Panic on macOS Catalina 10.15.7 #173

andrewkroh · 2023-05-16T11:17:26Z

In #135 we changed from a custom sysctl implementation to the Go stdlib version. There is a kernel bug¹ in Catalina that causes the stdlib version to return bad data to go-sysinfo. There is issue open in Go to track a possible fix golang/go#60047.

#172 adds defensive measures to prevent bad data from causing a panic in go-sysinfo. We probably need another change to revert to the custom sysctl implementation for Catalina (darwin/amd64 version 10.15).

goroutine 1 [running]:
github.com/elastic/go-sysinfo/providers/darwin.kern_procargs(0xc0003df430?, 0xc0001168c0)
github.com/elastic/[email protected]/providers/darwin/process_darwin.go:207 +0x58f
github.com/elastic/go-sysinfo/providers/darwin.(*process).Info(0xc0001168c0)
github.com/elastic/[email protected]/providers/darwin/process_darwin.go:104 +0x1b4
go.elastic.co/apm/v2.currentProcessTitle()
go.elastic.co/apm/[email protected]/utils_other.go:34 +0x5f
go.elastic.co/apm/v2.getCurrentProcess()
go.elastic.co/apm/[email protected]/utils.go:83 +0x65
go.elastic.co/apm/v2.init.1()
go.elastic.co/apm/[email protected]/utils.go:77 +0x2b

https://discuss.elastic.co/t/macos-10-15-7-cannot-execute-filebeat-auditbeat-or-metricbeat/333471

https://github.com/apple-oss-distributions/xnu/blob/xnu-7195.50.7.100.1/bsd/kern/kern_sysctl.c#L1552-#L1592 ↩

The text was updated successfully, but these errors were encountered:

Fixes elastic#173.

wheelerlaw · 2023-05-17T19:18:42Z

Once I get my patch submitted, reverting to the custom sysctl implementation shouldn't be necessary.

Prior to this change kern_procargs iterated over the data based on the argc value without checking if the underlying slice held enough args. To prevent a runtime error this adds a check to verify there is more data before trying to index another argument. Add a fuzz test to check for panics in the parsing code for kern.procargs2. Relates #173

Mostly everything worked. I just needed a replacement for reading `/proc` to get the command line since macOS doesn't provide `/proc`. I cobbled together this solution from code I found in https://github.com/elastic/go-sysinfo I've verified it works as expected under macOS 13 (Ventura). It probably panics under macOS 10.15 (Catalina) due to this issue: elastic/go-sysinfo#173 Note also that using: "auth [success=done default=die] pam_sshca.so" does not work on Darwin to configure the module. The closest equivalent is likely to be: "auth requisite] /path/to/pam_sshca.so" I have not tested on Linux and this commit should be considered a proof-of-concept.

Use raw syscalls to retrieve the command line under Darwin, since macOS does not provide a `/proc` filesystem. The code to do this is from https://github.com/elastic/go-sysinfo which can be sanity checked against: https://github.com/apple-oss-distributions/adv_cmds/blob/adv_cmds-205/ps/print.c#L115 I've verified with these changes that `pam_sshca.so` works as expected under macOS 13 (Ventura) on an arm64 host. Issues: 1. The Linux `pam.d/sudo` configuration line: "auth [success=done default=die] pam_sshca.so" Does not work on Darwin. Instead use one of the following: "auth requisite /path/to/pam_sshca.so" Or: "auth required /path/to/pam_sshca.so" Neither is identical to "[success=done default=die]" whose semantics are impossible under Darwin. See the `pam.conf` man pages on Linux and macOS for details. 2. The "log/syslog" module does not work under macOS >= 12 (Monterey). Log messages are silently dropped: golang/go#59229 3. The `kern.procargs2` syscall panics under macOS 10.15 (Catalina) due to a bug in that OS version. elastic/go-sysinfo#173

Use raw syscalls to retrieve the command line under Darwin, since macOS does not provide a `/proc` filesystem. The code to do this is from https://github.com/elastic/go-sysinfo which can be sanity checked against: https://github.com/apple-oss-distributions/adv_cmds/blob/adv_cmds-205/ps/print.c#L115 I've verified with these changes that `pam_sshca.so` works as expected under macOS 13 (Ventura) on an arm64 host. Issues: 1. The Linux `pam.d/sudo` configuration line: "auth [success=done default=die] pam_sshca.so" Does not work on Darwin. Instead use one of the following: "auth requisite /path/to/pam_sshca.so" Or: "auth required /path/to/pam_sshca.so" Neither is identical to "[success=done default=die]" whose semantics are impossible under Darwin. See the `pam.conf` man pages on Linux and macOS for details. 2. The "log/syslog" module does not work under macOS >= 12 (Monterey). Log messages are silently dropped: golang/go#59229 3. The `kern.procargs2` syscall returns incorrect data under macOS 10.15 (Catalina) due to a bug in that OS version. The code won't panic under that OS version but it won't return a command line: - elastic/go-sysinfo#172 - elastic/go-sysinfo#173

andrewkroh added the bug Something isn't working label May 16, 2023

andrewkroh mentioned this issue May 16, 2023

providers/darwin - kern.procargs2 guard against runtime panic #172

Merged

andrewkroh added a commit to andrewkroh/go-sysinfo that referenced this issue May 16, 2023

darwin - Add sysctlRaw with procargs2 workaround for Catalina

517f7ab

Fixes elastic#173.

jaysoffian mentioned this issue Aug 31, 2023

Port to Darwin theparanoids/pam-ysshca#95

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Panic on macOS Catalina 10.15.7 #173

Panic on macOS Catalina 10.15.7 #173

andrewkroh commented May 16, 2023 •

edited

Loading

wheelerlaw commented May 17, 2023

Panic on macOS Catalina 10.15.7 #173

Panic on macOS Catalina 10.15.7 #173

Comments

andrewkroh commented May 16, 2023 • edited Loading

Footnotes

wheelerlaw commented May 17, 2023

andrewkroh commented May 16, 2023 •

edited

Loading