==9364== by 0x804C415: main (sshguard.c:240)
> > ==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
> >
> > But currently sshguard is not yet running at 100%... It's idle as it
> > should.
> >
> >
> >
> >
> > ---------- Weitergeleitete Nachricht ----------
> >
> > Betreff: sshguard using 100% CPU
> > Datum: Montag 02 März 2009
> > Von: Sebastian Held <seb...@gm...>
> > An: ssh...@li...
> >
> > Hello,
> >
> > sshguard (svn rev. 74 + mod, but same issue is found in pristine rev
> > 74) is started like this:
> > cat /var/log/sshguard.fifo | /usr/local/sbin/sshguard -w
> > 192.168.90.86 -w 192.168.90.52 >&/dev/null &
> >
> > After a short time (around an hour) CPU utilization increases to 100%.
> > A core dump is attached. There was only one sshguard process running.
> >
> > Stacktrace:
> > # gdb /usr/local/sbin/sshguard core.23814
> > GNU gdb 6.6.50.20070726-cvs
> > Copyright (C) 2007 Free Software Foundation, Inc.
> > GDB is free software, covered by the GNU General Public License, and
> > you are
> > welcome to change it and/or distribute copies of it under certain
> > conditions.
> > Type "show copying" to see the conditions.
> > There is absolutely no warranty for GDB. Type "show warranty" for
> > details.
> > This GDB was configured as "i586-suse-linux"...
> > Using host libthread_db library "/lib/libthread_db.so.1".
> > Core was generated by `/usr/local/sbin/sshguard'.
> > #0 0x0804b7dc in pardonBlocked (par=0x0) at sshguard.c:431
> > 431 for (pos = 0; pos < list_size(& hell); ) {
> > (gdb) bt full
> > #0 0x0804b7dc in pardonBlocked (par=0x0) at sshguard.c:431
> > now = 1235994775
> > tmpel = (attacker_t *) 0x8060128
> > ret = 0
> > pos = 0
> > #1 0xb7fc9192 in ?? ()
> > No symbol table info available.
> > #2 0x00000000 in ?? ()
> > No symbol table info available.
> > (gdb) p *tmpel
> > $2 = {attack = {address = {value =
> > "62.109.4.89\00041\000\blvps92-51-146-81 sshd[23934]: ", kind = 4},
> > service = 400}, whenfirst = 1235994599, whenlast = 1235994603,
> > pardontime = 0, numhits = 4}
> > (gdb)
> >
> >
> >
> > br,
> > Sebastian
> >
> > -------------------------------------------------------
> >
> > -------------------------------------------------------------------------
> >----- Open Source Business Conference (OSBC), March 24-25, 2009, San
> > Francisco, CA
> > -OSBC tackles the biggest issue in open source: Open Sourcing the
> > Enterprise
> > -Strategies to boost innovation and cut costs with open source
> > participation
> > -Receive a $600 discount off the registration fee with the source
> > code: SFAD
> > http://p.sf.net/sfu/XcvMzF8H
> > _______________________________________________
> > Sshguard-users mailing list
> > Ssh...@li...
> > https://lists.sourceforge.net/lists/listinfo/sshguard-users
>
> ---------------------------------------------------------------------------
>--- Open Source Business Conference (OSBC), March 24-25, 2009, San
> Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing
> the Enterprise -Strategies to boost innovation and cut costs with open
> source participation -Receive a $600 discount off the registration fee with
> the source code: SFAD http://p.sf.net/sfu/XcvMzF8H
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X