ASL and node.js error

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
brannou
New Forum User
New Forum User
Posts: 3
Joined: Thu Oct 24, 2013 6:29 am
Location: Cotonou

ASL and node.js error

Unread post by brannou »

Hi all, i'm fairly new to linux server and security administration and there is still a lot of things I dont understand. I hope you could give me some help with this problem:

when I type node in my shell I get this error: "segmentation fault"
I use node v0.10.17

I did a strace and here is the result:

Code: Select all

execve("/usr/local/bin/node", ["node"], [/* 21 vars */]) = 0
brk(0)                                  = 0x1ce3540
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x28354462000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=38733, ...}) = 0
mmap(NULL, 38733, PROT_READ, MAP_PRIVATE, 3, 0) = 0x28354458000
close(3)                                = 0
open("/lib64/libdl.so.2", O_RDONLY)     = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r \212:\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=22536, ...}) = 0
mmap(0x3a8a200000, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x28354041000
mprotect(0x28354043000, 2097152, PROT_NONE) = 0
mmap(0x28354243000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x28354243000
close(3)                                = 0
open("/lib64/librt.so.1", O_RDONLY)     = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@!`\213:\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=47064, ...}) = 0
mmap(0x3a8b600000, 2128816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x28353e39000
mprotect(0x28353e40000, 2093056, PROT_NONE) = 0
mmap(0x2835403f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x2835403f000
close(3)                                = 0
open("/usr/lib64/libstdc++.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360ce\216:\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=989840, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x28354457000
mmap(0x3a8e600000, 3166648, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x28353b33000
mprotect(0x28353c1b000, 2097152, PROT_NONE) = 0
mmap(0x28353e1b000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe8000) = 0x28353e1b000
mmap(0x28353e24000, 82360, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x28353e24000
close(3)                                = 0
open("/lib64/libm.so.6", O_RDONLY)      = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p>\240\212:\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=598680, ...}) = 0
mmap(0x3a8aa00000, 2633912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x283538af000
mprotect(0x28353932000, 2093056, PROT_NONE) = 0
mmap(0x28353b31000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x82000) = 0x28353b31000
close(3)                                = 0
open("/lib64/libgcc_s.so.1", O_RDONLY)  = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20) \216:\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=93224, ...}) = 0
mmap(0x3a8e200000, 2186488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x28353699000
mprotect(0x283536af000, 2093056, PROT_NONE) = 0
mmap(0x283538ae000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x283538ae000
close(3)                                = 0
open("/lib64/libpthread.so.0", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\\`\212:\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=145720, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x28354456000
mmap(0x3a8a600000, 2212768, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2835347c000
mprotect(0x28353493000, 2097152, PROT_NONE) = 0
mmap(0x28353693000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x28353693000
mmap(0x28353695000, 13216, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x28353695000
close(3)                                = 0
open("/lib64/libc.so.6", O_RDONLY)      = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355\341\211:\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1922152, ...}) = 0
mmap(0x3a89e00000, 3745960, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x283530e9000
mprotect(0x28353273000, 2093056, PROT_NONE) = 0
mmap(0x28353472000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x189000) = 0x28353472000
mmap(0x28353477000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x28353477000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x28354455000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x28354453000
arch_prctl(ARCH_SET_FS, 0x28354453720)  = 0
mprotect(0x28353472000, 16384, PROT_READ) = 0
mprotect(0x28353693000, 4096, PROT_READ) = 0
mprotect(0x28353b31000, 4096, PROT_READ) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x28354452000
mprotect(0x28353e1b000, 28672, PROT_READ) = 0
mprotect(0x2835403f000, 4096, PROT_READ) = 0
mprotect(0x28354243000, 4096, PROT_READ) = 0
mprotect(0x28354464000, 4096, PROT_READ) = 0
munmap(0x28354458000, 38733)            = 0
set_tid_address(0x283544539f0)          = 24044
set_robust_list(0x28354453a00, 0x18)    = 0
futex(0x397eadaefcc, FUTEX_WAKE_PRIVATE, 1) = 0
futex(0x397eadaefcc, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, NULL, 28354453720) = -1 EAGAIN (Resource temporarily unavailable)
rt_sigaction(SIGRTMIN, {0x28353481ae0, [], SA_RESTORER|SA_SIGINFO, 0x2835348b500}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x28353481b70, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x2835348b500}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
brk(0)                                  = 0x1ce3540
brk(0x1d04540)                          = 0x1d04540
brk(0x1d05000)                          = 0x1d05000
getrlimit(RLIMIT_DATA, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
clock_gettime(0x7 /* CLOCK_??? */, {706409, 153266686}) = 0
ioctl(0, FIOCLEX)                       = 0
ioctl(1, FIOCLEX)                       = 0
ioctl(2, FIOCLEX)                       = 0
ioctl(3, FIOCLEX)                       = -1 EBADF (Bad file descriptor)
ioctl(4, FIOCLEX)                       = -1 EBADF (Bad file descriptor)
ioctl(5, FIOCLEX)                       = -1 EBADF (Bad file descriptor)
ioctl(6, FIOCLEX)                       = -1 EBADF (Bad file descriptor)
ioctl(7, FIOCLEX)                       = -1 EBADF (Bad file descriptor)
ioctl(8, FIOCLEX)                       = -1 EBADF (Bad file descriptor)
ioctl(9, FIOCLEX)                       = -1 EBADF (Bad file descriptor)
ioctl(10, FIOCLEX)                      = -1 EBADF (Bad file descriptor)
ioctl(11, FIOCLEX)                      = -1 EBADF (Bad file descriptor)
ioctl(12, FIOCLEX)                      = -1 EBADF (Bad file descriptor)
ioctl(13, FIOCLEX)                      = -1 EBADF (Bad file descriptor)
ioctl(14, FIOCLEX)                      = -1 EBADF (Bad file descriptor)
ioctl(15, FIOCLEX)                      = -1 EBADF (Bad file descriptor)
ioctl(16, FIOCLEX)                      = -1 EBADF (Bad file descriptor)
rt_sigaction(SIGPIPE, {SIG_IGN, ~[RTMIN RT_1], SA_RESTORER, 0x2835348b500}, NULL, 8) = 0
rt_sigaction(SIGINT, {0x599ec0, ~[RTMIN RT_1], SA_RESTORER, 0x2835348b500}, NULL, 8) = 0
rt_sigaction(SIGTERM, {0x599ec0, ~[RTMIN RT_1], SA_RESTORER, 0x2835348b500}, NULL, 8) = 0
pipe2([3, 4], O_CLOEXEC)                = 0
write(4, "*", 1)                        = 1
futex(0xe890b8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
epoll_create1(O_CLOEXEC)                = 5
pipe2([6, 7], O_NONBLOCK|O_CLOEXEC)     = 0
eventfd2(0, O_NONBLOCK|O_CLOEXEC)       = 8
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
read(3, "*", 1)                         = 1
rt_sigaction(SIGUSR1, {0x6e1b20, ~[RTMIN RT_1], SA_RESTORER, 0x2835348b500}, NULL, 8) = 0
write(4, "*", 1)                        = 1
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
mmap(0x360795935000, 4096, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x28354461000
mmap(0x28354461000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = -1 EPERM (Operation not permitted)
munmap(0x28354461000, 4096)             = 0
mmap(0x1a65d9cea000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 EPERM (Operation not permitted)
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

Is there a way to have node.js working with ASL ?
thanks for any help.
boris
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: ASL and node.js error

Unread post by mikeshinn »

Thank you for the question, so it looks like node.js on your system is configured, incorrectly, to try to use mmap in an insecure manner. This FAQ should explain what your application is doing and how to reconfigure it to work more securely:

https://www.atomicorp.com/wiki/index.ph ... WX_mmap_of

Also, ASL will log this action in /var/log/messages and of course in ASL web console. Always check the ASL web console if you are unsure of why something may have occurred. The web console will also link to online documentation explaining the event, and what actions, if any, you may need to take.

Please let us know if you have any questions.
brannou
New Forum User
New Forum User
Posts: 3
Joined: Thu Oct 24, 2013 6:29 am
Location: Cotonou

Re: ASL and node.js error

Unread post by brannou »

thanks michael for the quick answer. I will check the link :-)
Post Reply