Bug 145004 - telnetd cleanup() race condition with syslog in signal handler
Summary: telnetd cleanup() race condition with syslog in signal handler
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: telnet   
(Show other bugs)
Version: 4.0
Hardware: All Linux
Target Milestone: ---
: ---
Assignee: Harald Hoyer
QA Contact: Ben Levenson
Depends On:
Blocks: 143929
TreeView+ depends on / blocked
Reported: 2005-01-13 17:03 UTC by Jason Vas Dias
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-03-28 19:49:16 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch to fix cleanup wtmp race condition (383 bytes, patch)
2005-01-13 17:04 UTC, Jason Vas Dias
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:327 important SHIPPED_LIVE Important: telnet security update 2005-03-28 05:00:00 UTC

Description Jason Vas Dias 2005-01-13 17:03:43 UTC
Description of problem:
Telnetd can enter the logout(3) call in cleanup() 
via a signal handler, when the main program also
enters logout in cleanup(), resulting in self 
deadlock as the wtmp_lock is already held by
the process - see bug #143929 . 

Version-Release number of selected component (if applicable):


How reproducible:

If cleanup entered by main program when SIGCHLD handler
also in cleanup / logout, 100% .

Steps to Reproduce:
See bug #143929

Expected results:

telnetd should not be able to self-deadlock

Additional info:

See attached patch, contributed by  dlstevens@us.ibm.com , 
which fixed the issue.

Comment 1 Jason Vas Dias 2005-01-13 17:04:41 UTC
Created attachment 109730 [details]
Patch to fix cleanup wtmp race condition

Comment 4 Jason Vas Dias 2005-01-13 21:55:55 UTC
The patch is now in telnet-*-0.17-31 submitted to RHEL-4, and
telnet-*-0.17-32 submitted to FC4, and is in FC3 CVS.

Comment 6 Jason Vas Dias 2005-02-02 19:01:59 UTC
Yes, I guess a new bug should be raised against RHEL3 and added to the RHEL3-U5
blockers list to ensure this gets fixed in RHEL3-U5 .

Comment 10 Josh Bressers 2005-03-28 19:49:16 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.