Bug 19923 - nss_ldap has a bug that can deadlock a machine
nss_ldap has a bug that can deadlock a machine
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: nss_ldap (Show other bugs)
7.0
All Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Aaron Brown
http://bugzilla.padl.com/show_bug.cgi...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-10-27 12:15 EDT by Phil Mayers
Modified: 2007-03-26 23:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-10-27 18:53:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Phil Mayers 2000-10-27 12:15:36 EDT
From the nssldap@padl.com mailing list, Sat 21 Oct 2000:

==========================================================

Michael Shuey has fixed a race condition in nss_ldap which
caused nscd to lock up under Linux. The patch is in
nss_ldap-121.

See bugzilla.padl.com bug #49 for more info.

-- Luke

--
Luke Howard | lukeh@padl.com
PADL Software | www.padl.com

==========================================================


The gist of the bug is that nss_ldap has a lock which it takes. If you are 
running nscd, it is possible to lock the entire machine by making all nscd 
threads call getpw*.

This triggers a race condition, and locks *ALL* entity lookup - "ls -l", 
ps, all login utilies - all will block. *IF* you happen to know the PID of 
nscd, you can kill it, otherwise, you'll have to power-cycle the machine.

I could reliably trigger this bug using "tar" on a fast machine - the 
lookups for the file username, combined with general system activity, 
would lock the machine unrecoverably.

nss_ldap version 121 has a fix for this.
Comment 1 Nalin Dahyabhai 2000-10-27 12:27:25 EDT
122 has just been placed into the errata testing pipeline.  Please verify that
packages at http://people.redhat.com/nalin/test/ (1.6 for RHL 6.1 and 6.2, 1.7
for RHL 7) install and work correctly.

Note You need to log in before you can comment on or make changes to this bug.