Bug #5836
closedoutput: abort triggered on no permission test
Description
SV test bug-5198
.
Fails when configured with --enable-debug-validation
src/suricata --set outputs.1.eve-log.filename=noperms/eve.json --set outputs.1.eve-log.threaded=true --set classification-file=/home/victor/sync/devel/eidps/etc/classification.config --set reference-config-file=/home/victor/sync/devel/eidps/etc/reference.config --init-errors-fatal -l /tmp/sv-eidps/bug-5198/output -c /home/victor/sync/devel/eidps/suricata.yaml -r /home/victor/sync/qa/sv/all/00default/bug-5198/input.pcap --disable-detection --runmode=single Notice: suricata: This is Suricata version 7.0.0-rc2-dev (d9e6301af2 2023-01-31) running in USER mode [LogVersion:suricata.c:1148] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] suricata: output-packet.c:118: OutputPacketLog: Assertion `!((logger != ((void *)0) && store == ((void *)0)))' failed. Aborted (core dumped)
This is Suricata version 7.0.0-rc2-dev (d9e6301af2 2023-01-31) Features: DEBUG DEBUG_VALIDATION NFQ PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HTTP2_DECOMPRESSION HAVE_LUA HAVE_LIBJANSSON TLS TLS_C11 MAGIC RUST SIMD support: none Atomic intrinsics: 1 2 4 8 byte(s) 64-bits, Little-endian architecture GCC version 11.3.0, C version 201112 compiled with -fstack-protector-all compiled with _FORTIFY_SOURCE=0 L1 cache line size (CLS)=64 thread local storage method: _Thread_local compiled with LibHTP v0.5.42, linked against LibHTP v0.5.42 Suricata Configuration: AF_PACKET support: yes AF_XDP support: no DPDK support: no eBPF support: no XDP support: no PF_RING support: no NFQueue support: yes NFLOG support: no IPFW support: no Netmap support: no DAG enabled: no Napatech enabled: no WinDivert enabled: no Unix socket enabled: yes Detection enabled: yes Libmagic support: yes libjansson support: yes hiredis support: no hiredis async with libevent: no PCRE jit: yes LUA support: yes libluajit: no GeoIP2 support: yes Non-bundled htp: yes Hyperscan support: yes Libnet support: yes liblz4 support: no Landlock support: yes Rust support: yes Rust strict mode: no Rust compiler path: /usr/bin/rustc Rust compiler version: rustc 1.61.0 Cargo path: /usr/bin/cargo Cargo version: cargo 1.61.0 Python support: yes Python path: /usr/bin/python3 Install suricatactl: yes Install suricatasc: yes Install suricata-update: no, not bundled Profiling enabled: no Profiling locks enabled: no Plugin support (experimental): yes Development settings: Coccinelle / spatch: no Unit tests enabled: no Debug output enabled: yes Debug validation enabled: yes Fuzz targets enabled: no Generic build parameters: Installation prefix: /usr Configuration directory: /etc/suricata/ Log directory: /var/log/suricata/ --prefix /usr --sysconfdir /etc --localstatedir /var --datarootdir /usr/share Host: x86_64-pc-linux-gnu Compiler: gcc (exec name) / g++ (real) GCC Protect enabled: no GCC march native enabled: no GCC Profile enabled: no Position Independent Executable enabled: no CFLAGS -fno-common -O0 -ggdb3 -Werror -Wchar-subscripts -fno-strict-aliasing -fstack-protector-all -fno-omit-frame-pointer -Wshadow -fPIC -std=c11 -I${srcdir}/../rust/gen -I${srcdir}/../rust/dist PCAP_CFLAGS -I/usr/include SECCFLAGS
Updated by Jason Ish almost 2 years ago
- Assignee changed from OISF Dev to Jason Ish
The issue occurs during initializing when the output module fails to open a specific output file, and an error is returned instead of completing initialization of that output module. However, the runmode setup keeps on going, when it should probably fatal error here.
Note that if the log directory is not writable we do fatal error. So it might make sense during startup to fatal error if any one log file cannot be opened either.
Fix 1) Fatal error during initializing if we can't open a log file. This is my preference.
Fix 2) If we can't open a file, log an error like we do now, but continue to setup the log modules as if it was successful. As the file pointer is null, attempts to log at runtime will fail silently. While Suricata won't automatically re-attempt to open the log files, it can be told to with a SIGHUP. The files will be opened and logging will commence. This isn't that much different than if Suricata started OK, then files were then made immutable or something, and a SIGHUP was sent to Suricata. Suricata would no longer log, but keep running fine. Fix files, SIGHUP, and we're logging again.
Updated by Jeff Lucovsky almost 2 years ago
- Related to Bug #5198: eve/stats: ASAN error when eve output file can't be opened. added
Updated by Jeff Lucovsky almost 2 years ago
- Status changed from New to In Progress
- Assignee changed from Jason Ish to Jeff Lucovsky
Updated by Jeff Lucovsky almost 2 years ago
- Status changed from In Progress to In Review
Updated by Victor Julien almost 2 years ago
- Status changed from In Review to Assigned
I don't see how an SV update that adjusts the expected exit code can fix an abort().
Updated by Victor Julien almost 2 years ago
Jason Ish wrote in #note-1:
The issue occurs during initializing when the output module fails to open a specific output file, and an error is returned instead of completing initialization of that output module. However, the runmode setup keeps on going, when it should probably fatal error here.
Note that if the log directory is not writable we do fatal error. So it might make sense during startup to fatal error if any one log file cannot be opened either.
Fix 1) Fatal error during initializing if we can't open a log file. This is my preference.
I agree. We shouldn't start in an error state.
Side note: the implementation with 2 related but separate lists is not ideal either. Perhaps this would be a good opportunity to merge them into only one that is used at runtime. The per thread list members will only have to extended slightly to also contain the data/ptrs from the other list. Then we could limit this code to walk only one list.
Updated by Jeff Lucovsky over 1 year ago
- Status changed from Assigned to In Review
Updated by Jeff Lucovsky over 1 year ago
- Status changed from In Review to Closed