Your message dated Thu, 3 Jul 2008 05:17:26 +0000 (UTC)
with message-id <[EMAIL PROTECTED]>
and subject line [patch] stop fd leak in libnss-ldap
has caused the Debian Bug report #246057,
regarding libnss-ldap: Too many file descriptors when using ldapi
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
246057: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=246057
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libnss-ldap
Version: 211-4
Severity: grave
Tags: sid
Justification: renders package unusable
When running libnss-ldap with a ldapi url too many fds are open and the
ldap server stops taking connections from other hosts and username
resolution fails (eg "I have no name").
This problem does not occur if you use a TCP socket (but it is a good
idea to have timeouts) nor does it occur when in debug (-d flag) mode.
The workaround is to use ldap://localhost/ instead of ldapi:///
My testing
- Edit /etc/libnss-ldap.conf
- /etc/init.d/nscd restart
- for i in `seq 1 1000` ; do id notme$i 2>/dev/null ; done
- for i in `pgrep nscd` ; do ls /proc/$i/fd/ | wc -l ; done
Using "Host 127.0.0.1"
7 files in /proc/<pid>/fd per process
Using "uri ldapi:///"
741 files in /proc/<pid>/fd per process
I have increased the severity of this bug because it can be used as a
DoS attack. A non-privledged user can increase the number of open file
descriptors to the ldap server, meaning it will no longer take any more
connections and not allowing anyone, including root on the console, to
connect to the server.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: sparc (sparc64)
Kernel: Linux 2.4.25
Locale: LANG=C, LC_CTYPE=C
Versions of packages libnss-ldap depends on:
ii debconf 1.4.16 Debian configuration management sy
ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an
ii libdb4.1 4.1.25-17 Berkeley v4.1 Database Libraries [
ii libldap2 2.1.23-1 OpenLDAP libraries
-- debconf information excluded
--- End Message ---
--- Begin Message ---
This was fixed in 251-7.5, but never closed
--
Rick Nelson
The sourceforge approach is to place all of the projects in some bland
"open source surburbia", where all of the houses are alike, with only the
colors and minor style variations (which building plan was used for which
particular house) are allowed by the restrictive covenants and local
zoning laws. Sourceforege is the open source equivalent of the
subdivision in the movie "Edward Scissorhands".
-- Terry Lambert
--- End Message ---
