nscd should not cache netgroups by default

Bug #1068889 reported by Mark Russell on 2012-10-19
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eglibc (Ubuntu)
Medium
Adam Conrad
Precise
Medium
Adam Conrad
Quantal
Undecided
Adam Conrad

Bug Description

[Impact / Justification]
The new netgroup caching feature seems to be plagued with issues, including random segfaults, and just plain not returning useful results, depending on your test bed. This patch doesn't address any of the actual issues, but just disabled netgroup caching in the default /etc/nscd.conf to discourage its use.

[Test Case]
Check after upgrade or fresh install that /etc/nscd.conf has netgroup caching disabled. This being a dpkg conffile, it won't be changed if you've modified it locally.

[Regression Potential]
Disabling a broken feature doesn't likely have much regression potential. We got here after spending a great deal of time trying to debug all the breakages with someone who was trying to use it, so I'm unconvinced anyone's using it successfully.

[Original Report]
Netgroup caching is a rather new feature of nscd. It only entered the eglibc source tree late last year and the first upstream release of nscd to include netgroup caching was on March 21, 2012 [1]. Thus, it's is a feature that is not likely deployed at any significant scale anywhere currently. And so it has poor general test coverage.

We have reports that this feature either segfaults nscd [1] or that even when it doesn't crash, the feature still doesn't work [2].

The "enabled" setting is inherited from upstream, but I think at least for precise, we should default to disabled.

[1] LP: #997096
[2] LP: #997752

Mark Russell (marrusl) on 2012-10-19
tags: added: precise
Adam Conrad (adconrad) on 2012-10-19
Changed in eglibc (Ubuntu):
assignee: nobody → Adam Conrad (adconrad)
Changed in eglibc (Ubuntu Precise):
assignee: nobody → Adam Conrad (adconrad)
Changed in eglibc (Ubuntu Precise):
importance: Undecided → Medium
Changed in eglibc (Ubuntu):
importance: Undecided → Medium
Adam Conrad (adconrad) on 2012-11-26
Changed in eglibc (Ubuntu):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eglibc - 2.16-0ubuntu7

---------------
eglibc (2.16-0ubuntu7) raring; urgency=low

  * Merge with 2.16-0experimental1 from Debian, bringing in my
    upstream version of the C++ header autodetection patch, some
    packaging and upgrade fixes, and reducing our delta further.
  * Fix debian/tests/control syntax for autopkgtest (LP: #1081500)
  * Add patch ubuntu/local-disable-nscd-netgroup-caching.diff to
    disable netgroup caching in the default config (LP: #1068889)
  * Backport any/cvs-malloc-deadlock.diff from upstream to prevent
    glibc deadlocking in mallock arena retry paths (LP: #1081734)
 -- Adam Conrad <email address hidden> Sun, 25 Nov 2012 19:00:46 -0700

Changed in eglibc (Ubuntu):
status: Fix Committed → Fix Released
Adam Conrad (adconrad) on 2013-01-28
description: updated
Adam Conrad (adconrad) on 2013-01-28
Changed in eglibc (Ubuntu Quantal):
assignee: nobody → Adam Conrad (adconrad)

Hello Mark, or anyone else affected,

Accepted eglibc into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in eglibc (Ubuntu Precise):
status: New → Fix Committed
tags: added: verification-needed
Changed in eglibc (Ubuntu Quantal):
status: New → Fix Committed
Colin Watson (cjwatson) wrote :

Hello Mark, or anyone else affected,

Accepted eglibc into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu20.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Adam Conrad (adconrad) wrote :

Verified that on fresh install or upgrades, nscd.conf disables the netgroup cache by default, on both precise and quantal.

tags: added: verification-done
removed: verification-needed

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eglibc - 2.15-0ubuntu10.4

---------------
eglibc (2.15-0ubuntu10.4) precise; urgency=low

  * Add patch ubuntu/local-disable-nscd-netgroup-caching.diff to
    disable netgroup caching in the default config (LP: #1068889)
  * Backport any/cvs-malloc-deadlock.diff from upstream to prevent
    glibc deadlocking in mallock arena retry paths (LP: #1081734)
  * Fix futex issue (BZ #13844), backport from 2.16 (LP: #1091186)
  * Drop patch any/local-disable-nscd-host-caching.diff, as this
    bug was apparently resolved upstream a while ago (LP: #613662)
  * Add patch any/cvs-ld-self-load.diff to restore ld.so's ability
    to load itself, a behaviour accidentally removed (LP: #1088677)
  * Drop dangling libnss_db.so symlink in libc6-dev (LP: #1088773)
 -- Adam Conrad <email address hidden> Sun, 27 Jan 2013 16:46:30 -0700

Changed in eglibc (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eglibc - 2.15-0ubuntu20.1

---------------
eglibc (2.15-0ubuntu20.1) quantal; urgency=low

  * Add patch ubuntu/local-disable-nscd-netgroup-caching.diff to
    disable netgroup caching in the default config (LP: #1068889)
  * Backport any/cvs-malloc-deadlock.diff from upstream to prevent
    glibc deadlocking in mallock arena retry paths (LP: #1081734)
  * Fix futex issue (BZ #13844), backport from 2.16 (LP: #1091186)
  * Drop patch any/local-disable-nscd-host-caching.diff, as this
    bug was apparently resolved upstream a while ago (LP: #613662)
  * Add patch any/cvs-ld-self-load.diff to restore ld.so's ability
    to load itself, a behaviour accidentally removed (LP: #1088677)
  * Drop dangling libnss_db.so symlink in libc6-dev (LP: #1088773)
 -- Adam Conrad <email address hidden> Sun, 27 Jan 2013 16:46:30 -0700

Changed in eglibc (Ubuntu Quantal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers