I have spent the last couple of days wrestling with some major problems, and discovered that both are caused by the recent nss_ldap fix. I'm going to submit some bug reports on Bugzilla, but I just thought I would see if anyone else was suffering from the same thing.
Briefly (on SuSE 10.2):
(1) dhcpd will not start: it falls over immediately after forking. Can be worked round by starting in debug mode.
(2) If a terminal session starts when nscd is not running then no processes can be run at all, e.g. typing 'date' produces no output and simply returns a new shell prompt
More information to follow on bugzilla
Bob Vickers --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Thu, Feb 07, 2008 at 03:39:29 +0000, Bob Vickers wrote:
I have spent the last couple of days wrestling with some major problems, and discovered that both are caused by the recent nss_ldap fix. I'm going to submit some bug reports on Bugzilla, but I just thought I would see if anyone else was suffering from the same thing.
Briefly (on SuSE 10.2):
(1) dhcpd will not start: it falls over immediately after forking. Can be worked round by starting in debug mode.
dhcpd probably runs in a chroot jail in /var/lib/dhcp. The init script /etc/init.d/dhcpd tries to keep the chroot jail up to date, but maybe the security fix introduces something which broke this.
If that's the reason, you should be able to work around by disabling chroot'ing in /etc/sysconfig/dhcpd.
(2) If a terminal session starts when nscd is not running then no processes can be run at all, e.g. typing 'date' produces no output and simply returns a new shell prompt
Ouch.
More information to follow on bugzilla
Bob Vickers
Peter
On Thu, 7 Feb 2008, Bob Vickers wrote:
I have spent the last couple of days wrestling with some major problems, and discovered that both are caused by the recent nss_ldap fix. I'm going to submit some bug reports on Bugzilla, but I just thought I would see if anyone else was suffering from the same thing.
Briefly (on SuSE 10.2):
(1) dhcpd will not start: it falls over immediately after forking. Can be worked round by starting in debug mode.
(2) If a terminal session starts when nscd is not running then no processes can be run at all, e.g. typing 'date' produces no output and simply returns a new shell prompt
I have submitted two bug reports: https://bugzilla.novell.com/show_bug.cgi?id=359612 https://bugzilla.novell.com/show_bug.cgi?id=359616
One other person reported a bad experience with the new nss_ldap, but the general lack of reaction suggests that there is something fairly specific about the LDAP setup here which is triggering the bug. For the moment I have solved the problem by reverting to the older version, but obviously I am not keen on reintroducing a security bug.
Regards, Bob
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Fri, Feb 08, 2008 at 10:15:16AM +0000, Bob Vickers wrote:
On Thu, 7 Feb 2008, Bob Vickers wrote:
I have spent the last couple of days wrestling with some major problems, and discovered that both are caused by the recent nss_ldap fix. I'm going to submit some bug reports on Bugzilla, but I just thought I would see if anyone else was suffering from the same thing.
Briefly (on SuSE 10.2):
(1) dhcpd will not start: it falls over immediately after forking. Can be worked round by starting in debug mode.
(2) If a terminal session starts when nscd is not running then no processes can be run at all, e.g. typing 'date' produces no output and simply returns a new shell prompt
I have submitted two bug reports: https://bugzilla.novell.com/show_bug.cgi?id=359612 https://bugzilla.novell.com/show_bug.cgi?id=359616
One other person reported a bad experience with the new nss_ldap, but the general lack of reaction suggests that there is something fairly specific about the LDAP setup here which is triggering the bug. For the moment I have solved the problem by reverting to the older version, but obviously I am not keen on reintroducing a security bug.
Our maintainer will review and get back to us, and we will release a fixed version once we find out what is broken :)
Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-
Bob Vickers -
Dr. Peter Poeml -
Marcus Meissner