Package: libnss-mysql-bg Version: 1.5-3+b3 Severity: serious Justification: Policy 4.3
Hello, I have found that the Debian patch 04_shadow.diff to libnss-mysql-bg causes the library to hang under completely typical usage. I am using libnss-mysql-bg with chrooted SFTP as documented here: http://www.debian-administration.org/articles/590 I do not believe this to be causing the issue in question. The issue is that when a get* entity check happens under the sftp session, the server process hangs. This can be triggered simply by running 'ls' in the sftp client. A backtrace of the internal-sftp process shows the issue clearly: #0 0x00007f2ba42f6cec in __lll_lock_wait () from /lib/x86_64-linux-gnu/libpthread.so.0 #1 0x00007f2ba42f2339 in _L_lock_926 () from /lib/x86_64-linux-gnu/libpthread.so.0 #2 0x00007f2ba42f215b in pthread_mutex_lock () from /lib/x86_64-linux-gnu/libpthread.so.0 #3 0x00007f2ba0d368d9 in _nss_mysql_getgrnam_r () from /usr/lib/x86_64-linux-gnu/libnss_mysql.so.2 #4 0x00007f2ba5216a8d in getgrnam_r () from /lib/x86_64-linux-gnu/libc.so.6 #5 0x00007f2ba52160e0 in getgrnam () from /lib/x86_64-linux-gnu/libc.so.6 #6 0x00007f2ba0d361c8 in ?? () from /usr/lib/x86_64-linux-gnu/libnss_mysql.so.2 #7 0x00007f2ba0d36547 in _nss_mysql_getpwuid_r () from /usr/lib/x86_64-linux-gnu/libnss_mysql.so.2 #8 0x00007f2ba5217f4d in getpwuid_r () from /lib/x86_64-linux-gnu/libc.so.6 #9 0x00007f2ba521783f in getpwuid () from /lib/x86_64-linux-gnu/libc.so.6 Both _nss_mysql_getpwuid_r() and _nss_mysql_getgrnam_r() use _nss_mysql_lookup(), which uses a mutex. Naturally, these functions cannot be nested. The recursed nature of this execution is introduced by 04_shadow.diff, which does the following inside _nss_mysql_lookup(): + /* Get shadow gid, if needed */ + if(cur_euid != 0) { + cur_egid = getegid (); + struct group *grp = getgrnam("shadow"); + shadow_gid = (grp ? grp->gr_gid : -1); + } Assuming getgrnam() is mapped to libnss-mysql-bg in /etc/libnss-mysql.cfg, it will re-enter libnss-mysql and block on the lock. This simple workaround allows this package to work on my system: --- lookup.c.orig 2013-11-19 20:16:12.778779823 +0000 +++ lookup.c 2013-11-19 20:17:05.622959118 +0000 @@ -143,8 +143,7 @@ /* Get shadow gid, if needed */ if(cur_euid != 0) { cur_egid = getegid (); - struct group *grp = getgrnam("shadow"); - shadow_gid = (grp ? grp->gr_gid : -1); + shadow_gid = 42; } D ("%s: restricted = %d, cur_euid = %u", FUNCNAME, restricted, cur_euid); This is obviously not the correct solution for the package, but it allows it to be used on my servers, and any server with Debian-standard group numbering. It is not clear what the original patch was actually trying to accomplish, so I cannot write a correct real fix. -- System Information: Debian Release: 7.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libnss-mysql-bg depends on: ii libc6 2.13-38 ii libmysqlclient18 5.5.31+dfsg-0+wheezy1 ii multiarch-support 2.13-38 ii zlib1g 1:1.2.7.dfsg-13 libnss-mysql-bg recommends no packages. Versions of packages libnss-mysql-bg suggests: ii libpam-mysql 0.7~RC1-4+b3 pn mysql-server <none> -- Configuration Files: /etc/libnss-mysql-root.cfg [Errno 13] Permission denied: u'/etc/libnss-mysql-root.cfg' /etc/libnss-mysql.cfg changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
