Debian
oidentd package

oidentd spawns a new process for all new connections unless -l [number] defined

Bug #1094773 reported by Thomas Ward
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
oidentd (Debian)
Fix Released
Unknown
oidentd (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

When used in conjunction with IRC bouncer software or many-client setups with oidentd, a new oidentd process will be spawned for each oidentd connection request, and the previous processes won't terminate/end.

Attached are modified oident.confs in the system in question, and a modified init.d with a -l 10 option which fixes this issue.

I would suggest patching the init.d item to fix the init.d script to change the default options to limit the number of processes/simultaneous connections that can be handled.

This may not be a security bug, but this malfunction can in certain cases eat up to 1GB or more of RAM, and can lead so system instability.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: oidentd 2.0.8-4
ProcVersionSignature: Ubuntu 3.2.0-29.46-generic 3.2.24
Uname: Linux 3.2.0-29-generic x86_64
ApportVersion: 2.0.1-0ubuntu15.1
Architecture: amd64
Date: Sun Dec 30 22:15:20 2012
InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120817.3)
MarkForUpload: True
ProcEnviron:
 LANGUAGE=en_GB:en
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SourcePackage: oidentd
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.init.d.oidentd: 2012-12-29T00:14:51.948475
mtime.conffile..etc.oidentd.conf: 2012-11-26T17:39:28.092475

See original description
Revision history for this message
Thomas Ward (teward) wrote :
Thomas Ward (teward)
description: updated
Thomas Ward (teward)
Changed in oidentd (Ubuntu):
importance: Undecided → Low
Bug Watch Updater (bug-watch-updater)
Changed in oidentd (Debian):
status: Unknown → Incomplete
Revision history for this message
Magnus Holmgren (holmgren) wrote :

I'm not sure ... On the one hand most users will only need to accept one or at most a handful connections at a time, and opening many connections can be used as a form of DoS attack, but on the other hand I think there are other services that use more memory, and those users that need to can add -l to OIDENT_OPTIONS in /etc/default/oident. Also, there is a timeout after which connections are terminated and which can be shortened with -t.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package oidentd - 2.4.0-1

---------------
oidentd (2.4.0-1) unstable; urgency=low

  * New upstream release with rewritten documentation (Closes: #712393).
    Drop lintian override.
  * Drop build dependency on libcap-ng-dev, which is no longer needed.
  * Change connection limit in default /etc/default/oidentd to 10 (Closes:
    #697030, LP: #1094773).
  * Add systemd service and socket units (like upstream's, but with
    support for the same options as the init script). Depend on iproute2
    to let scripts be short.
  * Build with --enable-debug.
  * Update debian/copyright, using machine-readable format.

 -- Magnus Holmgren <email address hidden> Sat, 14 Sep 2019 23:44:59 +0200

Changed in oidentd (Ubuntu):
status: New → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in oidentd (Debian):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.