Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Execute via ssh without X11 forwarding results in seg fault #834

Open
tparchambault opened this issue Mar 22, 2023 · 0 comments
Open

Execute via ssh without X11 forwarding results in seg fault #834

tparchambault opened this issue Mar 22, 2023 · 0 comments

Comments

@tparchambault
Copy link
Contributor

On RHEL86, V1.0.0, the yours-truly user, inadvertently connected to the target system via ssh however yours-truly omitted the -X X11 forwarding option. This resulted in a seg fault and some less than obvious error messaging. I don't consider this a high priority issue, and am not sure whether X11 forwarding can be detected within the ssh session, and whether appropriate messaging should be or even can be generated by the pkexec layer or the fapolicy-analyzer application itself.

The following is the ssh session output along with the journald messages. It is a tremendous amount of noise w/o presenting either a clear or potential root cause or solutions for not having X forwarding enabled. Unless of course, I've just missed it in the wall of words... This is the closest that I can find:

Unable to init server: Could not connect: Connection refused
Unable to init server: Could not connect: Connection refused

along with the journald snippet, that got me to look at the gfx connection: error 4 in libgtk-3.so.0.2200.30

[toma@son-o-wimpy ~]$ fapolicy-analyzer -vv
pkttyagent registering on the dbus...
==== AUTHENTICATING FOR org.freedesktop.policykit.exec ====
Authentication is needed to run `/usr/bin/env' as the super user
Authenticating as: Thomas ***************
Password: 
==== AUTHENTICATION COMPLETE ====
Unable to init server: Could not connect: Connection refused
Unable to init server: Could not connect: Connection refused
 Creating '/root/.local/share/fapolicy-analyzer/' 
Verbosity enabled
 Creating '/root/.local/state/fapolicy-analyzer/' 
INFO:root:SessionManager::set_autosave_filename: /root/.local/state/fapolicy-analyzer/FaCurrentSession.tmp
fapolicy-analyzer v1.0.0
DEBUG:fapolicy_analyzer.redux._internal.feature:system
DEBUG:root:_PostInitCaller.__call__((), {})
/usr/sbin/fapolicy-analyzer: line 47: 35415 Segmentation fault   (core dumped) pkexec --disable-internal-agent env NO_AT_BRIDGE=1 DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY FAPD_LOGPATH=$FAPD_LOGPATH python3 -m fapolicy_analyzer.ui "$@"
Terminating pkttyagent.
/usr/sbin/fapolicy-analyzer: line 54: 35400 Terminated  pkttyagent --notify-fd $fdCallback --process $$,$timestamp
[toma@son-o-wimpy ~]$

...with the following captured in the journalctl -f output:

Mar 21 15:14:42 son-o-wimpy polkitd[891]: Registered Authentication Agent for unix-process:35396:439909 (system bus name :1.347 [pkttyagent --notify-fd 10 --process 35396,439909], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 21 15:14:49 son-o-wimpy polkitd[891]: Operator of unix-process:35396:439909 successfully authenticated as unix-user:toma to gain ONE-SHOT authorization for action org.freedesktop.policykit.exec for unix-process:35396:439909 [/usr/bin/bash /usr/sbin/fapolicy-analyzer -vv] (owned by unix-user:toma)
Mar 21 15:14:49 son-o-wimpy pkexec[35415]: pam_systemd(polkit-1:session): Cannot create session: Already running in a session or user slice
Mar 21 15:14:49 son-o-wimpy pkexec[35415]: pam_unix(polkit-1:session): session opened for user root by toma(uid=1000)
Mar 21 15:14:49 son-o-wimpy pkexec[35415]: toma: Executing command [USER=root] [TTY=/dev/pts/1] [CWD=/home/toma] [COMMAND=/usr/bin/env NO_AT_BRIDGE=1 DISPLAY= XAUTHORITY=/home/toma/.Xauthority FAPD_LOGPATH= python3 -m fapolicy_analyzer.ui -vv]
Mar 21 15:14:50 son-o-wimpy kernel: python3[35415]: segfault at 0 ip 00007f0fd309fb5d sp 00007ffdc14b9c90 error 4 in libgtk-3.so.0.2200.30[7f0fd2da8000+70a000]
Mar 21 15:14:50 son-o-wimpy kernel: Code: fa 8b 35 7e 70 62 00 31 d2 31 c0 e9 4d 5a d9 ff 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 53 48 89 fb e8 03 fe ff ff <48> 8b 3b 48 89 c6 e8 98 49 d9 ff 48 8b 40 18 48 85 c0 74 0f 48 89
Mar 21 15:14:50 son-o-wimpy systemd[1]: Created slice system-systemd\x2dcoredump.slice.
Mar 21 15:14:50 son-o-wimpy systemd[1]: Started Process Core Dump (PID 35438/UID 0).
Mar 21 15:14:50 son-o-wimpy systemd-coredump[35439]: Resource limits disable core dumping for process 35415 (python3).
Mar 21 15:14:50 son-o-wimpy systemd-coredump[35439]: Process 35415 (python3) of user 0 dumped core.
Mar 21 15:14:50 son-o-wimpy systemd[1]: systemd-coredump@0-35438-0.service: Succeeded.
Mar 21 15:14:50 son-o-wimpy polkitd[891]: Unregistered Authentication Agent for unix-process:35396:439909 (system bus name :1.347, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 21 15:29:01 son-o-wimpy anacron[35017]: Job `cron.daily' started
Mar 21 15:29:01 son-o-wimpy run-parts[35573]: (/etc/cron.daily) starting logrotate
Mar 21 15:29:02 son-o-wimpy run-parts[35587]: (/etc/cron.daily) finished logrotate
Mar 21 15:29:02 son-o-wimpy anacron[35017]: Job `cron.daily' terminated
@jw3 jw3 changed the title On RHEL 86, w/V1.0 from EPEL-testing, an ssh w/o X11 forwarding results in a seg fault Execute via ssh without X11 forwarding results in seg fault Jul 5, 2023
@jw3 jw3 added this to the v1.2 milestone Jul 5, 2023
@jw3 jw3 removed this from the v1.2 milestone Sep 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jw3 @tparchambault