When running openvas (a nessus fork) against elog 2.9.0 I provoked the following crash:

Apr  9 17:32:06 unixland elogd[1300]: POST / HTTP/1.0#015#012Host: unixland.home
#015#012Content-Length: -800#015#012#015#012XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Apr  9 17:32:06 unixland kernel: [664894.491242] elogd[1300]: segfault at b7713d
2e ip 080b6956 sp bf8d5ea0 error 4 in elogd[8048000+96000]

openvas reports that it was testing for CVE-2002-1212 when the crash occurred.

Startup info:

Apr  9 19:35:54 unixland elogd[21584]: elogd 2.9.0 built Apr  9 2011, 17:49:08 
Apr  9 19:35:54 unixland elogd[21584]: revision 2411

-- rouilj

With the recent Elog 2.9.0 rev 2412 the Self Register = 3 option doesn't work as expected: The user is immediately allowed to login. This is not what this option was doing, which is to wait for an approval by the administrator. Can this behaviour be restored, or should I change the value of the Self Register flag? Thanks

Are you sure about that (maybe used an older revision of elogd where this indeed was a problem?). The current V2.9.0-2412 gives me this:

If I then log in as the admin user, I see the configuration of the new user, but the account is not activated:

So the user cannot log in. The config file is:

[global]
port = 8080
password file = passwd
smtp host = mail.psi.ch
Self register = 3
Admin user = stefan

[demo1]
Attributes = Project, Category

Can you double check?
 

> When running openvas (a nessus fork) against elog 2.9.0 I provoked the following crash:
> 
> Apr  9 17:32:06 unixland elogd[1300]: POST / HTTP/1.0#015#012Host: unixland.home
> #015#012Content-Length: -800#015#012#015#012XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> 
> Apr  9 17:32:06 unixland kernel: [664894.491242] elogd[1300]: segfault at b7713d
> 2e ip 080b6956 sp bf8d5ea0 error 4 in elogd[8048000+96000]
> 
> openvas reports that it was testing for CVE-2002-1212 when the crash occurred.
> 
> Startup info:
> 
> Apr  9 19:35:54 unixland elogd[21584]: elogd 2.9.0 built Apr  9 2011, 17:49:08 
> Apr  9 19:35:54 unixland elogd[21584]: revision 2411
> 
> -- rouilj

I haven't tried openvas, but added a check for the negative content-length you have in the request
above in SVN revision 2413. Can you try if it still crashes?

- Stefan

[global]
port = 8080
password file = passwd
smtp host = mail.psi.ch
Self register = 3
Admin user = stefan

[demo1]
Attributes = Project, Category

 HI Stefan,

I tried again and confirm the version number. I never got this pannel saying that my request will be processed by an adminstrator. Maybe the installation was incomplete? Is this pannel outside the standard src files?  I receive the mail as administrator, but the accout is already valid BEFORE I validate it.

This was working in previous versions, i.e. the entry was not created at all. And login wasn't possible.

We went back to 2.8.0 as the server is regularly crashing with 2.9.0 and we have to keep it alive for our running experiment. We are trying to isolate and reproduce the problem...

Try to use the simple config file, and see what happens there. Maybe it's a config option you use differently in the experiment. If you identify the config option which triggers the problem, I can probably reproduce it and fix it. Concerning crashes of 2.9.0: We have it running stably for our experiments, that's why I released it. But there are major changes since 2.8.0, mainly the Kerberos authentification (actually people from CERN asked for that). So it could be that in your case there are problems I don't see. In that case you have to test with which options in the config file the problems start. If elogd crashes, a stack dump would maybe also be helpful for me.

I'm now running eLog  2.9.0 and seeing the same crashes. However, I've got some more information that may be helpful.

The crash seems to be directly related to the order of replies in the thread. For example, in this thread I am replying to the original entry. The original entry has 2 children (the entries are siblings) and no grandchildren.

In our installation, eLog crashes consistently under the following conditions:

       go to the "list" display

       set it to "threaded"

       "select" a thread that has siblings at any generation of replies

       choose "edit"

If the selected thread only has one entry at any generation, eLog does not crash.

Here's a horrible attempt at a display of two message threads. Note that in the first example, there are 2 replies at the same generation (siblings)--both the person who responded and the original submitter replied to the initial submission. After that, all replies were to successive generations.

-------------- Causes eLog to Crash ------------------
!   Full Name (submitter) module failure 
    =>   Full Name (submitter) Re: module failure 
    =>   Full Name (replier) Re: module failure 
               =>   Full Name (submitter) Re: Re: module failure 
                         =>   Full Name (submitter) Re: Re: Re: module failue

------------------------------------------------------



-------------- No eLog Problem  ------------------
!   Full Name (submitter) Labwide failure of mcc 
    =>   Full Name (replier) Re: Labwide failure of mcc 
           =>   Full Name (submitter) Re: Re: Labwide failure of mcc 
                     =>   Full Name (replier) Re: Re: Re: Labwide failure of mcc 
------------------------------------------------------

 I am also experiencing the same exact problem as explained above. It only seems to happen when a part of the title has changed. I will include my config for an example. Make a few entries, then change the "Customer" paramater. Then try and edit an entry in the thread.

 Enable attachments = 1

Attributes = Employee, Customer, XXX-ID, XXXX Number, SCD, Type, Status, Folder Created, XXXX Received, Equipment Installed, XXX Carrier Up, Customer Carrier Up, QA Completed

Thread display = $Customer  -  $SLR-ID  -  $Type  -  $Status  -  SCD: $SCD  - XXXX: $XXXX Number

Propagate attributes = Status

Locked Attributes = Employee
Options Type = Activation, Termination, Change
Options Folder Created = Yes, No, N/A
Options XXXX Received = Yes, No, N/A
Options Equipment Installed = Yes, No, N/A
Options XXX Carrier Up = Yes, No, N/A
Options Customer Carrier Up = Yes, No, N/A
Options QA Completed = Yes, No

Entries per page = 100

Preset Text = $short_name @ $utcdate -
Append on reply = $short_name @ $utcdate -

Locked Attributes = Employee

Preset Employee = $long_name

Options Status = Open, Closed

Quick Filter = Status, Type

Type SCD = datetime

Summary lines = 0
Enable Attachments = 0
Suppress default = 2
Entries per page = 10

Suppress Email to users = 1

Display mode = threaded
Collapse to last = 1
Expand default = 0
Subst on reply Employee = $long_name 

Faulting application elogd.exe, version 0.0.0.0, faulting module elogd.exe, version 0.0.0.0, fault address 0x000646c7.