Bug 19923 - nss_ldap has a bug that can deadlock a machine
Summary: nss_ldap has a bug that can deadlock a machine
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: nss_ldap (Show other bugs)
(Show other bugs)
Version: 7.0
Hardware: All Linux
high
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Aaron Brown
URL: http://bugzilla.padl.com/show_bug.cgi...
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-10-27 16:15 UTC by Phil Mayers
Modified: 2007-03-27 03:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-10-27 22:53:03 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Phil Mayers 2000-10-27 16:15:36 UTC
From the nssldap@padl.com mailing list, Sat 21 Oct 2000:

==========================================================

Michael Shuey has fixed a race condition in nss_ldap which
caused nscd to lock up under Linux. The patch is in
nss_ldap-121.

See bugzilla.padl.com bug #49 for more info.

-- Luke

--
Luke Howard | lukeh@padl.com
PADL Software | www.padl.com

==========================================================


The gist of the bug is that nss_ldap has a lock which it takes. If you are 
running nscd, it is possible to lock the entire machine by making all nscd 
threads call getpw*.

This triggers a race condition, and locks *ALL* entity lookup - "ls -l", 
ps, all login utilies - all will block. *IF* you happen to know the PID of 
nscd, you can kill it, otherwise, you'll have to power-cycle the machine.

I could reliably trigger this bug using "tar" on a fast machine - the 
lookups for the file username, combined with general system activity, 
would lock the machine unrecoverably.

nss_ldap version 121 has a fix for this.

Comment 1 Nalin Dahyabhai 2000-10-27 16:27:25 UTC
122 has just been placed into the errata testing pipeline.  Please verify that
packages at http://people.redhat.com/nalin/test/ (1.6 for RHL 6.1 and 6.2, 1.7
for RHL 7) install and work correctly.


Note You need to log in before you can comment on or make changes to this bug.