Ubuntu
libnss-ldap package

libnss-ldap crashes in libc-2.17.so when using sudo/sshd

Bug #1185699 reported by Jens Maus
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libnss-ldap (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

Since our upgrade to 13.04 (we had 12.10 previously) our administrators cannot use "sudo" anymore. When sudo is used and either the correct password or incorrect password is used sudo immediately crashes with the following crash report:

-- cut here --
sudo[23352]: segfault at 0 ip 00007f40ff4da5e4 sp 00007fffa07c3ec8 error 4 in libc-2.17.so[7f40ff443000+1be000]
-- cut here --

After some investigation we found that as soon as we disable nss-ldap support in /etc/nsswitch.conf by removing the "ldap" statements in the passwd,shadow and group rows sudo works as expected. Howeer, of course then the ldap users are gone. Besides that crash "getent passwd", "getent group" or any other name service query seems to work fine. Also disabling/stopping "nscd" doesn't seem to solve the problem.

After some further investigation we even found out that not only sudo is affected, but also sshd crashes under certain circumstances as soon as nss-ldap support is enabled in /etc/nsswitch.conf. Then sshd also crashes with a similar crash in libc-2.17.so:

-- cut here --
sshd[11457]: segfault at 0 ip 00007f40cb0cc5e4 sp 00007fff7204d038 error 4 in libc-2.17.so[7f40cb035000+1be000]
-- cut here --

All the servers that still use Ubuntu 12.10 seems to work fine so far. Thus, the combination of nss-ldap and libc-2.17.so seem to crash our system.

Revision history for this message
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

Please could you post steps to reproduce this problem on a 13.04 system? Is it possible to recreate the problem on a single system by installing an LDAP server locally, and then pointing nsswitch to it?

Changed in libnss-ldap (Ubuntu):
status: New → Incomplete
Revision history for this message
Jens Maus (jens.maus) wrote :

Of course it is possible to reproduce this on a clean 13.04 system. I did that in fact by installing a clean 13.04 system as a virtual machine and then just installing the libnss-ldap package together with our modified /etc/ldap.conf and /etc/nsswitch.conf. After doing so sudo immediately crashes.

Regarding installing a local LDAP server, this is not possible in our case. We are using a public LDAP server of our institute which contains thousands of users and even more groups. In fact, I suspect the amount of users and groups to be one reason for the crash, but haven't verified/investigated that.

Revision history for this message
Robie Basak (racb) wrote :

Jens,

Thanks for your reply.

I'm looking for specific instructions to reproduce this on a 13.04 system so that I (or another developer) can then investigate further. I suggested a local LDAP server to make it easier for developers to look into the problem.

If you don't understand why I'm asking for this, the essay at http://www.chiark.greenend.org.uk/~sgtatham/bugs.html provides a good explanation.

Please can you post steps to reproduce, and then change the bug status back to New? Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for libnss-ldap (Ubuntu) because there has been no activity for 60 days.]

Changed in libnss-ldap (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.