Bug#755218: libpam-smbpass: leaks file descriptors, eventually makes services unusable

Fri, 18 Jul 2014 14:21:40 -0700 

This ticket is filed upstream:
https://bugzilla.samba.org/show_bug.cgi?id=10669

The preferred solution from the Samba developers seems to be to use
libpam-winbind instead, though that doesn't necessarily work for all cases.


On Fri, Jul 18, 2014 at 2:58 PM, Matthew Gabeler-Lee <[email protected]>
wrote:

> Package: libpam-smbpass
> Version: 2:4.1.9+dfsg-1
> Severity: important
>
> It appears that libpam-smbpass, at least when used in some services, leaks
> file descriptors.  This eventually causes the service in question to become
> non-functional when the open FD limit is exceeded.
>
> In my case, the service is openvpn.
>
> I see many many copies of this set of file descriptors:
>
> lr-x------ 1 root root 64 Jul 18 06:39 979 -> /dev/urandom
> lrwx------ 1 root root 64 Jul 18 06:39 98 ->
> /var/lib/samba/private/passdb.tdb
> lrwx------ 1 root root 64 Jul 18 06:39 980 ->
> /var/lib/samba/private/passdb.tdb
> lrwx------ 1 root root 64 Jul 18 06:39 981 ->
> /var/lib/samba/account_policy.tdb
> lrwx------ 1 root root 64 Jul 18 06:39 982 -> /var/cache/samba/gencache.tdb
> lrwx------ 1 root root 64 Jul 18 06:39 983 ->
> /run/samba/gencache_notrans.tdb
> lrwx------ 1 root root 64 Jul 18 06:39 984 ->
> /var/lib/samba/group_mapping.tdb
> lrwx------ 1 root root 64 Jul 18 06:39 985 ->
> /var/lib/samba/private/secrets.tdb
>
> Once the FD limit is reached, nobody can connect to the VPN until it is
> restarted.
>
> -- System Information:
> Debian Release: jessie/sid
>   APT prefers testing
>   APT policy: (990, 'testing'), (500, 'unstable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 3.14-1-amd64 (SMP w/12 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages libpam-smbpass depends on:
> ii  dpkg            1.17.10
> ii  libbsd0         0.6.0-2
> ii  libc6           2.19-5
> ii  libpam-runtime  1.1.8-3
> ii  libpam0g        1.1.8-3
> ii  libtalloc2      2.1.1-1
> ii  libwbclient0    2:4.1.9+dfsg-1
> ii  samba-common    2:4.1.9+dfsg-1
> ii  samba-libs      2:4.1.9+dfsg-1
>
> libpam-smbpass recommends no packages.
>
> Versions of packages libpam-smbpass suggests:
> ii  samba  2:4.1.9+dfsg-1
>
> -- no debconf information
>
>

Reply via email to