Bug 145004 - telnetd cleanup() race condition with syslog in signal handler
Summary: telnetd cleanup() race condition with syslog in signal handler
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: telnet   
(Show other bugs)
Version: 4.0
Hardware: All Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Harald Hoyer
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 143929
TreeView+ depends on / blocked
 
Reported: 2005-01-13 17:03 UTC by Jason Vas Dias
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-28 19:49:16 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to fix cleanup wtmp race condition (383 bytes, patch)
2005-01-13 17:04 UTC, Jason Vas Dias
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:327 important SHIPPED_LIVE Important: telnet security update 2005-03-28 05:00:00 UTC

Description Jason Vas Dias 2005-01-13 17:03:43 UTC
Description of problem:
Telnetd can enter the logout(3) call in cleanup() 
via a signal handler, when the main program also
enters logout in cleanup(), resulting in self 
deadlock as the wtmp_lock is already held by
the process - see bug #143929 . 

Version-Release number of selected component (if applicable):

telnet-server-0.17-30 

How reproducible:

If cleanup entered by main program when SIGCHLD handler
also in cleanup / logout, 100% .

Steps to Reproduce:
See bug #143929
  



Expected results:

telnetd should not be able to self-deadlock

Additional info:

See attached patch, contributed by  dlstevens@us.ibm.com , 
which fixed the issue.

Comment 1 Jason Vas Dias 2005-01-13 17:04:41 UTC
Created attachment 109730 [details]
Patch to fix cleanup wtmp race condition

Comment 4 Jason Vas Dias 2005-01-13 21:55:55 UTC
The patch is now in telnet-*-0.17-31 submitted to RHEL-4, and
telnet-*-0.17-32 submitted to FC4, and is in FC3 CVS.

Comment 6 Jason Vas Dias 2005-02-02 19:01:59 UTC
Yes, I guess a new bug should be raised against RHEL3 and added to the RHEL3-U5
blockers list to ensure this gets fixed in RHEL3-U5 .


Comment 10 Josh Bressers 2005-03-28 19:49:16 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-327.html



Note You need to log in before you can comment on or make changes to this bug.