[Pkg-aide-maintainers] Bug#802487: Aide crash (SIGSEGV) solved by reinstalling

Carlos Pérez carlos.perez at uv.es
Tue Sep 27 07:42:08 UTC 2016 

Hi,

I came across this same problem (the same segmentation fault in the same
place) today and I was able to get a working Aide just by reinstalling
the package:

apt-get install aide --reinstall

I think that the segmentation fault was produced by a corrupt aide
binary, since the aide's SHA256 signature changes after reinstalling the
package (note that it is the same package version that is reinstalled).
In fact, the size in the corrupted file is the same that that of the
correct one.

I was able to detect this because I use two different Debian 8.5 virtual
machines and only in one of them aide crashed. The working system was
created using a standard Debian installation CD while the faulty one was
created using debootstrap (I don't know whether this is relevant or not).

I know it could be a security issue. But, I doubt it, because both
systems are virtual machines behind a NAT router, they don't offer any
service to the Internet and they don't use Internet services either
(apart from the Debian repositories).

The situation before reinstalling in the faulty system:

Working system:
# ls -l $(which aide)
-rwxr-xr-x 1 root root 1597208 Oct 24  2014 /usr/bin/aide
# sha256sum /usr/bin/aide
e382183d9f94e0325af0a8d235445a82f0aab9c3fc134b9219b9b290722db7e5
/usr/bin/aide
# aide
Couldn't open file
/var/lib/aide/please-dont-call-aide-without-parameters/aide.db for reading

Faulty system:
# ls -l $(which aide)
-rwxr-xr-x 1 root root 1597208 Oct 24  2014 /usr/bin/aide
# sha256sum /usr/bin/aide
c2ac6ddeb386376fa2f504e5471fb9880baffd15807060b37b28bcabb91466bd
/usr/bin/aide
# aide
Segmentation fault

After reinstalling aide in the faulty system, the SHA256 matches that of
the working one, and aide works OK.

Further information:
- Both system are Debian 8.5 x86_64
- Aide version: 0.16~a2.git20130520-3
- I upgraded the faulty system to Debian 8.6 (no aide upgrade, however)
and the segmentation fault was still there.
- The faulty one was a User-Mode Linux virtual machine running inside
the working one (a VMware Workstation virtual machine).

Hope it helps.

Sincerely,

-- 
Carlos Pérez

More information about the Pkg-aide-maintainers mailing list