Public bug reported:
I have apache configured to perform a kerberized NFS4 mount using rpc.gssd and
gssproxy.
If I request a web page that requires NFS4 access, then gssproxy
crashes, reporting a segfault in libselinux.so.1 and the web request
generates a 403 error.
gssproxy[6267]: segfault at 0 ip 00007f2f5bb1951a sp 00007ffe861da150
error 4 in libselinux.so.1[7f2f5bb0d000+25000]
If I run gssproxy at debug level = 3, and then load a web page, I can
see the uid/principal request for www-data come in from rpc.gssd:
# gssproxy -d --debug-level=3 -i -C /etc/gssproxy
[2018/08/22 17:51:40]: Debug Enabled (level: 3)
[2018/08/22 17:52:06]: Client [2018/08/22 17:52:06]: (/usr/sbin/rpc.gssd)
[2018/08/22 17:52:06]: connected (fd = 10)[2018/08/22 17:52:06]: (pid = 4548)
(uid = 33) (gid = 33)Segmentation fault (core dumped)
Since gssproxy is required to initiate kerberos principals for any local
application services - Ubuntu 18.04 does not currently support running
application services with NFS4 kerberos dependencies. This has a fairly
significant impact on anyone attempting to implement kerberos on Ubuntu
18.04
Ubuntu 18.04.1 LTS
gssproxy 0.8.0-1
libselinux1:amd64 2.7-2build2
libgssrpc4:amd64 1.16-2build1
** Affects: gssproxy (Ubuntu)
Importance: Undecided
Status: New
** Tags: kerberos nfs4 security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1788459
Title:
gssproxy in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gssproxy/+bug/1788459/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
