Site Navigation

Date:      Thu, 14 Jun 2007 17:41:37 -0300
From:      "Alexandre Biancalana" <biancalana@gmail.com>
To:        stable@freebsd.org
Subject:   Re: Unix domain socket leak in 6-STABLE
Message-ID:  <8e10486b0706141341v4f5ba02clb4aa7e1c62a32896@mail.gmail.com>
In-Reply-To: <B18EC92C7A6764D89FDB62CB@ganymede.hub.org>
References:  <7EEECFAE63E9B976653B3254@ganymede.hub.org> <20070613181555.GA1506@roadrunner.q.local> <F86F14EA8BA4173EAAE81CFC@ganymede.hub.org> <8e10486b0706141003k1ac4cc56tf585363c11896a8@mail.gmail.com> <B18EC92C7A6764D89FDB62CB@ganymede.hub.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

On 6/14/07, Marc G. Fournier <freebsd@hub.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> - --On Thursday, June 14, 2007 14:03:27 -0300 Alexandre Biancalana
> <biancalana@gmail.com> wrote:
>
> > On 6/14/07, Marc G. Fournier <freebsd@hub.org> wrote:
> >
> >> I don't know ... it was caused by an application, but nothing was freed
> up
> >> after the application was stop'd ...
> >
> >
> > In my case the sockets are closed only if I stop the samba processes.
> When I
> > just changed the connection mode from Unix Socket to TCP on
> nss_ldap.conf,
> > the connections remain opened. I think this could be a problem with
> nss_ldap
> > (in the way of the connections are handled ?) because samba is accessing
> > OpenLDAP directly via TCP, the access via Unix Sockets is only done by
> Samba
> > throughnss_ldap.
> >
> > I trying to simulate this error on another machine. I will write some
> > scripts/program that connect to OpenLDAP socket directly and via
> nss_ldap
> > and post the results.
> >
> > Any more hints ?
>
> Hrmm .. how about nss in general?  the one VPS that I killed off was using
> nss-mysql for passwd/group and shadow ... its definitely not something
> that is
> normally done here, and about the only thing I can think of that is
> 'unusual'
> about that specific VPS, in my case ...


Huuuummmm maybe... I don't know nss-mysql (I didn't ever know about your
existence..... hahaha) What's the connection method used to access MySQL
database ? You can read the rest of my message and try a similar test......

How I said......... here is the test:

I write the following perl script:

 #!/usr/bin/perl

$counter = 0;
@users = ('user1', 'user2', 'user3');

while ( $counter <= 4 ) {


  my $idx = int(rand($#users));
  my @data = getpwnam($users[$idx]);

  print join(' ', @data) . "\n";

  $counter++;
}

sleep(50);


After run the script I have:

AleStation:/usr/home/ale $ sockstat -uc
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN
ADDRESS
root     xterm      1528  3  stream -> /tmp/.X11-unix/X0
root     xterm      1464  3  stream -> /tmp/.X11-unix/X0
ale      nedit      1436  3  stream -> /tmp/.X11-unix/X0
ale      xmms       1404  3  stream -> /tmp/.X11-unix/X0
ale      gconfd-2   1331  4  dgram  -> ??
ale      gconfd-2   1331  12 stream
/var/tmp/orbit-ale/linc-533-0-37a529d2e9123
ale      gconfd-2   1331  14 stream ->
/var/tmp/orbit-ale/linc-52b-0-249abddc2887e
ale      dbus-daemo 1329  4  stream -> /var/run/openldap/ldapi
ale      dbus-daemo 1329  5  stream -> ??
ale      dbus-daemo 1329  7  stream -> ??
ale      dbus-daemo 1329  8  stream /var/tmp/dbus-luPSSzilmv
ale      dbus-daemo 1329  10 stream -> /var/run/openldap/ldapi
ale      dbus-launc 1328  3  stream -> /tmp/.X11-unix/X0
ale      pidgin     1324  3  stream -> /tmp/.X11-unix/X0
ale      pidgin     1324  5  stream -> /var/tmp/dbus-luPSSzilmv
ale      firefox-bi 1323  3  stream -> /tmp/.X11-unix/X0
ale      firefox-bi 1323  11 stream ->
/var/tmp/orbit-ale/linc-533-0-37a529d2e9123
ale      firefox-bi 1323  19 stream
/var/tmp/orbit-ale/linc-52b-0-249abddc2887e
ale      gkrellm    1309  5  stream -> /tmp/.X11-unix/X0
ale      wmaker     1306  3  stream -> /tmp/.X11-unix/X0
root     Xorg       1301  10 stream /tmp/.X11-unix/X0
root     Xorg       1301  11 stream /tmp/.X11-unix/X0
root     Xorg       1301  12 stream /tmp/.X11-unix/X0
root     Xorg       1301  13 stream /tmp/.X11-unix/X0
root     Xorg       1301  14 stream /tmp/.X11-unix/X0
root     Xorg       1301  15 stream /tmp/.X11-unix/X0
root     Xorg       1301  16 stream /tmp/.X11-unix/X0
root     Xorg       1301  17 stream /tmp/.X11-unix/X0
root     Xorg       1301  18 stream /tmp/.X11-unix/X0
root     Xorg       1301  19 stream /tmp/.X11-unix/X0
ale      xinit      1300  3  stream -> /tmp/.X11-unix/X0
root     login      1295  3  dgram  -> ??
root     login      1295  5  stream -> /var/run/openldap/ldapi
root     natd       1294  4  dgram  -> ??
_dhcp    dhclient   1219  3  dgram  -> ??
root     dhclient   1195  3  dgram  -> ??
root     smbd       1044  4  dgram  -> ??
root     smbd       1044  18 stream ->
/var/db/samba/winbindd_privileged/pipe
root     smbd       1044  22 stream -> /var/run/openldap/ldapi
root     winbindd   954   3  dgram  -> ??
root     winbindd   954   15 stream -> ??
root     winbindd   954   17 stream -> ??
root     winbindd   954   19 stream /var/db/samba/winbindd_privileged/pipe
root     winbindd   954   20 stream -> ??
root     winbindd   953   3  dgram  -> ??
root     winbindd   953   15 stream -> ??
root     winbindd   953   17 stream -> ??
root     winbindd   953   19 stream /var/db/samba/winbindd_privileged/pipe
root     winbindd   951   3  dgram  -> ??
root     winbindd   951   14 stream -> ??
root     winbindd   925   3  dgram  -> ??
root     winbindd   925   15 stream -> ??
root     winbindd   925   19 stream /var/db/samba/winbindd_privileged/pipe
root     winbindd   925   20 stream -> ??
root     winbindd   925   21 stream -> ??
root     smbd       921   4  dgram  -> ??
root     smbd       921   18 stream ->
/var/db/samba/winbindd_privileged/pipe
root     smbd       921   22 stream -> /var/run/openldap/ldapi
root     nmbd       917   4  dgram  -> ??
ldap     slapd      898   3  dgram  -> ??
ldap     slapd      898   19 stream /var/run/openldap/ldapi
ldap     slapd      898   21 stream /var/run/openldap/ldapi
ldap     slapd      898   22 stream /var/run/openldap/ldapi
ldap     slapd      898   23 stream /var/run/openldap/ldapi

AleStation:/usr/home/ale $ sockstat -uc |wc -l
      65


Running the above script, after the end of the while loop I have:

AleStation:/usr/home/ale $ sockstat -uc
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN
ADDRESS
ale      perl5.8.8  1639  3  stream -> /var/run/openldap/ldapi
ale      perl5.8.8  1639  4  stream -> /var/run/openldap/ldapi
ale      perl5.8.8  1639  6  stream -> /var/run/openldap/ldapi
ale      perl5.8.8  1639  7  stream -> /var/run/openldap/ldapi
ale      perl5.8.8  1639  8  stream -> /var/run/openldap/ldapi
root     xterm      1528  3  stream -> /tmp/.X11-unix/X0
root     xterm      1464  3  stream -> /tmp/.X11-unix/X0
ale      nedit      1436  3  stream -> /tmp/.X11-unix/X0
ale      xmms       1404  3  stream -> /tmp/.X11-unix/X0
ale      gconfd-2   1331  4  dgram  -> ??
ale      gconfd-2   1331  12 stream
/var/tmp/orbit-ale/linc-533-0-37a529d2e9123
ale      gconfd-2   1331  14 stream ->
/var/tmp/orbit-ale/linc-52b-0-249abddc2887e
ale      dbus-daemo 1329  4  stream -> /var/run/openldap/ldapi
ale      dbus-daemo 1329  5  stream -> ??
ale      dbus-daemo 1329  7  stream -> ??
ale      dbus-daemo 1329  8  stream /var/tmp/dbus-luPSSzilmv
ale      dbus-daemo 1329  10 stream -> /var/run/openldap/ldapi
ale      dbus-launc 1328  3  stream -> /tmp/.X11-unix/X0
ale      pidgin     1324  3  stream -> /tmp/.X11-unix/X0
ale      pidgin     1324  5  stream -> /var/tmp/dbus-luPSSzilmv
ale      firefox-bi 1323  3  stream -> /tmp/.X11-unix/X0
ale      firefox-bi 1323  11 stream ->
/var/tmp/orbit-ale/linc-533-0-37a529d2e9123
ale      firefox-bi 1323  19 stream
/var/tmp/orbit-ale/linc-52b-0-249abddc2887e
ale      gkrellm    1309  5  stream -> /tmp/.X11-unix/X0
ale      wmaker     1306  3  stream -> /tmp/.X11-unix/X0
root     Xorg       1301  10 stream /tmp/.X11-unix/X0
root     Xorg       1301  11 stream /tmp/.X11-unix/X0
root     Xorg       1301  12 stream /tmp/.X11-unix/X0
root     Xorg       1301  13 stream /tmp/.X11-unix/X0
root     Xorg       1301  14 stream /tmp/.X11-unix/X0
root     Xorg       1301  15 stream /tmp/.X11-unix/X0
root     Xorg       1301  16 stream /tmp/.X11-unix/X0
root     Xorg       1301  17 stream /tmp/.X11-unix/X0
root     Xorg       1301  18 stream /tmp/.X11-unix/X0
root     Xorg       1301  19 stream /tmp/.X11-unix/X0
ale      xinit      1300  3  stream -> /tmp/.X11-unix/X0
root     login      1295  3  dgram  -> ??
root     login      1295  5  stream -> /var/run/openldap/ldapi
root     natd       1294  4  dgram  -> ??
_dhcp    dhclient   1219  3  dgram  -> ??
root     dhclient   1195  3  dgram  -> ??
root     smbd       1044  4  dgram  -> ??
root     smbd       1044  18 stream ->
/var/db/samba/winbindd_privileged/pipe
root     smbd       1044  22 stream -> /var/run/openldap/ldapi
root     winbindd   954   3  dgram  -> ??
root     winbindd   954   15 stream -> ??
root     winbindd   954   17 stream -> ??
root     winbindd   954   19 stream /var/db/samba/winbindd_privileged/pipe
root     winbindd   954   20 stream -> ??
root     winbindd   953   3  dgram  -> ??
root     winbindd   953   15 stream -> ??
root     winbindd   953   17 stream -> ??
root     winbindd   953   19 stream /var/db/samba/winbindd_privileged/pipe
root     winbindd   951   3  dgram  -> ??
root     winbindd   951   14 stream -> ??
root     winbindd   925   3  dgram  -> ??
root     winbindd   925   15 stream -> ??
root     winbindd   925   19 stream /var/db/samba/winbindd_privileged/pipe
root     winbindd   925   20 stream -> ??
root     winbindd   925   21 stream -> ??
root     smbd       921   4  dgram  -> ??
root     smbd       921   18 stream ->
/var/db/samba/winbindd_privileged/pipe
root     smbd       921   22 stream -> /var/run/openldap/ldapi
root     nmbd       917   4  dgram  -> ??
ldap     slapd      898   3  dgram  -> ??
ldap     slapd      898   19 stream /var/run/openldap/ldapi
ldap     slapd      898   21 stream /var/run/openldap/ldapi
ldap     slapd      898   22 stream /var/run/openldap/ldapi
ldap     slapd      898   23 stream /var/run/openldap/ldapi
ldap     slapd      898   24 stream /var/run/openldap/ldapi
ldap     slapd      898   25 stream /var/run/openldap/ldapi
ldap     slapd      898   26 stream /var/run/openldap/ldapi
ldap     slapd      898   27 stream /var/run/openldap/ldapi
ldap     slapd      898   28 stream /var/run/openldap/ldapi
AleStation:/usr/home/ale $ sockstat -uc |wc -l
      75

This is the diff between the two outputs:

 USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN
ADDRESS
+ale      perl5.8.8  1639  3  stream -> /var/run/openldap/ldapi
+ale      perl5.8.8  1639  4  stream -> /var/run/openldap/ldapi
+ale      perl5.8.8  1639  6  stream -> /var/run/openldap/ldapi
+ale      perl5.8.8  1639  7  stream -> /var/run/openldap/ldapi
+ale      perl5.8.8  1639  8  stream -> /var/run/openldap/ldapi
 root     xterm      1528  3  stream -> /tmp/.X11-unix/X0
 root     xterm      1464  3  stream -> /tmp/.X11-unix/X0
 ale      nedit      1436  3  stream -> /tmp/.X11-unix/X0
@@ -64,3 +69,10 @@
 ldap     slapd      898   21 stream /var/run/openldap/ldapi
 ldap     slapd      898   22 stream /var/run/openldap/ldapi
 ldap     slapd      898   23 stream /var/run/openldap/ldapi
+ldap     slapd      898   24 stream /var/run/openldap/ldapi
+ldap     slapd      898   25 stream /var/run/openldap/ldapi
+ldap     slapd      898   26 stream /var/run/openldap/ldapi
+ldap     slapd      898   27 stream /var/run/openldap/ldapi
+ldap     slapd      898   28 stream /var/run/openldap/ldapi


At each call of getpwnam I have 2 new sockets opened and not closed. At the
end of the script all the sockets are close and the number return to the 65
before start the script.

The problem is when the program does no end like a daemon.

I think that this is a problem of nss_ldap when configured to access
OpenLDAP via Unix Domain Socket. I repeated this same test changing the
connection to TCP Socket at nss_ldap.conf and only 2 sockets are opened
during all execution time of the script.

Any comments ??

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8e10486b0706141341v4f5ba02clb4aa7e1c62a32896>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact