Debian Bug report logs - #892076
man-db: fails to exec groff tools under seccomp on 3.14.79-117 arm64 kernel

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Erik Könnecke <erik.koennecke@gmx.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: man-db: man doesn't show any pages, just empty screen and status line

Date: Mon, 05 Mar 2018 00:11:48 +0100

[Message part 1 (text/plain, inline)]

Package: man-db
Version: 2.8.2-1
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
After the upgrade of the man-db package, man stopped showing man pages, only empty screen with the status line
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
I tried to use pinfo as a man alternative, but it also couldn't show man pages, only info pages when available
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: buster/sid
  APT prefers bionic-proposed
  APT policy: (500, 'bionic-proposed'), (500, 'bionic')
Architecture: arm64 (aarch64)
Foreign Architectures: armhf

Kernel: Linux 3.14.79-117 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages man-db depends on:
ii  bsdmainutils           11.1.2ubuntu1
ii  debconf [debconf-2.0]  1.5.66
ii  dpkg                   1.19.0.5ubuntu1
ii  groff-base             1.22.3-10
ii  libc6                  2.27-0ubuntu2
ii  libgdbm5               1.14.1-4
ii  libpipeline1           1.5.0-1
ii  libseccomp2            2.3.1-2.1ubuntu4
ii  zlib1g                 1:1.2.11.dfsg-0ubuntu2

man-db recommends no packages.

Versions of packages man-db suggests:
ii  apparmor               2.11.0-2ubuntu19
ii  firefox [www-browser]  58.0.2+build1-0ubuntu1
pn  groff                  <none>
ii  less                   487-0.1

-- debconf information:
  man-db/auto-update: true
  man-db/install-setuid: false

[man.trace (text/plain, attachment)]

Message #10 received at 892076@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: Erik Könnecke <erik.koennecke@gmx.de>, 892076@bugs.debian.org

Subject: Re: Bug#892076: man-db: man doesn't show any pages, just empty screen and status line

Date: Mon, 5 Mar 2018 00:48:55 +0000

Control: retitle -1 man-db: fails to exec groff tools under seccomp on 3.14.79-117 arm64 kernel

On Mon, Mar 05, 2018 at 12:11:48AM +0100, Erik Könnecke wrote:
> After the upgrade of the man-db package, man stopped showing man
> pages, only empty screen with the status line

Thanks for your report.  I have a few follow-up questions to try to
narrow this down:

 * Where exactly did you get this kernel from?  If you also know where I
   could find the source code for it, that would be helpful too.  The
   only place I could find any mention of this kernel version on the
   internet was an odroid repository that seems to be lacking source
   code (so may well be a GPL violation ...).

 * Does setting MAN_DISABLE_SECCOMP=1 in the environment work around the
   bug?  (I think it probably will, and I still want to investigate even
   if that's the case, but I need to make sure.)

 * The particular error here (EPERM from execve) is a strange symptom.
   Normally it only happens when trying to execute a set-id program
   under certain other conditions.  Could you please show me the output
   of "ls -l /usr/bin/preconv"?

 * It's possible that this particular error is happening partly because
   you're running the program under strace: sometimes debugging tools
   affect the outcome.  To make sure that I don't spend too much time
   getting confused by this possibility, could you please show me the
   full output of "PIPELINE_DEBUG=1 man --debug man" (not under strace)?

I may have further questions after this, but the above should let me
make a better guess as to what to ask next.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

Message #17 received at 892076@bugs.debian.org (full text, mbox, reply):

From: Erik Koennecke <erik.koennecke@gmx.de>

To: Colin Watson <cjwatson@debian.org>

Cc: 892076@bugs.debian.org

Subject: Re: Bug#892076: man-db: man doesn't show any pages, just empty screen and status line

Date: Mon, 5 Mar 2018 09:21:33 +0100

[Message part 1 (text/plain, inline)]

The kernel is the latest official Hardkernel one, coming from their
repository:

deb http://deb.odroid.in/c2 xenial main

The source is at

https://github.com/hardkernel/linux/tree/odroidc2-3.14.y

They wouldn't violate the GPL - they are a reputable Korean company with
sources always accessible.

"MAN_DISABLE_SECCOMP=1 man ls" still shows the issue. MAN_DISABLE_SECCOMP=1
does *NOT*
fix it. This was the main reason for me to file the bug report.

$ ls -l /usr/bin/preconv
-rwxr-xr-x 1 root root 47240 Feb 10 03:09 /usr/bin/preconv

The file 892076.log from
$ PIPELINE_DEBUG=1 man --debug man 2> 892076.log

is attached.

Thanks for your efforts



2018-03-05 1:48 GMT+01:00 Colin Watson <cjwatson@debian.org>:

> Control: retitle -1 man-db: fails to exec groff tools under seccomp on
> 3.14.79-117 arm64 kernel
>
> On Mon, Mar 05, 2018 at 12:11:48AM +0100, Erik Könnecke wrote:
> > After the upgrade of the man-db package, man stopped showing man
> > pages, only empty screen with the status line
>
> Thanks for your report.  I have a few follow-up questions to try to
> narrow this down:
>
>  * Where exactly did you get this kernel from?  If you also know where I
>    could find the source code for it, that would be helpful too.  The
>    only place I could find any mention of this kernel version on the
>    internet was an odroid repository that seems to be lacking source
>    code (so may well be a GPL violation ...).
>
>  * Does setting MAN_DISABLE_SECCOMP=1 in the environment work around the
>    bug?  (I think it probably will, and I still want to investigate even
>    if that's the case, but I need to make sure.)
>
>  * The particular error here (EPERM from execve) is a strange symptom.
>    Normally it only happens when trying to execute a set-id program
>    under certain other conditions.  Could you please show me the output
>    of "ls -l /usr/bin/preconv"?
>
>  * It's possible that this particular error is happening partly because
>    you're running the program under strace: sometimes debugging tools
>    affect the outcome.  To make sure that I don't spend too much time
>    getting confused by this possibility, could you please show me the
>    full output of "PIPELINE_DEBUG=1 man --debug man" (not under strace)?
>
> I may have further questions after this, but the above should let me
> make a better guess as to what to ask next.
>
> Thanks,
>
> --
> Colin Watson                                       [cjwatson@debian.org]
>

[Message part 2 (text/html, inline)]

[892076.log (text/x-log, attachment)]

Send a report that this bug log contains spam.