Bug 81555
| Summary: | Cron exits from SIGPIPE after crontab -e when using NSS-LDAP | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | Dean Strik <dean> | ||||
| Component: | bin | Assignee: | freebsd-bugs (Nobody) <bugs> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | 5.4-RELEASE | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
Dean Strik
2005-05-27 14:00:13 UTC
This also appears to be an issue with non-ldap users on 5.4, providing the system has some nss_ldap accounts. I'm not sure whether it's because my initial (ssh) login was nss_ldap based. -- 'When the door hits you in the ass on the way out, clean off the smudge your ass leaves, please' -- Alien loves Predator Rasputin :: Jack of All Trades - Master of Nuns Dick Davies wrote: > This also appears to be an issue with non-ldap users on 5.4, providing the system > has some nss_ldap accounts. I'm not sure whether it's because my initial (ssh) login > was nss_ldap based. Actually it must've been because of your ssh login was nss-ldap based. You can verify this by restarting sshd after putting your account in /etc/passwd to test. By the way, simply ignoring the SIGPIPE works well for me. Trivial patch attached. Cheers, Dean -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli * Dean Strik <dean@stack.nl> [0625 16:25]: > Dick Davies wrote: > > This also appears to be an issue with non-ldap users on 5.4, providing the system > > has some nss_ldap accounts. I'm not sure whether it's because my initial (ssh) login > > was nss_ldap based. > > Actually it must've been because of your ssh login was nss-ldap based. > You can verify this by restarting sshd after putting your account in > /etc/passwd to test. > > By the way, simply ignoring the SIGPIPE works well for me. Trivial patch > attached. > > Cheers, > Dean > > -- > Dean C. Strik Eindhoven University of Technology > dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ > "This isn't right. This isn't even wrong." -- Wolfgang Pauli > --- usr.sbin/cron/cron/cron.c Sun Jun 12 17:18:18 2005 > +++ usr.sbin/cron/cron/cron.c Sun Jun 12 17:18:36 2005 > @@ -80,6 +80,7 @@ > > parse_args(argc, argv); > > + (void) signal(SIGPIPE, SIG_IGN); > #ifdef USE_SIGCHLD > (void) signal(SIGCHLD, sigchld_handler); > #else That helped for me, thanks - is there any obvious downside to this ? -- 'Why pay the earth for expensive jigsaws? Just take a bag of frozen chips from the freezer and try piecing together potatoes.' -- B Reastford, Iranville, Notts. Rasputin :: Jack of All Trades - Master of Nuns Dick Davies wrote: > > + (void) signal(SIGPIPE, SIG_IGN); > That helped for me, thanks - is there any obvious downside to this ? No... crond won't ever see a legitimate SIGPIPE anyway. -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli Are there other things that are going to be affected by this "login via SSH using an LDAP account" issue. I can't quite work out how this could affect a system daemon which should surely be running with terminal detached anyway (and certainly looks like it from a quick ps -auxww). [I haven't yet spent much time examining the source to see why this occurs]. -- Thomas Sandford http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=130006 refers to what I suspect is the actual bug. -- Thomas Sandford * Thomas Sandford <freebsduser@paradisegreen.co.uk> [0608 13:08]: > Are there other things that are going to be affected by this "login via SSH > using an LDAP account" issue. I can't quite work out how this could affect > a system daemon which should surely be running with terminal detached > anyway (and certainly looks like it from a quick ps -auxww). [I haven't yet > spent much time examining the source to see why this occurs]. It's not just via ssh. *any* user on an nss-ldap box can crash crond by running crontab -e. I'm guessing cron looks up a uid in a non-nss aware way somehow and dies when it can't find them, but I don't really know enough of the system to explain further. -- 'Olympic athletes. Disguise the fact that you've taken anabolic steroids by running a bit slower.' -- B. Johnson, Canada Rasputin :: Jack of All Trades - Master of Nuns >* "Dick Davies" <rasputnik@hellooperator.net> > ... > > I'm guessing cron looks up a uid in a non-nss aware way somehow and dies > when it can't find > them, but I don't really know enough of the system to explain further. I've done some more digging. The real bug is in nss_ldap. The current FreeBSD port is of a 2 year old version and from comments in the changelog in the current version of nss_ldap this bug is known and fixed. [the bug has been found before - as I understand it, nss_ldap doesn't mask signals correctly, and if the connection to the server has closed a SIGPIPE error is generated. nss_ldap masks, but doesn't ignore this signal and so continues on, but when the signal is unmasked the cron (or whatever) process gets the signal. D'oh!]. Unfortunately the current nss_ldap version (239 vs 204 in FreeBSD ports) cannot be compiled by the ports harness "as-is" as there are changes to the patched files - there also appears to be a bug in the Makefile.in for this version. I'm seeing if I can come up with some revised patches for this port to get it to build. [Maintainer for ports/net/nss-ldap copied on this email/followup]. -- Thomas Sandford I can confirm that updating nss_ldap to the latest version (239) fixes the problem without the need for a patch to cron. I have raised a new PR ports/82841 requesting that ports/net/nss_ldap be updated (and including the necessary patches to the port). -- Thomas Sandford Thomas Sandford wrote: > I can confirm that updating nss_ldap to the latest version (239) fixes the > problem without the need for a patch to cron. > > I have raised a new PR ports/82841 requesting that ports/net/nss_ldap be > updated (and including the necessary patches to the port). Thanks for doing this - it's much better to fix the root of the problem - and of course having nss_ldap uptodate is good too. -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli * Thomas Sandford <freebsduser@paradisegreen.co.uk> [0652 22:52]: > I can confirm that updating nss_ldap to the latest version (239) fixes the > problem without the need for a patch to cron. > > I have raised a new PR ports/82841 requesting that ports/net/nss_ldap be > updated (and including the necessary patches to the port). Good work, thanks a lot! -- 'Oh. Your. God.' -- Bender Rasputin :: Jack of All Trades - Master of Nuns State Changed From-To: open->closed Fixed |
