Re: [exim] Segfaults due to corrupted berkeley db

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-users
Subject: Re: [exim] Segfaults due to corrupted berkeley db
Phil Pennock <exim-users@???> wrote:
> On 2009-08-02 at 16:29 +0200, Andreas Metzler wrote:
>> ocassionally somebody reports a segfault in exim. Usually the response is
>> "Delete the contents of $spooldir/db." People do this and the problem
>> goes away.


> That's strange. What corrupted the files in the first place?


Perhaps a crash, I do not know.

> What happens if you build Exim against a different DB backend? It's not
> usual in Exim to just accept crashes; especially since those DBs contain
> data derived from emails, so if this can be deterministically reproduced
> then it might be somehow exploitable (corrupt the DB to upset the
> application and insert shellcode).


> In fact, that's really worrying. I don't recall hearing of this before
> now.


http://news.gmane.org/find-root.php?message_id=%3c1130182572.14477.5.camel%40murdegern.hindenburgdamm.example%3e
http://news.gmane.org/find-root.php?message_id=%3cPine.LNX.4.60.0506211419550.21320%40hermes%2d1.csi.cam.ac.uk%3e

Results of a quick search. I am pretty sure I have stumbled upon this
more often already.

> The most usual cause of crashes I've seen is someone with an Exim built
> against one version of OpenSSL but running against another version, and
> then something in some session tickles an OpenSSL ABI incompatibility.


These Debian binaries, using GnuTLS.

>> Is this the right way to handle the problem? I am wondering because I
>> recently received a bug report on the issue and do not want to cut
>> corners.


> Can you get more details?


I will try.

thanks, cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'