IBM Domino 'bindsock' cannot bind to ports <1024 since recent kernel 3.5.0-45.68
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Andy Whitcroft | ||
Quantal |
Fix Released
|
Medium
|
Andy Whitcroft | ||
Saucy |
Fix Released
|
Medium
|
Andy Whitcroft | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
linux-armadaxp (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned | ||
Saucy |
Invalid
|
Undecided
|
Unassigned | ||
Trusty |
Invalid
|
Undecided
|
Unassigned | ||
linux-ec2 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
Quantal |
Invalid
|
Undecided
|
Unassigned | ||
Saucy |
Invalid
|
Undecided
|
Unassigned | ||
Trusty |
Invalid
|
Undecided
|
Unassigned | ||
linux-lts-quantal (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Andy Whitcroft | ||
Quantal |
Invalid
|
Undecided
|
Unassigned | ||
Saucy |
Invalid
|
Undecided
|
Unassigned | ||
Trusty |
Invalid
|
Undecided
|
Unassigned | ||
linux-lts-raring (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Andy Whitcroft | ||
Quantal |
Invalid
|
Undecided
|
Unassigned | ||
Saucy |
Invalid
|
Undecided
|
Unassigned | ||
Trusty |
Invalid
|
Undecided
|
Unassigned | ||
linux-lts-saucy (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Andy Whitcroft | ||
Quantal |
Invalid
|
Undecided
|
Unassigned | ||
Saucy |
Invalid
|
Undecided
|
Unassigned | ||
Trusty |
Invalid
|
Undecided
|
Unassigned | ||
linux-ti-omap4 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned | ||
Saucy |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Something has changed in Ubuntu's Kernel 3.5.0-45 32 & 64-bit Intel, has prevented IBM Domino's "/opt/ibm/
In the Live Domino Console we're seeing the Application Server report:
"Listener failure: 'bindsock' is missing, not executable, not owned by root, not setuid root or user needs net_privaddr privilege."
Another thing in the Live Domino Console, which is unusual is:
"Error_
A number of us have to hold back the kernel now and there's lots of scratching going on.
http://
It does seem to be limited to IBM Domino's "bindsock" binary and other things are just fine, such as Nginx.
I have attached some files within the zip "ibm-domino-
>>bindsock_
This is just running strace against the binary that isn't running in any process.
>> domino-
The IBM Domino Application Server ("/opt/
Hopeully this first attempt at strace provides some good info for you kind folks :-)
Many thanks
MR
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: linux-image-
ProcVersionSign
Uname: Linux 3.5.0-45-generic x86_64
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.25.
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 2.0.1-0ubuntu17.6
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: [Errno 2] No such file or directory
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info: Error: [Errno 2] No such file or directory
Card0.Amixer.
Date: Tue Jan 14 15:33:47 2014
HibernationDevice: RESUME=
InstallationMedia: Ubuntu-Server 12.04.2 LTS "Precise Pangolin" - Release amd64 (20130214)
IwConfig: Error: [Errno 2] No such file or directory
Lsusb:
Bus 002 Device 002: ID 80ee:0021 VirtualBox USB Tablet
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: innotek GmbH VirtualBox
MarkForUpload: True
ProcEnviron:
SHELL=/bin/bash
TERM=xterm
PATH=(custom, no user)
LANG=en_GB.UTF-8
LANGUAGE=en_GB:en
ProcFB: 0 VESA VGA
ProcKernelCmdLine: BOOT_IMAGE=
RelatedPackageV
linux-
linux-
linux-firmware 1.79.9
RfKill: Error: [Errno 2] No such file or directory
SourcePackage: linux-lts-quantal
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 12/01/2006
dmi.bios.vendor: innotek GmbH
dmi.bios.version: VirtualBox
dmi.board.name: VirtualBox
dmi.board.vendor: Oracle Corporation
dmi.board.version: 1.2
dmi.chassis.type: 1
dmi.chassis.vendor: Oracle Corporation
dmi.modalias: dmi:bvninnotekG
dmi.product.name: VirtualBox
dmi.product.
dmi.sys.vendor: innotek GmbH
break-fix: 1661bf364ae9c50
Changed in linux (Ubuntu Trusty): | |
status: | New → Fix Released |
assignee: | nobody → Andy Whitcroft (apw) |
Changed in linux-lts-quantal (Ubuntu Trusty): | |
assignee: | Andy Whitcroft (apw) → nobody |
importance: | Medium → Undecided |
status: | In Progress → Invalid |
Changed in linux-lts-saucy (Ubuntu Trusty): | |
status: | New → Invalid |
Changed in linux-lts-saucy (Ubuntu Saucy): | |
status: | New → Invalid |
Changed in linux-lts-saucy (Ubuntu Quantal): | |
status: | New → Invalid |
Changed in linux-lts-saucy (Ubuntu Precise): | |
assignee: | nobody → Andy Whitcroft (apw) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux-lts-quantal (Ubuntu Saucy): | |
status: | New → Invalid |
Changed in linux-lts-quantal (Ubuntu Quantal): | |
status: | New → Invalid |
Changed in linux-lts-quantal (Ubuntu Precise): | |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux-lts-raring (Ubuntu Trusty): | |
status: | New → Invalid |
Changed in linux-lts-raring (Ubuntu Saucy): | |
status: | New → Invalid |
Changed in linux-lts-raring (Ubuntu Quantal): | |
status: | New → Invalid |
Changed in linux-lts-raring (Ubuntu Precise): | |
assignee: | nobody → Andy Whitcroft (apw) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux-lts-quantal (Ubuntu Precise): | |
assignee: | nobody → Andy Whitcroft (apw) |
Changed in linux (Ubuntu Saucy): | |
assignee: | nobody → Andy Whitcroft (apw) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux (Ubuntu Quantal): | |
assignee: | nobody → Andy Whitcroft (apw) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux (Ubuntu Precise): | |
assignee: | nobody → Andy Whitcroft (apw) |
importance: | Undecided → Medium |
status: | New → Fix Committed |
Changed in linux (Ubuntu Trusty): | |
assignee: | Andy Whitcroft (apw) → nobody |
Changed in linux-lts-saucy (Ubuntu Saucy): | |
status: | Invalid → In Progress |
Changed in linux-lts-saucy (Ubuntu Saucy): | |
status: | In Progress → Invalid |
Changed in linux (Ubuntu Quantal): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Saucy): | |
status: | In Progress → Fix Committed |
Changed in linux-lts-raring (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Changed in linux-lts-quantal (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Changed in linux-lts-saucy (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
description: | updated |
tags: | added: linux-break-fix |
Changed in linux-lts-quantal (Ubuntu Precise): | |
status: | Fix Committed → Confirmed |
tags: |
added: kernel-bug-break-fix removed: linux-break-fix |
tags: | added: test-apw |
tags: | removed: test-apw |
description: | updated |
Changed in linux-armadaxp (Ubuntu): | |
status: | New → Invalid |
Changed in linux-lts-saucy (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in linux-ec2 (Ubuntu Trusty): | |
status: | New → Invalid |
Changed in linux-lts-quantal (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in linux-lts-raring (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in linux-ec2 (Ubuntu Quantal): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Trusty): | |
status: | New → Invalid |
Changed in linux-armadaxp (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in linux-ec2 (Ubuntu Saucy): | |
status: | New → Invalid |
Changed in linux-ec2 (Ubuntu Precise): | |
status: | New → Invalid |
Changed in linux-armadaxp (Ubuntu Saucy): | |
status: | New → Invalid |
Changed in linux (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in linux-ec2 (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Precise): | |
status: | New → Fix Committed |
Changed in linux-armadaxp (Ubuntu Precise): | |
status: | New → Fix Committed |
Changed in linux-ti-omap4 (Ubuntu Quantal): | |
status: | New → Confirmed |
Changed in linux-ti-omap4 (Ubuntu Saucy): | |
status: | New → Confirmed |
Changed in linux-armadaxp (Ubuntu Quantal): | |
status: | New → Confirmed |
Changed in linux (Ubuntu Precise): | |
status: | Fix Committed → Fix Released |
Changed in linux-ti-omap4 (Ubuntu Precise): | |
status: | Fix Committed → Fix Released |
Changed in linux-armadaxp (Ubuntu Precise): | |
status: | Fix Committed → Fix Released |
Changed in linux-lts-quantal (Ubuntu Precise): | |
status: | Confirmed → Fix Committed |
Changed in linux-armadaxp (Ubuntu Quantal): | |
status: | Confirmed → Fix Committed |
Changed in linux-ti-omap4 (Ubuntu Quantal): | |
status: | Confirmed → Fix Committed |
Changed in linux-ti-omap4 (Ubuntu Saucy): | |
status: | Confirmed → Fix Committed |
tags: | removed: kernel-bug-break-fix |
tags: | added: kernel-bug-break-fix-complete |
On Tue, Jan 14, 2014 at 01:07:24AM +0000, MR Mail wrote:
> Just a query about what might have changed in Ubuntu's Kernel 3.5.0-45 domino/ notes/latest/ linux/bindsock www-10. lotus.com/ ldd/ndseforum. nsf/xpTopicThre ad.xsp? documentId= 485F5F092833BCB E85257C33006AC7 A3 CmdToDo_ INVAL". .. might be an IBM thang.
> that would kill IBM Domino's /opt/ibm/
> binary that runs as root (setuid) to get ports lower than 1024 (SMTP IMAP
> POP3 and HTTP) for the service account that runs the main application
> server?
>
> A number of us have to hold back the kernel now and there's lots of
> scratching going on.
> http://
>
> Another thing in the server console spits out which is unusual is
> "Error_
>
> Don't know if this is something that's been deprecated or a bug in the
> latest kernel versions. It does seem limited to IBM Domino.
To precee the thread above. Various people on various releases are
reporting that a kernel update is preventing domino server starting.
Specifically they are all reporting that the setuid bindsock helper is
failing to bind port 25:
SMTP Server: Listener failure: 'bindsock' is missing, not executable,
not owned by root, not setuid root or user needs net_privaddr privilege
As an aside, the above thread suggest that setuid is not working.
I cannot see any commits which could cause such a behavioural change,
and if there was such an issue sudo et al would also stop working,
I think this would have been noticed.
Various reporters note kernel version on various releases:
GOOD BAD 0-43-generic 3.5.0-44-generic
3.5.
3.11.0-13 3.11.0-14
3.2.0-56 3.2.0-58
I have briefly reviewed the changes in these pairs which all include the
application of an upstream stable update, looking for those relating to
sockets in general of which there are a couple in common on all three of
these updates:
net: unix: inherit SOCK_PASS{CRED, SEC} flags from socket to fix race
net: heap overflow in __audit_sockaddr()
The latter of these I do see a further upstream fix for which will
appear in the next 3.2.0 kernel, which _might_ be relevant.
As for the next steps:
1) lets get a bug filed against the linux package containing the data
above, by someone who is able to run some test kernels to debug
the issue (run 'ubuntu-bug linux' to get such a bug filed),
2) could someone who has this issue attempt to get an strace from this
helper as it tries to make these sockets so we can try and identify
what is failing.
Once we have a bug filed we can try and bisect between say
3.5.0-43-generic and 3.5.0-44-generic to find the patch which triggers
the behaviour.
Please reply to this email with the bug number once it is filed.
-apw