Bug #5836
closedoutput: abort triggered on no permission test
Description
SV test bug-5198.
Fails when configured with --enable-debug-validation
src/suricata --set outputs.1.eve-log.filename=noperms/eve.json --set outputs.1.eve-log.threaded=true --set classification-file=/home/victor/sync/devel/eidps/etc/classification.config --set reference-config-file=/home/victor/sync/devel/eidps/etc/reference.config --init-errors-fatal -l /tmp/sv-eidps/bug-5198/output -c /home/victor/sync/devel/eidps/suricata.yaml -r /home/victor/sync/qa/sv/all/00default/bug-5198/input.pcap --disable-detection --runmode=single Notice: suricata: This is Suricata version 7.0.0-rc2-dev (d9e6301af2 2023-01-31) running in USER mode [LogVersion:suricata.c:1148] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] Error: logopenfile: Error opening file: "/tmp/sv-eidps/bug-5198/output/noperms/eve.1.json": Permission denied [SCLogOpenFileFp:util-logopenfile.c:438] suricata: output-packet.c:118: OutputPacketLog: Assertion `!((logger != ((void *)0) && store == ((void *)0)))' failed. Aborted (core dumped)
This is Suricata version 7.0.0-rc2-dev (d9e6301af2 2023-01-31)
Features: DEBUG DEBUG_VALIDATION NFQ PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HTTP2_DECOMPRESSION HAVE_LUA HAVE_LIBJANSSON TLS TLS_C11 MAGIC RUST
SIMD support: none
Atomic intrinsics: 1 2 4 8 byte(s)
64-bits, Little-endian architecture
GCC version 11.3.0, C version 201112
compiled with -fstack-protector-all
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: _Thread_local
compiled with LibHTP v0.5.42, linked against LibHTP v0.5.42
Suricata Configuration:
AF_PACKET support: yes
AF_XDP support: no
DPDK support: no
eBPF support: no
XDP support: no
PF_RING support: no
NFQueue support: yes
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no
Unix socket enabled: yes
Detection enabled: yes
Libmagic support: yes
libjansson support: yes
hiredis support: no
hiredis async with libevent: no
PCRE jit: yes
LUA support: yes
libluajit: no
GeoIP2 support: yes
Non-bundled htp: yes
Hyperscan support: yes
Libnet support: yes
liblz4 support: no
Landlock support: yes
Rust support: yes
Rust strict mode: no
Rust compiler path: /usr/bin/rustc
Rust compiler version: rustc 1.61.0
Cargo path: /usr/bin/cargo
Cargo version: cargo 1.61.0
Python support: yes
Python path: /usr/bin/python3
Install suricatactl: yes
Install suricatasc: yes
Install suricata-update: no, not bundled
Profiling enabled: no
Profiling locks enabled: no
Plugin support (experimental): yes
Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: yes
Debug validation enabled: yes
Fuzz targets enabled: no
Generic build parameters:
Installation prefix: /usr
Configuration directory: /etc/suricata/
Log directory: /var/log/suricata/
--prefix /usr
--sysconfdir /etc
--localstatedir /var
--datarootdir /usr/share
Host: x86_64-pc-linux-gnu
Compiler: gcc (exec name) / g++ (real)
GCC Protect enabled: no
GCC march native enabled: no
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -fno-common -O0 -ggdb3 -Werror -Wchar-subscripts -fno-strict-aliasing -fstack-protector-all -fno-omit-frame-pointer -Wshadow -fPIC -std=c11 -I${srcdir}/../rust/gen -I${srcdir}/../rust/dist
PCAP_CFLAGS -I/usr/include
SECCFLAGS
Updated by Jason Ish about 1 year ago
- Assignee changed from OISF Dev to Jason Ish
The issue occurs during initializing when the output module fails to open a specific output file, and an error is returned instead of completing initialization of that output module. However, the runmode setup keeps on going, when it should probably fatal error here.
Note that if the log directory is not writable we do fatal error. So it might make sense during startup to fatal error if any one log file cannot be opened either.
Fix 1) Fatal error during initializing if we can't open a log file. This is my preference.
Fix 2) If we can't open a file, log an error like we do now, but continue to setup the log modules as if it was successful. As the file pointer is null, attempts to log at runtime will fail silently. While Suricata won't automatically re-attempt to open the log files, it can be told to with a SIGHUP. The files will be opened and logging will commence. This isn't that much different than if Suricata started OK, then files were then made immutable or something, and a SIGHUP was sent to Suricata. Suricata would no longer log, but keep running fine. Fix files, SIGHUP, and we're logging again.
Updated by Jeff Lucovsky about 1 year ago
- Related to Bug #5198: eve/stats: ASAN error when eve output file can't be opened. added
Updated by Jeff Lucovsky about 1 year ago
- Status changed from New to In Progress
- Assignee changed from Jason Ish to Jeff Lucovsky
Updated by Jeff Lucovsky about 1 year ago
- Status changed from In Progress to In Review
Updated by Victor Julien about 1 year ago
- Status changed from In Review to Assigned
I don't see how an SV update that adjusts the expected exit code can fix an abort().
Updated by Victor Julien about 1 year ago
Jason Ish wrote in #note-1:
The issue occurs during initializing when the output module fails to open a specific output file, and an error is returned instead of completing initialization of that output module. However, the runmode setup keeps on going, when it should probably fatal error here.
Note that if the log directory is not writable we do fatal error. So it might make sense during startup to fatal error if any one log file cannot be opened either.
Fix 1) Fatal error during initializing if we can't open a log file. This is my preference.
I agree. We shouldn't start in an error state.
Side note: the implementation with 2 related but separate lists is not ideal either. Perhaps this would be a good opportunity to merge them into only one that is used at runtime. The per thread list members will only have to extended slightly to also contain the data/ptrs from the other list. Then we could limit this code to walk only one list.
Updated by Jeff Lucovsky about 1 year ago
- Status changed from Assigned to In Review
Updated by Jeff Lucovsky about 1 year ago
- Status changed from In Review to Closed