Bug 1563046

Summary: getlogin_r: return early when linux sentinel value is set
Product: Red Hat Enterprise Linux 7 Reporter: DJ Delorie <dj>
Component: glibcAssignee: Arjun Shankar <ashankar>
Status: CLOSED ERRATA QA Contact: Sergey Kolosov <skolosov>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.5CC: ashankar, codonell, dj, fweimer, mnewsome, pfrankli, skolosov
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glibc-2.17-249.el7 Doc Type: Bug Fix
Doc Text:
Cause: The function getlogin_r did not check if /proc/self/loginuid is set to "-1", indicating no logged in user before querying naming services for the corresponding username. Consequence: On systems configured with networked naming services, getlogin_r took longer to return as it queried via the network for the non-existent UID (-1). Fix: getlogin_r is now fixed to return immediately after checking for and reading the (-1) UID from /proc/self/loginuid. Result: getlogin_r returns earlier and does not perform unnecessary name lookups when no user is logged in.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 09:38:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1565233    

Description DJ Delorie 2018-04-03 03:50:49 UTC 
From the upstream bug report:

For configurations that use networked naming services for passwd (in particular LDAP), processes that have no login UID, there are excessive delays when getlogin_r() is called.

For such processes, /proc/self/loginid is set to a sentinel value (-1), when files is the only backend, or if nscd is running this returns quickly. However if ldap is configured as a backend for passwd, and nscd isn't being used (which for various political and economic reasons is not always feasible) network requests to the configured LDAP servers will occur which can slow down process creation enough to cause timeouts in parent processes in certain contexts.

Good news, however, as this was recently fixed upstream by:

https://sourceware.org/git/?p=glibc.git;a=commit;h=cc8a1620eb97ccddd337d157263c13c57b39ab71
Comment 6 errata-xmlrpc 2018-10-30 09:38:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3092