← Back to team overview

touch-packages team mailing list archive

[Bug 1414507] [NEW] rsyslog hangs if setuid during logging process causes further logging

 

Public bug reported:

I have a server which uses slapd and libnss_ldap based authentication through nsswitch.conf as per the manuals. After upgrading to 14.04 we lost our logging altogether; syslog was un-installed. After first installing syslog-ng I switched to using rsyslogd. The server hung consistently on boot. After several days of debugging, I have finally identified how and where the problem manifests.
When any process starts logging, rsyslog setgids and setuids as specified in rsyslog.conf. The setgid generally works OK (it is already running that group id) the setuid calls nss which then attempts to contact LDAP. LDAP is not yet running and cannot at that point in the startup. nss then tries to log a warning re-entering back into rsyslog. This locks up rsyslog, the calling process and any subsequent calling processes. boom.

In the attached apport I have simulated what happens using the logger
command with rsyslog running but slapd stopped.

** Affects: rsyslog (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: boot hangs ldap nss rsyslog

** Attachment added: "Apport file for hung rsyslog"
   https://bugs.launchpad.net/bugs/1414507/+attachment/4305475/+files/apport.rsyslog.h4r_i2es.apport

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1414507

Title:
  rsyslog hangs if setuid during logging process causes further logging

Status in rsyslog package in Ubuntu:
  New

Bug description:
  I have a server which uses slapd and libnss_ldap based authentication through nsswitch.conf as per the manuals. After upgrading to 14.04 we lost our logging altogether; syslog was un-installed. After first installing syslog-ng I switched to using rsyslogd. The server hung consistently on boot. After several days of debugging, I have finally identified how and where the problem manifests.
  When any process starts logging, rsyslog setgids and setuids as specified in rsyslog.conf. The setgid generally works OK (it is already running that group id) the setuid calls nss which then attempts to contact LDAP. LDAP is not yet running and cannot at that point in the startup. nss then tries to log a warning re-entering back into rsyslog. This locks up rsyslog, the calling process and any subsequent calling processes. boom.

  In the attached apport I have simulated what happens using the logger
  command with rsyslog running but slapd stopped.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1414507/+subscriptions


Follow ups

References