Using Tor 0.2.2.35 (git-4f42b0a93422f70e), OpenSSL 0.9.8o:
Jan 12 21:17:25 XXXXXXX kernel: [ 4257.857564] tor[1909] trap invalid opcode ip:7fa7dd61f8f7 sp:7fa7daf80400 error:0 in libcrypto.so.0.9.8[7fa7dd574000+175000]
I don't have a core dump unfortunately. This box has had some stability issues lately (still unknown if hardware or DoS attacks are to blame), but I'm a bit worried about a possible exploit attempt. Has anyone else observed such Tor crashes recently?
OpenSSL 0.9.8o has a few vulnerabilities according to http://www.openssl.org/news/ but this is Debian Stable *sigh* ...
Regards, Marinos
On Fri, Jan 13, 2012 at 01:07:36AM +0100, Marinos Yannikos wrote:
Using Tor 0.2.2.35 (git-4f42b0a93422f70e), OpenSSL 0.9.8o:
Jan 12 21:17:25 XXXXXXX kernel: [ 4257.857564] tor[1909] trap invalid opcode ip:7fa7dd61f8f7 sp:7fa7daf80400 error:0 in libcrypto.so.0.9.8[7fa7dd574000+175000]
I don't have a core dump unfortunately. This box has had some stability issues lately (still unknown if hardware or DoS attacks are to blame),
That looks more like hardware errors than an exploit attempt. The ip and sp are plausible, and the IP points to a reasonable offset in your library. I don't think you have enough information in that log message to find out what bad thing happened (you'd want to see what bytes were in the icache), but you could at least take a look at the disassembly of that region of libcrypto.so for more enlightenment.
objdump -D /usr/lib/libcrypto.so.0.9.8 and look around offset 175000=0x2ab98. That's in .dynstr in my libcrypto.so.0.9.8 but we have different versions.
-andy
tor-relays@lists.torproject.org
-
Andy Isaacson -
Marinos Yannikos