Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 902436 - possible segfault when backend callback is removed
possible segfault when backend callback is removed
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
6.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Jakub Hrozek
Kaushik Banerjee
:
Depends On:
Blocks: 905536
  Show dependency treegraph
 
Reported: 2013-01-21 11:46 EST by Pavel Březina
Modified: 2013-02-21 04:43 EST (History)
7 users (show)

See Also:
Fixed In Version: sssd-1.9.2-78.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 04:43:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0508 normal SHIPPED_LIVE Low: sssd security, bug fix and enhancement update 2013-02-20 16:30:10 EST

  None (edit)
Description Pavel Březina 2013-01-21 11:46:11 EST 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/1776

Our API supports removing backend callback, but it doesn't work correctly. It still remains in DLIST which causes segfault during next execution of the callbacks. This currently affects sudo first full refresh, when online callbacks are executed several times before successful connection.

How to reproduce:
{{{
1. configure sssd with sudo support in such way it cannot connect to the server
   - tested with incorrect bindpw in ldap_default_authtok, but unreachable hostname should do the trick
2. run sssd
3. tell sssd to go online
   - kill -s SIGUSR2 $(pidof sssd_be)
   - sssd_be crashes when it tries to go online for second time
}}}
Comment 1 Nikolai Kondrashov 2013-01-21 12:27:04 EST 
As I understood it with the help from Jakub, a segfault could happen on repeated *failed* attempts to go online with sudo (and possibly other) backends configured.

Such attempts could be triggered by changed network settings, such as occur on connecting to a wired or wireless network or receiving a new DHCP lease. (External) wireless network roaming could trigger this.

A real world scenario could be an offline user moving between wireless networks, say in an airport. Or, possibly, a user on a corporate network going through several DHCP renewals while waiting for the directory server to come back online.

I'm not sure, what the real impact for end user would be, considering that SSSD is restarted in case of segfaults, but I would expect at least some short lock-ups while SSSD is down.

Although I'm quite new to SSSD and don't know it well yet, I'd say this is quite serious and has a good screw-up potential.
Comment 4 Nikolai Kondrashov 2013-01-28 04:50:29 EST 
Verified as fixed with the following packages:
sssd-client-1.9.2-82.el6.x86_64
sssd-1.9.2-82.el6.x86_64
sudo-1.8.6p3-7.el6.x86_64
libsss_idmap-1.9.2-82.el6.x86_64
libsss_sudo-1.9.2-82.el6.x86_64

Relevant sudo suite output:
:: [   PASS   ] :: offline_repeated_failure_getting_online
Comment 6 errata-xmlrpc 2013-02-21 04:43:45 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.