setpag() sometimes fails to create a session keyring

Bug #723481 reported by Anders Kaseorg
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openafs (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

AFS PAM modules can call setpag() as root, regardless of the UID being authenticated, which causes a session keyring to be created using root’s quota. On heavily loaded systems, this can fail when the quota runs out.

This was fixed upstream by http://git.openafs.org/?p=openafs.git;a=commitdiff;h=c4537f0442ac7ecbf8c946de45004992e17d535f

Tags: patch
Revision history for this message
Russ Allbery (rra-debian) wrote : Re: [Bug 723481] [NEW] setpag() sometimes fails to create a session keyring

Anders Kaseorg <email address hidden> writes:

> AFS PAM modules can call setpag() as root, regardless of the UID being
> authenticated, which causes a session keyring to be created using root’s
> quota. On heavily loaded systems, this can fail when the quota runs
> out.

> This was fixed upstream by
> http://git.openafs.org/?p=openafs.git;a=commitdiff;h=c4537f0442ac7ecbf8c946de45004992e17d535f

Is this different from a27015099a1dc1e41001e4a4946848f958c6a09b, which is
already in the 1.4 packages?

--
Russ Allbery (<email address hidden>) <http://www.eyrie.org/~eagle/>

Revision history for this message
Anders Kaseorg (andersk) wrote :

Yes.

Here’s a debdiff against wheezy’s package. I’m currently building it in https://launchpad.net/~openafs/+archive/stable .

tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openafs - 1.4.14+dfsg-1+ubuntu1

---------------
openafs (1.4.14+dfsg-1+ubuntu1) natty; urgency=low

  * Apply upstream deltas for kernel 2.6.38 support (LP: #675768):
    - [02f2c7cb] Linux: Add autoconf macro for structure checks
    - [a89d6b02] Linux: Add general autoconf macro for Linux kernel
    - [08bb83d9] linux: 2.6.38: New d_op handling
    - [52556d50] linux: 2.6.38: Make d_revalidate RCU-walk aware
    - [ca38c954] Linux: allow compile flags to be passed to AC_CHECK_LINUX_BUILD
    - [5bcc0ea7] Linux: 2.6.38: Adjust for permission inode operation changes
    - [2eca7aef] Linux: 2.6.38: deal with dcache_lock removal
    - [281f5bf5] Linux: 2.6.38: dentry->d_count is not an atomic
  * Apply upstream deltas:
    - [c4537f04] Don't count root session keyrings against quota (LP: #723481)
    - [dfcd3fca] Linux: Reduce key_alloc flags confusion
      (from http://gerrit.openafs.org/4033)
    - [01c6e6bb] Linux: install_session_keyring: key_alloc flags are
      unsigned long
      (from http://gerrit.openafs.org/4034)
 -- Anders Kaseorg <email address hidden> Tue, 22 Feb 2011 20:17:04 -0500

Changed in openafs (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.