This problem is broader than slave KDCs; it can potentially affect any
write operation on a KDC with sufficiently many (more than a few
hundred) principals, causing database corruption or denial of service.
Altering the test case to create one principal per invocation of
kadmin.local shows that
This problem is broader than slave KDCs; it can potentially affect any
write operation on a KDC with sufficiently many (more than a few
hundred) principals, causing database corruption or denial of service.
Altering the test case to create one principal per invocation of
kadmin.local shows that
I’ve written a test case that clearly demonstrates the GCC 4.8 bug
responsible for the kadmin.local failure:
$ gcc-4.8 -Wall -O2 bug.c -o bug
$ ./bug
$ echo $?
1
$ gcc-4.9 -Wall -O2 bug.c -o bug
$ ./bug
$ echo $?
0
A git bisection of the GCC source shows that this bug disappeared in
** Bug watch added: GCC Bugzilla #61964
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=61964
** Also affects: gcc via
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=61964
Importance: Unknown
Status: Unknown
** Bug watch added: krbdev.mit.edu/rt/ #7860
Thank you for taking the time to report this bug and helping to make
Ubuntu better.
I don't follow all of the conversation here. Is it clear that the
workaround suggested (https://github.com/krb5/krb5/commit/26d8744129) is
still valid, should be applied to the version of krb5 in Utopic, will
fix
22:56 tlyu rbasak: do you consider the current test case (comment #1)
inadequate?
23:01 rbasak tlyu: I'm sorry. That test case is fine. I missed it when
writing my comment.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in
The workaround suggested
(https://github.com/krb5/krb5/commit/26d8744129) is still valid, and
appears on upstream's 1.12 release branch already (as
https://github.com/krb5/krb5/commit/c7bb9278ad12c9). It will appear in
the 1.12.2 release. Furthermore, I have applied it to the Debian
packaging as
I'm happy to upload a new krb5 to debian so you can sync it if you want
that approach.
I'm also happy if Ubuntu wants to go with a binary rebuild of krb5.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
Please see https://launchpad.net/~hartmans/+archive/ubuntu/krb5 for
trusty packages that should fix the problem.
Can I get confirmation from Tom or someone else that without these
packages trusty fails the reproduce test in comment #1 and with them, it
succeeds the test proposed in comment #1?
I'm sorry, can I get someone to test the packages at
https://launchpad.net/~hartmans/+archive/ubuntu/ubuntu-fixes
not the URI I gave in the previous message.
I pulled the wrong PPA off my home page.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
** Branch linked: lp:~hartmans/ubuntu/trusty/krb5/gss-infinite-loop
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1347147
Title:
krb5 database propagation enters infinite loop
To
I confirm that the packages at
https://launchpad.net/~hartmans/+archive/ubuntu/ubuntu-fixes appear to
fix the problem for Trusty amd64, based on the test case in comment #1.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in
I’ve written a test case that clearly demonstrates the GCC 4.8 bug
responsible for the kadmin.local failure:
$ gcc-4.8 -Wall -O2 bug.c -o bug
$ ./bug
$ echo $?
1
$ gcc-4.9 -Wall -O2 bug.c -o bug
$ ./bug
$ echo $?
0
A git bisection of the GCC source shows that this bug disappeared in
** Bug watch added: GCC Bugzilla #61964
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=61964
** Also affects: gcc via
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=61964
Importance: Unknown
Status: Unknown
** Bug watch added: krbdev.mit.edu/rt/ #7860
Thank you for taking the time to report this bug and helping to make
Ubuntu better.
I don't follow all of the conversation here. Is it clear that the
workaround suggested (https://github.com/krb5/krb5/commit/26d8744129) is
still valid, should be applied to the version of krb5 in Utopic, will
fix
22:56 tlyu rbasak: do you consider the current test case (comment #1)
inadequate?
23:01 rbasak tlyu: I'm sorry. That test case is fine. I missed it when
writing my comment.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
The workaround suggested
(https://github.com/krb5/krb5/commit/26d8744129) is still valid, and
appears on upstream's 1.12 release branch already (as
https://github.com/krb5/krb5/commit/c7bb9278ad12c9). It will appear in
the 1.12.2 release. Furthermore, I have applied it to the Debian
packaging as
I'm happy to upload a new krb5 to debian so you can sync it if you want
that approach.
I'm also happy if Ubuntu wants to go with a binary rebuild of krb5.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Please see https://launchpad.net/~hartmans/+archive/ubuntu/krb5 for
trusty packages that should fix the problem.
Can I get confirmation from Tom or someone else that without these
packages trusty fails the reproduce test in comment #1 and with them, it
succeeds the test proposed in comment #1?
I'm sorry, can I get someone to test the packages at
https://launchpad.net/~hartmans/+archive/ubuntu/ubuntu-fixes
not the URI I gave in the previous message.
I pulled the wrong PPA off my home page.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Branch linked: lp:~hartmans/ubuntu/trusty/krb5/gss-infinite-loop
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1347147
Title:
krb5 database propagation enters infinite loop
To manage
I confirm that the packages at
https://launchpad.net/~hartmans/+archive/ubuntu/ubuntu-fixes appear to
fix the problem for Trusty amd64, based on the test case in comment #1.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Test case:
On Ubuntu 14.04 on amd64, install krb5-admin-server and krb5-kdc.
kdb5_util -W -r T create -s
awk 'BEGIN{ for (i = 0; i 1024; i++) { printf(ank -randkey a%06d\n, i) } }'
/dev/null | kadmin.local -r T
For me, kadmin.local begins consuming nearly 100% CPU starting at
a000762. This
Note that krb5 in utopic amd64 was compiled against gcc 4.9.0-10ubuntu2
(build log: https://launchpadlibrarian.net/179748030/buildlog_ubuntu-
utopic-amd64.krb5_1.12.1%2Bdfsg-3ubuntu1_UPLOADING.txt.gz). So it looks
like it might be wrong to believe that GCC 4.9 does not induce this
problem.
--
Reproduced on current utopic amd64, with the same results, kadmin.local
spinning at 100% CPU on a000762.
** Tags added: regression-release testcase trusty utopic
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
However, the problem seems to go away after locally recompiling krb5
1.12.1+dfsg-3ubuntu1 with gcc-4.9 4.9.1-3ubuntu2.
(This could still indicate any number of things, though.)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in
Sorry, I read the build log incorrectly in comment #3. krb5 in utopic
amd64 was actually compiled against gcc-4.8 4.8.3-4ubuntu2. So the
belief may still be valid.
(I was misled because the metapackage gcc 4:4.9.0-3ubuntu5 actually
installed a symlink to gcc-4.8, despite the version number.)
--
Test case:
On Ubuntu 14.04 on amd64, install krb5-admin-server and krb5-kdc.
kdb5_util -W -r T create -s
awk 'BEGIN{ for (i = 0; i 1024; i++) { printf(ank -randkey a%06d\n, i) } }'
/dev/null | kadmin.local -r T
For me, kadmin.local begins consuming nearly 100% CPU starting at
a000762. This
Reproduced on current utopic amd64, with the same results, kadmin.local
spinning at 100% CPU on a000762.
** Tags added: regression-release testcase trusty utopic
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Note that krb5 in utopic amd64 was compiled against gcc 4.9.0-10ubuntu2
(build log: https://launchpadlibrarian.net/179748030/buildlog_ubuntu-
utopic-amd64.krb5_1.12.1%2Bdfsg-3ubuntu1_UPLOADING.txt.gz). So it looks
like it might be wrong to believe that GCC 4.9 does not induce this
problem.
--
However, the problem seems to go away after locally recompiling krb5
1.12.1+dfsg-3ubuntu1 with gcc-4.9 4.9.1-3ubuntu2.
(This could still indicate any number of things, though.)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Sorry, I read the build log incorrectly in comment #3. krb5 in utopic
amd64 was actually compiled against gcc-4.8 4.8.3-4ubuntu2. So the
belief may still be valid.
(I was misled because the metapackage gcc 4:4.9.0-3ubuntu5 actually
installed a symlink to gcc-4.8, despite the version number.)
--
32 matches
Mail list logo