From dean@stack.nl  Fri May 27 12:56:47 2005
Return-Path: <dean@stack.nl>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 073D216A41C
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 27 May 2005 12:56:47 +0000 (GMT)
	(envelope-from dean@stack.nl)
Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B82F943D1D
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 27 May 2005 12:56:46 +0000 (GMT)
	(envelope-from dean@stack.nl)
Received: from toad.stack.nl (zen.stack.nl [IPv6:2001:610:1108:5010::130])
	by mailhost.stack.nl (Postfix) with ESMTP id E19111F1BC
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 27 May 2005 14:56:45 +0200 (CEST)
Received: by toad.stack.nl (Postfix, from userid 1600)
	id BB74088; Fri, 27 May 2005 14:56:45 +0200 (CEST)
Message-Id: <20050527125645.BB74088@toad.stack.nl>
Date: Fri, 27 May 2005 14:56:45 +0200 (CEST)
From: Dean Strik <dean@stack.nl>
Reply-To: Dean Strik <dean@stack.nl>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Cron exits from SIGPIPE after crontab -e when using NSS-LDAP
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         81555
>Category:       bin
>Synopsis:       Cron exits from SIGPIPE after crontab -e when using NSS-LDAP
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 27 13:00:13 GMT 2005
>Closed-Date:    Fri Aug 26 11:31:16 GMT 2005
>Last-Modified:  Fri Aug 26 11:31:16 GMT 2005
>Originator:     Dean Strik
>Release:        FreeBSD 5.4-RELEASE-p1
>Organization:
Eindhoven University of Technology
>Environment:
FreeBSD tesla.stack.nl 5.4-RELEASE-p1 FreeBSD 5.4-RELEASE-p1 #2: Tue May 17 19:53:43 CEST 2005     root@snail.stack.nl:/usr/obj/usr/src/sys/SMP  i386

SMP system (dual P2-233) using NSS-LDAP (static root).
>Description:

	Cron(8) seems to exit after a SIGPIPE when a user runs crontab
-e.  This way normal users can effectively, even without intent, easily
kill the cron daemon, so this is serious.

	I ktraced one cron daemon, and it shows a SIGPIPE (and therefore
exit) after using NSS-LDAP lookups. So local users do not trigger the
problem, but LDAP users do.

>How-To-Repeat:
	As local user with account info in LDAP, run crontab -e and save.
>Fix:
	Haven't looked at a fix yet, but perhaps ignoring SIGPIPE is the
way to here.
>Release-Note:
>Audit-Trail:

From: Dick Davies <rasputnik@hellooperator.net>
To: bug-followup@FreeBSD.org, dean@stack.nl
Cc:  
Subject: Re: bin/81555: Cron exits from SIGPIPE after crontab -e when using NSS-LDAP
Date: Sat, 4 Jun 2005 11:35:56 +0100

 This also appears to be an issue with non-ldap users on 5.4, providing the system 
 has some nss_ldap accounts. I'm not sure whether it's because my initial (ssh) login
 was nss_ldap based.
 
 -- 
 'When the door hits you in the ass on the way out, clean off the smudge
  your ass leaves, please'
 		-- Alien loves Predator
 Rasputin :: Jack of All Trades - Master of Nuns

From: Dean Strik <dean@stack.nl>
To: Dick Davies <rasputnik@hellooperator.net>
Cc: bug-followup@FreeBSD.org, dean@stack.nl
Subject: Re: bin/81555: Cron exits from SIGPIPE after crontab -e when using NSS-LDAP
Date: Sun, 12 Jun 2005 17:24:59 +0200

 --cWoXeonUoKmBZSoM
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 Dick Davies wrote:
 > This also appears to be an issue with non-ldap users on 5.4, providing the system 
 > has some nss_ldap accounts. I'm not sure whether it's because my initial (ssh) login
 > was nss_ldap based.
 
 Actually it must've been because of your ssh login was nss-ldap based.
 You can verify this by restarting sshd after putting your account in
 /etc/passwd to test.
 
 By the way, simply ignoring the SIGPIPE works well for me. Trivial patch
 attached.
 
 Cheers,
 Dean
 
 -- 
 Dean C. Strik             Eindhoven University of Technology
 dean@stack.nl  |  dean@ipnet6.org  |  http://www.ipnet6.org/
 "This isn't right. This isn't even wrong." -- Wolfgang Pauli
 
 --cWoXeonUoKmBZSoM
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="cron.c.patch"
 
 --- usr.sbin/cron/cron/cron.c	Sun Jun 12 17:18:18 2005
 +++ usr.sbin/cron/cron/cron.c	Sun Jun 12 17:18:36 2005
 @@ -80,6 +80,7 @@
  
  	parse_args(argc, argv);
  
 +	(void) signal(SIGPIPE, SIG_IGN);
  #ifdef USE_SIGCHLD
  	(void) signal(SIGCHLD, sigchld_handler);
  #else
 
 --cWoXeonUoKmBZSoM--

From: Dick Davies <rasputnik@hellooperator.net>
To: Dean Strik <dean@stack.nl>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/81555: Cron exits from SIGPIPE after crontab -e when using NSS-LDAP
Date: Wed, 22 Jun 2005 21:33:07 +0100

 * Dean Strik <dean@stack.nl> [0625 16:25]:
 > Dick Davies wrote:
 > > This also appears to be an issue with non-ldap users on 5.4, providing the system 
 > > has some nss_ldap accounts. I'm not sure whether it's because my initial (ssh) login
 > > was nss_ldap based.
 > 
 > Actually it must've been because of your ssh login was nss-ldap based.
 > You can verify this by restarting sshd after putting your account in
 > /etc/passwd to test.
 > 
 > By the way, simply ignoring the SIGPIPE works well for me. Trivial patch
 > attached.
 > 
 > Cheers,
 > Dean
 > 
 > -- 
 > Dean C. Strik             Eindhoven University of Technology
 > dean@stack.nl  |  dean@ipnet6.org  |  http://www.ipnet6.org/
 > "This isn't right. This isn't even wrong." -- Wolfgang Pauli
 
 > --- usr.sbin/cron/cron/cron.c	Sun Jun 12 17:18:18 2005
 > +++ usr.sbin/cron/cron/cron.c	Sun Jun 12 17:18:36 2005
 > @@ -80,6 +80,7 @@
 >  
 >  	parse_args(argc, argv);
 >  
 > +	(void) signal(SIGPIPE, SIG_IGN);
 >  #ifdef USE_SIGCHLD
 >  	(void) signal(SIGCHLD, sigchld_handler);
 >  #else
 
 
 That helped for me, thanks - is there any obvious downside to this ?
 
 -- 
 'Why pay the earth for expensive jigsaws? Just take a bag of frozen chips
 from the freezer and try piecing together potatoes.'
 		-- B Reastford, Iranville, Notts.
 Rasputin :: Jack of All Trades - Master of Nuns

From: Dean Strik <dean@stack.nl>
To: Dick Davies <rasputnik@hellooperator.net>
Cc: Dean Strik <dean@stack.nl>, bug-followup@FreeBSD.org
Subject: Re: bin/81555: Cron exits from SIGPIPE after crontab -e when using NSS-LDAP
Date: Thu, 23 Jun 2005 00:24:29 +0200

 Dick Davies wrote:
 > > +	(void) signal(SIGPIPE, SIG_IGN);
 > That helped for me, thanks - is there any obvious downside to this ?
 
 No... crond won't ever see a legitimate SIGPIPE anyway.
 
 -- 
 Dean C. Strik             Eindhoven University of Technology
 dean@stack.nl  |  dean@ipnet6.org  |  http://www.ipnet6.org/
 "This isn't right. This isn't even wrong." -- Wolfgang Pauli

From: "Thomas Sandford" <freebsduser@paradisegreen.co.uk>
To: <bug-followup@FreeBSD.org>, <dean@stack.nl>, <rasputnik@hellooperator.net>
Cc:  
Subject: Re: bin/81555: Cron exits from SIGPIPE after crontab -e when using NSS-LDAP
Date: Thu, 30 Jun 2005 13:07:46 +0100

 Are there other things that are going to be affected by this "login via SSH 
 using an LDAP account" issue. I can't quite work out how this could affect a 
 system daemon which should surely be running with terminal detached anyway 
 (and certainly looks like it from a quick ps -auxww). [I haven't yet spent 
 much time examining the source to see why this occurs].
 
 -- 
 Thomas Sandford 
 
 

From: "Thomas Sandford" <freebsduser@paradisegreen.co.uk>
To: <bug-followup@FreeBSD.org>, <dean@stack.nl>
Cc:  
Subject: Re: bin/81555: Cron exits from SIGPIPE after crontab -e when using NSS-LDAP
Date: Thu, 30 Jun 2005 13:48:05 +0100

 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=130006 refers to what I 
 suspect is the actual bug.
 
 -- 
 Thomas Sandford 
 
 

From: Dick Davies <rasputnik@hellooperator.net>
To: Thomas Sandford <freebsduser@paradisegreen.co.uk>
Cc: bug-followup@FreeBSD.org, dean@stack.nl, rasputnik@hellooperator.net
Subject: Re: bin/81555: Cron exits from SIGPIPE after crontab -e when using NSS-LDAP
Date: Thu, 30 Jun 2005 15:24:35 +0100

 * Thomas Sandford <freebsduser@paradisegreen.co.uk> [0608 13:08]:
 > Are there other things that are going to be affected by this "login via SSH 
 > using an LDAP account" issue. I can't quite work out how this could affect 
 > a system daemon which should surely be running with terminal detached 
 > anyway (and certainly looks like it from a quick ps -auxww). [I haven't yet 
 > spent much time examining the source to see why this occurs].
 
 It's not just via ssh. *any* user on an nss-ldap box can crash crond by running
 crontab -e.
 
 I'm guessing cron looks up a uid in a non-nss aware way somehow and dies when it can't find
 them, but I don't really know enough of the system to explain further.
 
 -- 
 'Olympic athletes. Disguise the fact that you've taken anabolic steroids by running a bit slower.'
 		-- B. Johnson, Canada
 Rasputin :: Jack of All Trades - Master of Nuns

From: "Thomas Sandford" <freebsduser@paradisegreen.co.uk>
To: "Dick Davies" <rasputnik@hellooperator.net>
Cc: <bug-followup@FreeBSD.org>, <dean@stack.nl>, <rasputnik@hellooperator.net>,
        <nectar@FreeBSD.org>
Subject: Re: bin/81555: Cron exits from SIGPIPE after crontab -e when usingNSS-LDAP
Date: Thu, 30 Jun 2005 16:39:32 +0100

 >* "Dick Davies" <rasputnik@hellooperator.net>
 > ...
 >
 > I'm guessing cron looks up a uid in a non-nss aware way somehow and dies 
 > when it can't find
 > them, but I don't really know enough of the system to explain further.
 
 I've done some more digging.
 
 The real bug is in nss_ldap. The current FreeBSD port is of a 2 year old 
 version and from
 comments in the changelog in the current version of nss_ldap this bug is 
 known and fixed.
 
 [the bug has been found before - as I understand it, nss_ldap doesn't mask 
 signals correctly,
 and if the connection to the server has closed a SIGPIPE error is generated. 
 nss_ldap masks,
 but doesn't ignore this signal and so continues on, but when the signal is 
 unmasked the cron
 (or whatever) process gets the signal. D'oh!].
 
 Unfortunately the current nss_ldap version (239 vs 204 in FreeBSD ports) 
 cannot be compiled
 by the ports harness "as-is" as there are changes to the patched files - 
 there also appears to
 be a bug in the Makefile.in for this version. I'm seeing if I can come up 
 with some revised
 patches for this port to get it to build.
 
 [Maintainer for ports/net/nss-ldap copied on this email/followup].
 
 -- 
 Thomas Sandford 
 
 

From: "Thomas Sandford" <freebsduser@paradisegreen.co.uk>
To: <bug-followup@FreeBSD.org>, <dean@stack.nl>
Cc: <rasputnik@hellooperator.net>, <nectar@FreeBSD.org>
Subject: Re: bin/81555: Cron exits from SIGPIPE after crontab -e when using NSS-LDAP
Date: Thu, 30 Jun 2005 22:52:39 +0100

 I can confirm that updating nss_ldap to the latest version (239) fixes the 
 problem without the need for a patch to cron.
 
 I have raised a new PR ports/82841 requesting that ports/net/nss_ldap be 
 updated (and including the necessary patches to the port).
 
 -- 
 Thomas Sandford
 
 
 

From: Dean Strik <dean@stack.nl>
To: Thomas Sandford <freebsduser@paradisegreen.co.uk>
Cc: bug-followup@FreeBSD.org, dean@stack.nl,
	rasputnik@hellooperator.net, nectar@FreeBSD.org
Subject: Re: bin/81555: Cron exits from SIGPIPE after crontab -e when using NSS-LDAP
Date: Fri, 1 Jul 2005 00:36:46 +0200

 Thomas Sandford wrote:
 > I can confirm that updating nss_ldap to the latest version (239) fixes the 
 > problem without the need for a patch to cron.
 > 
 > I have raised a new PR ports/82841 requesting that ports/net/nss_ldap be 
 > updated (and including the necessary patches to the port).
 
 Thanks for doing this - it's much better to fix the root of the problem
 - and of course having nss_ldap uptodate is good too.
 
 -- 
 Dean C. Strik             Eindhoven University of Technology
 dean@stack.nl  |  dean@ipnet6.org  |  http://www.ipnet6.org/
 "This isn't right. This isn't even wrong." -- Wolfgang Pauli

From: Dick Davies <rasputnik@hellooperator.net>
To: Thomas Sandford <freebsduser@paradisegreen.co.uk>
Cc: bug-followup@FreeBSD.org, dean@stack.nl, rasputnik@hellooperator.net,
	nectar@FreeBSD.org
Subject: Re: bin/81555: Cron exits from SIGPIPE after crontab -e when using NSS-LDAP
Date: Fri, 1 Jul 2005 07:48:17 +0100

 * Thomas Sandford <freebsduser@paradisegreen.co.uk> [0652 22:52]:
 > I can confirm that updating nss_ldap to the latest version (239) fixes the 
 > problem without the need for a patch to cron.
 > 
 > I have raised a new PR ports/82841 requesting that ports/net/nss_ldap be 
 > updated (and including the necessary patches to the port).
 
 Good work, thanks a lot!
 
 -- 
 'Oh. Your. God.'
 		-- Bender
 Rasputin :: Jack of All Trades - Master of Nuns
State-Changed-From-To: open->closed 
State-Changed-By: matteo 
State-Changed-When: Fri Aug 26 11:30:42 GMT 2005 
State-Changed-Why:  
Fixed 

http://www.freebsd.org/cgi/query-pr.cgi?pr=81555 
>Unformatted:
