112770 – ypbind hangs indefinitely when portmap is unreachable

Bug 112770 - ypbind hangs indefinitely when portmap is unreachable

Summary: ypbind hangs indefinitely when portmap is unreachable

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	ypbind
Sub Component:
Version:	3.0
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Karel Klíč
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2003-12-31 01:51 UTC by Ean J. Price
Modified:	2013-03-03 22:59 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-05-10 13:51:46 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Ean J. Price 2003-12-31 01:51:51 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5)
Gecko/20031117 Firebird/0.7

Description of problem:
If portmap is made unavailable, through improperly set up netfilter
rules, ypbind will hang indefinitely and halt the boot process.

I had a student set up iptables rules to only allow access from the
local network.  Essentially they did a:

iptables -A INPUT -s ! 192.168.0.0/24 -j REJECT

But forgot to allow traffic over the loopback.  This prevented ypbind
from contacting the portmapper which then prevented the system from
booting.

Version-Release number of selected component (if applicable):
ypbind-1.12-1

How reproducible:
Always

Steps to Reproduce:
1.set up NIS with authconfig
2.set up iptables rules that prevent traffic over the loopback
3.reboot
    

Actual Results:  The system hung on /etc/rc.d/init.d/ypbind during bootup

Expected Results:  ypbind should have timed out while trying to
contact portmap and failed gracefully so as not to prevent the system
from booting.  If console access wasn't available this would have been
a real pain to fix ;)

Additional info:

Comment 1 Steve Dickson 2007-04-17 20:02:41 UTC

I reworked the init script so the default wait time
should be 45sec. But this time is configurable by 
changing the NISTIMEOUT variable. This should stop
the unreasonable long start up time.

Please try ypbind-1.19-9

Comment 2 Karel Klíč 2010-05-10 13:51:46 UTC

The fix will not get into RHEL-3. Fixed in RHEL-5.

Comment 3 f_a_f12001 2010-05-11 07:38:17 UTC

Still have the bug on RHEL5.3
When you prevent traffic over the loopback you have 2 choices with iptables, DROP or REJECT. And in practical there is really big difference, I like to use DROP instead of REJECT most of times on firewalls to save resources as the system will not reply back with error messages when we use DROP as we know.
When I used DROP to block the traffic over the loopback the system after rebooting stops on ypbind more than 10 minutes, I tried REJECT instead of DROP and tried to reboot again, The system stops for just seconds and continued to boot afterwords.
I think this still a bug, What ever what causes the prevention of contacting portmap the system should pass this and boot normally, As on a production system if the server hosts other services it may took along time to boot if ypbind or nfs services can't contact portmap. 
What do think we should do, Or there is no solution.

Note You need to log in before you can comment on or make changes to this bug.