oidentd spawns a new process for all new connections unless -l [number] defined
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
oidentd (Debian) |
Fix Released
|
Unknown
|
|||
oidentd (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
When used in conjunction with IRC bouncer software or many-client setups with oidentd, a new oidentd process will be spawned for each oidentd connection request, and the previous processes won't terminate/end.
Attached are modified oident.confs in the system in question, and a modified init.d with a -l 10 option which fixes this issue.
I would suggest patching the init.d item to fix the init.d script to change the default options to limit the number of processes/
This may not be a security bug, but this malfunction can in certain cases eat up to 1GB or more of RAM, and can lead so system instability.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: oidentd 2.0.8-4
ProcVersionSign
Uname: Linux 3.2.0-29-generic x86_64
ApportVersion: 2.0.1-0ubuntu15.1
Architecture: amd64
Date: Sun Dec 30 22:15:20 2012
InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120817.3)
MarkForUpload: True
ProcEnviron:
LANGUAGE=en_GB:en
TERM=xterm
PATH=(custom, no user)
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: oidentd
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile.
mtime.conffile.
description: | updated |
Changed in oidentd (Ubuntu): | |
importance: | Undecided → Low |
Changed in oidentd (Debian): | |
status: | Unknown → Incomplete |
Changed in oidentd (Debian): | |
status: | Incomplete → Fix Released |
I'm not sure ... On the one hand most users will only need to accept one or at most a handful connections at a time, and opening many connections can be used as a form of DoS attack, but on the other hand I think there are other services that use more memory, and those users that need to can add -l to OIDENT_OPTIONS in /etc/default/ oident. Also, there is a timeout after which connections are terminated and which can be shortened with -t.