[Bug 2042744] Re: su -s /bin/sh -c "keystone-manage db_sync" keystone
@f11gar0, thank you for the research on this. Since you've modified eventlet code it's not possible for Keystone to carry it directly but I'm wondering if you've submitted this code to the eventlet repository and/or if there is a public bug about this issue that has bee filed there? Thanks again! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2042744 Title: su -s /bin/sh -c "keystone-manage db_sync" keystone To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/2042744/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2042744] Re: su -s /bin/sh -c "keystone-manage db_sync" keystone
When switching a bug's type from Public to Public Security, please clarify what about it leads you to suspect it represents an exploitable vulnerability. I'm switching it back to a regular Public bug in the meantime. If this was triggered by the earlier mention of a use-after-free condition, it didn't seem to imply that the underlying bug was inside keystone, but maybe should be filed against the eventlet project instead. ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2042744 Title: su -s /bin/sh -c "keystone-manage db_sync" keystone To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/2042744/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2042744] Re: su -s /bin/sh -c "keystone-manage db_sync" keystone
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2042744 Title: su -s /bin/sh -c "keystone-manage db_sync" keystone To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/2042744/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2042744] Re: su -s /bin/sh -c "keystone-manage db_sync" keystone
The fix provided by @f11gar0 solved the problem for me. Thank you dear friend! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2042744 Title: su -s /bin/sh -c "keystone-manage db_sync" keystone To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/2042744/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2042744] Re: su -s /bin/sh -c "keystone-manage db_sync" keystone
i FIX this with some thread.py edit: vi /usr/lib/python3/dist-packages/eventlet/green/thread.py (or your path to thread.py from exception traceback) find this code: def get_ident(gr=None): if gr is None: return id(greenlet.getcurrent()) else: return id(gr) and make try-except contruction for get id like this: def get_ident(gr=None): try: if gr is None: return id(greenlet.getcurrent()) else: return id(gr) except: return id(gr) retry: su -s /bin/bash keystone -c "keystone-manage db_sync" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2042744 Title: su -s /bin/sh -c "keystone-manage db_sync" keystone To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/2042744/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2042744] Re: su -s /bin/sh -c "keystone-manage db_sync" keystone
W/ a fresh install of 22.04.04 + bobcat, not seeing the suggested fix from @tshebin work: ``` root@utility-04:/home/pmdev# grep keystone /etc/passwd keystone:x:122:130::/var/lib/keystone:/bin/bash root@utility-04:/home/pmdev# su -s /bin/sh -c "keystone-manage db_sync" keystone Exception ignored in: Traceback (most recent call last): File "/usr/lib/python3.10/logging/__init__.py", line 846, in _removeHandlerRef File "/usr/lib/python3.10/logging/__init__.py", line 226, in _acquireLock File "/usr/lib/python3.10/threading.py", line 164, in acquire File "/usr/lib/python3/dist-packages/eventlet/green/thread.py", line 34, in get_ident AttributeError: 'NoneType' object has no attribute 'getcurrent' ``` -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2042744 Title: su -s /bin/sh -c "keystone-manage db_sync" keystone To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/2042744/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2042744] Re: su -s /bin/sh -c "keystone-manage db_sync" keystone
This has nothing to do with the shell. I've changed the shell to /bin/bash, then `su - keystone` then `keystone-manage db_sync` and I still get the error. I'm stuck trying to install it on Ubuntu 22.04.4 LTS. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2042744 Title: su -s /bin/sh -c "keystone-manage db_sync" keystone To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/2042744/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2042744] Re: su -s /bin/sh -c "keystone-manage db_sync" keystone
guys the error occurs because of the permissions of keystone user grep keystone /etc/passwd if this commands gives the result with something like this /usr/sbin/nologin or /bin/false then change it using usermod -s /bin/bash keystone after this install and configure within the keystone user or in root user also make sure the keystone user is not flagged as system account. This helped me in setting the keystone i am using ubuntu 22.04.03 lts and openstack antelope -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2042744 Title: su -s /bin/sh -c "keystone-manage db_sync" keystone To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/2042744/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2042744] Re: su -s /bin/sh -c "keystone-manage db_sync" keystone
Seems like it's a weakref black magic. wr is dead when _removeHandlerRef called It's too much for me, I just hack it out: def _removeHandlerRef(wr): """ ... if wr() is None: return ... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2042744 Title: su -s /bin/sh -c "keystone-manage db_sync" keystone To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/2042744/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2042744] Re: su -s /bin/sh -c "keystone-manage db_sync" keystone
** Changed in: keystone Importance: Undecided => Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2042744 Title: su -s /bin/sh -c "keystone-manage db_sync" keystone To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/2042744/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2042744] Re: su -s /bin/sh -c "keystone-manage db_sync" keystone
looks like kind of use-after-free I tried to trace it /usr/lib/python3/dist-packages/eventlet/green/thread.py ... def get_ident(gr=None): traceback.print_stack() ... and got AttributeError: 'NoneType' object has no attribute 'print_stack' On the other side if traceback one level up /usr/lib/python3.10/threading.py def acquire(self, blocking=True, timeout=-1): ... traceback.print_stack() then last 2 stacks begins with sys.exit() and h.close(): File "/usr/bin/keystone-manage", line 10, in sys.exit(main()) File "/usr/lib/python3.10/threading.py", line 165, in acquire traceback.print_stack() File "/usr/lib/python3.10/logging/__init__.py", line 2183, in shutdown h.close() ... File "/usr/lib/python3.10/threading.py", line 165, in acquire traceback.print_stack() -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2042744 Title: su -s /bin/sh -c "keystone-manage db_sync" keystone To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/2042744/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs