New subject: [suse-security] severe useradd problem

21 Jul 2005

      Hi out there,

need help - urgent :-)

I have a curious problem addin a new user to my Suse 9.0 system which should absolutely NOT happen!!!
Perhaps other Systems may have the same Problems... good luck its the first in my farm showing it up.
Heres a description:

Doing it via useradd the system CPU and RAM bloats up.
cancelling with ctrl-c does not work.
killing via killal doesnt work too.

I checked the consistency with rpm -V shadow...seems ok.
I reinstalled the shadow-rpm from the dvd just to be sure its not manipulated.

I straced it, but it only shows me a readonly-access to /etc/passwd which looks like a loop:

open("/etc/passwd", O_RDONLY)           = 4
fcntl64(4, F_GETFD)                     = 0
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
_llseek(4, 0, [0], SEEK_CUR)            = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=25473, ...}) = 0
mmap2(NULL, 25473, PROT_READ, MAP_SHARED, 4, 0) = 0x40602000
_llseek(4, 25473, [25473], SEEK_SET)    = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=25473, ...}) = 0
munmap(0x40602000, 25473)               = 0
close(4)                                = 0
mremap(0x4037f000, 2633728, 2637824, MREMAP_MAYMOVE) = 0x4037f000
...
...

the top values are as follows:

24680 root      15   0 66888  65m 1028 R 99.0 26.2   1:03.69 /usr/sbin/useradd holge3

after a less then a minute later 

24680 root      17   0  102m 102m 1016 R 98.7 41.2   1:40.85 /usr/sbin/useradd holge3

Has anyone made the same Experience sometime?
I have to admit the /etc/passwd and /etc/shadow are very bloated.
But i backuped and emptied them just to see if the files are corrupt in some way --- no effect.

Has anyone a clue ?
Need more info...tell me, i dont know what more to offer here at first.

Greets,

Holger

severe useradd problem

iS-Fun Internet Services GmbH, Holger Diehm

Armin Schoech

iS-Fun Internet Services GmbH, Holger Diehm

iS-Fun Internet Services GmbH, Holger Diehm

Kai Schaetzl

tags

participants (3)