Bug 19923

Summary: nss_ldap has a bug that can deadlock a machine
Product: [Retired] Red Hat Linux Reporter: Phil Mayers <p.mayers>
Component: nss_ldapAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: high    
Version: 7.0CC: dr
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://bugzilla.padl.com/show_bug.cgi?id=49
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-10-27 22:53:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Phil Mayers 2000-10-27 16:15:36 UTC 
From the nssldap mailing list, Sat 21 Oct 2000:

==========================================================

Michael Shuey has fixed a race condition in nss_ldap which
caused nscd to lock up under Linux. The patch is in
nss_ldap-121.

See bugzilla.padl.com bug #49 for more info.

-- Luke

--
Luke Howard | lukeh
PADL Software | www.padl.com

==========================================================


The gist of the bug is that nss_ldap has a lock which it takes. If you are 
running nscd, it is possible to lock the entire machine by making all nscd 
threads call getpw*.

This triggers a race condition, and locks *ALL* entity lookup - "ls -l", 
ps, all login utilies - all will block. *IF* you happen to know the PID of 
nscd, you can kill it, otherwise, you'll have to power-cycle the machine.

I could reliably trigger this bug using "tar" on a fast machine - the 
lookups for the file username, combined with general system activity, 
would lock the machine unrecoverably.

nss_ldap version 121 has a fix for this.
Comment 1 Nalin Dahyabhai 2000-10-27 16:27:25 UTC 
122 has just been placed into the errata testing pipeline.  Please verify that
packages at http://people.redhat.com/nalin/test/ (1.6 for RHL 6.1 and 6.2, 1.7
for RHL 7) install and work correctly.