Bug 59437 - nss_ldap leaks file descriptors
nss_ldap leaks file descriptors
Status: CLOSED CANTFIX
Product: Red Hat Linux
Classification: Retired
Component: nss_ldap (Show other bugs)
7.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Aaron Brown
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-02-07 18:15 EST by Eric Seppanen
Modified: 2007-04-18 12:40 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-18 13:24:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eric Seppanen 2002-02-07 18:15:24 EST
Description of Problem:
When using nss_ldap for user and group lookup, each process that performs
lookups will end up with an extra file descriptor open (a TCP socket to the LDAP
server).  If those processes then spawn additional processes, the number of file
descriptors increments each time.

Although I'm not certain why, this causes the telnet client to fail once 10-20
file descriptors are used up in this fashion.  I'd suspect it places some burden
on the LDAP server as well, because of all the extra open sockets.

Although it may seem unlikely that processes would spawn enough children to
cause a problem, there are real world situations where processes can cascade
indefinitely.  Example: if you use VNC often and start new VNC sessions from old
VNC sessions, you pick up five or six new fds each time.  Another example: start
sshd from a "leaky" shell, then login through that sshd and start another shell.
 Rinse, wash, repeat: you should be able to leak a large number of fds this way.

Workaround: use nscd.  nscd should be mandatory when using nss_ldap.  (I wasn't
using it on one machine because RH6.2 had a nasty hang bug in nss_ldap/nscd (bug
19923).

Version-Release number of selected component (if applicable):
nss_ldap-172-2 (RH7.2 and earlier, I reproduced on RH6.2)

How Reproducible:
100% reproducible for me, but not many people run nss_ldap.  And most probably
run ncsd for the performance improvement.

Steps to Reproduce:
1. log in to a bash shell
2. Type "ls -l /proc/self/fd".
3. Type "bash" to spawn a new shell.
4. Repeat ls from step 2.
5. You should be able to see one more open file descriptor than before.
6. Repeat some more (i.e. spawn a third shell from within the second shell). 
Each new process inherits one additional file descriptor.
Comment 1 Eric Seppanen 2002-02-07 18:18:03 EST
telnet client failure submitted as bug 59438.
Comment 2 Bill Nottingham 2006-08-07 16:02:41 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Red Hat apologizes that these issues have not been resolved yet. We do
want to make sure that no important bugs slip through the cracks.
Please check if this issue is still present in a current Fedora Core
release. If so, please change the product and version to match, and
check the box indicating that the requested information has been
provided. Note that any bug still open against Red Hat Linux on will be
closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Comment 3 Bill Nottingham 2006-10-18 13:24:18 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Closing as CANTFIX.

Note You need to log in before you can comment on or make changes to this bug.