[Bug 1185699] Re: libnss-ldap crashes in libc-2.17.so when using sudo/sshd

Jens Langner Jens.Langner at light-speed.de
Mon Jun 3 09:08:57 UTC 2013 

Of course it is possible to reproduce this on a clean 13.04 system. I
did that in fact by installing a clean 13.04 system as a virtual machine
and then just installing the libnss-ldap package together with our
modified /etc/ldap.conf and /etc/nsswitch.conf. After doing so sudo
immediately crashes.

Regarding installing a local LDAP server, this is not possible in our
case. We are using a public LDAP server of our institute which contains
thousands of users and even more groups. In fact, I suspect the amount
of users and groups to be one reason for the crash, but haven't
verified/investigated that.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libnss-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/1185699

Title:
  libnss-ldap crashes in libc-2.17.so when using sudo/sshd

Status in “libnss-ldap” package in Ubuntu:
  Incomplete

Bug description:
  Since our upgrade to 13.04 (we had 12.10 previously) our
  administrators cannot use "sudo" anymore. When sudo is used and either
  the correct password or incorrect password is used sudo immediately
  crashes with the following crash report:

  -- cut here --
  sudo[23352]: segfault at 0 ip 00007f40ff4da5e4 sp 00007fffa07c3ec8 error 4 in libc-2.17.so[7f40ff443000+1be000]
  -- cut here --

  After some investigation we found that as soon as we disable nss-ldap
  support in /etc/nsswitch.conf by removing the "ldap" statements in the
  passwd,shadow and group rows sudo works as expected. Howeer, of course
  then the ldap users are gone. Besides that crash "getent passwd",
  "getent group" or any other name service query seems to work fine.
  Also disabling/stopping "nscd" doesn't seem to solve the problem.

  After some further investigation we even found out that not only sudo
  is affected, but also sshd crashes under certain circumstances as soon
  as nss-ldap support is enabled in /etc/nsswitch.conf. Then sshd also
  crashes with a similar crash in libc-2.17.so:

  -- cut here --
  sshd[11457]: segfault at 0 ip 00007f40cb0cc5e4 sp 00007fff7204d038 error 4 in libc-2.17.so[7f40cb035000+1be000]
  -- cut here --

  All the servers that still use Ubuntu 12.10 seems to work fine so far.
  Thus, the combination of nss-ldap and libc-2.17.so seem to crash our
  system.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/1185699/+subscriptions

More information about the foundations-bugs mailing list