热门搜索
分布式
数据库一体机
云数据库
建设银行
保险核心
密集交易
登录
注册
openssl加固导致数据库无法启动
技术分享/
文章详情
/
openssl加固导致数据库无法启动
干饭王
2023/11/26
1350
0
0
某系统做完一系列安全加固后,过了1年后,期间再也没有重启过数据库,近日重启数据库发现无法启动。
1、启动数据库,直接core掉
[dmdba@db ~]$ /home/dmdba/dm8.1.0.128_release/dmserver PATH=/home/dmdba/dm8.1.0.128_debug/tempdata/DAMENG/dm.ini
version info: enterprise
Segmentation fault (core dumped)
[dmdba@db ~]$
2、分析core文件
[dmdba@db ~]$ gdb /home/dmdba/dm8.1.0.128_release/dmserver core.2843
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-90.el6)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/dmdba/dm8.1.0.128_release/dmserver...(no debugging symbols found)...done.
[New Thread 2843]
Missing separate debuginfo for /usr/local/openssl/lib/libcrypto.so
Try: yum --enablerepo='*-debug*' install /usr/lib/debug/.build-id/47/273553548165eacb0fef5bc2410681a6b3fc1c
Missing separate debuginfo for
Try: yum --enablerepo='*-debug*' install /usr/lib/debug/.build-id/ec/37397b4ecc9f347891ceff84a05131bf10bfc3
Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/librt.so.1
Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /usr/lib64/libstdc++.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libstdc++.so.6
Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libm.so.6
Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/libgcc_s.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libgcc_s.so.1
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/local/openssl/lib/libcrypto.so...(no debugging symbols found)...done.
Loaded symbols for /usr/local/openssl/lib/libcrypto.so
Reading symbols from /lib64/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libz.so.1
Core was generated by `/home/dmdba/dm8.1.0.128_release/dmserver PATH=/home/dmdba/dm8.1.0.128_debug/tem'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f94a3e79864 in RSA_private_decrypt ()
from /usr/local/openssl/lib/libcrypto.so
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.192.el6.x86_64 libgcc-4.4.7-17.el6.x86_64 libstdc++-4.4.7-17.el6.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) bt
#0 0x00007f94a3e79864 in RSA_private_decrypt ()
from /usr/local/openssl/lib/libcrypto.so
#1 0x000000000057be19 in fsm_get_dbctrl_svr_key_ex_file ()
#2 0x0000000000657775 in ini_fill_sysinfo2 ()
#3 0x000000000065b8b5 in ini_sysinfo_read ()
#4 0x000000000065b9fe in ini_sysinfo_read_and_check ()
#5 0x0000000001356b39 in main ()
(gdb) thread all apply bt
No symbol table is loaded. Use the "file" command.
(gdb) thread apply all bt
Thread 1 (Thread 0x7f94a56f1720 (LWP 2843)):
#0 0x00007f94a3e79864 in RSA_private_decrypt ()
from /usr/local/openssl/lib/libcrypto.so
#1 0x000000000057be19 in fsm_get_dbctrl_svr_key_ex_file ()
#2 0x0000000000657775 in ini_fill_sysinfo2 ()
#3 0x000000000065b8b5 in ini_sysinfo_read ()
#4 0x000000000065b9fe in ini_sysinfo_read_and_check ()
#5 0x0000000001356b39 in main ()
(gdb)
(gdb) quit
[dmdba@db ~]$
3、发现关键信息指向openssl
#0 0x00007f94a3e79864 in RSA_private_decrypt ()
from /usr/local/openssl/lib/libcrypto.so
4、与现场沟通,了解1年前执行过安全加固
1年前的版本
[dmdba@db ~]$ openssl version
OpenSSL 1.1.1p 21 Jun 2022
[dmdba@db ~]$
现在的版本
[dmdba@db ~]$ openssl version
OpenSSL 1.0.2k 26 Jan 2017
5、与现场沟通,执行回退openssl版本
6、完成解决此次openssl版本问题导致的数据库启动失败问题
[dmdba@db ~]$ /home/dmdba/dm8.1.0.128_release/dmserver PATH=/home/dmdba/dm8.1.0.128_debug/tempdata/DAMENG/dm.ini
version info: enterprise
Use normal os_malloc instead of HugeTLB
Use normal os_malloc instead of HugeTLB
DM Database Server x64 V8.1.0.128-Build(2019.01.09-101776)ENT startup...
ckpt lsn: 0
。。。。
total 0 active crash trx, pseg_crash_trx_rollback begin ...
pseg_crash_trx_rollback end
SYSTEM IS READY.
评论
后发表回复
作者
文章
阅读量
获赞
扫一扫
联系客服
联系客服
鄂Copyright © 达梦国产化应用创新实验室
达梦在线服务平台社区用户管理规范
鄂ICP备18017926号-1
达梦在线服务平台社区用户管理规范
鄂ICP备18017926号-1