[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
id
From: |
Jukka Hienola |
Subject: |
id |
Date: |
Tue, 13 Mar 2007 09:12:31 +0200 |
User-agent: |
Thunderbird 1.5.0.9 (X11/20070212) |
Hi!
I encountered a strange behaviour with id using nss_ldap/pam_ldap.
I'm using OpenLDAP 2.2.13-6.4E on CentOS 4.4. Final Linux with
nss_ldap-226-17. Kernel is 2.6.9-42.0.10.ELsmp on Intel Dual Xeon, 64-bit.
I have in POSIX group 666 about 150 users listed with memberUid
attribute. When I tried to get user data with id, I encountered the
following behaviour:
address@hidden ~]$ sudo id username
id: ../../../libraries/liblber/io.c:171: ber_free_buf: Assertion
`((ber)->ber_opts.lbo_valid==0x2)' failed.
uid=1111(username) gid=513(Domain Users) groups=513(Domain Users),666
address@hidden ~]$ sudo id username
address@hidden ~]$ sudo id username
id: ../../../libraries/liblber/io.c:171: ber_free_buf: Assertion
`((ber)->ber_opts.lbo_valid==0x2)' failed.
uid=1111(username) gid=513(Domain Users) groups=513(Domain
Users),666
address@hidden ~]$ sudo id username
id: ../../../libraries/liblber/io.c:171: ber_free_buf: Assertion
`((ber)->ber_opts.lbo_valid==0x2)' failed.
uid=1111(username) gid=513(Domain Users) groups=513(Domain Users),666
address@hidden ~]$ sudo id username
*** glibc detected *** double free or corruption (out):
0x0000000000584360 ***
uid=1111(username) gid=513(Domain Users) groups=513(Domain
Users),512(Domain Admins),544(Administrators),550(Print
Operators),551(Backup Operators),552(Replicators),666(Some
Groups),600(Some Other Gr
etc. etc.
Only way I got id to behave as eexpected was to remove some (arbitrary)
accounts from group 666 and thus reduce the number of memberUid values
(e.g. usernames in my case). After that id behaved well.
So, I wonder if this could be result of somekind of buffer overflow bug
in id or in C-library etc.
This behaviour occurs only on my master LDAP-server (information of the
system in the beginning of this email). On my LDAP-slaves (currently
RHEL3 and FC5) id works well.
Jukka
--
IT Services Manager, Department of Physical Sciences,
University of Helsinki, hienola at physics helsinki fi,
tel. +358 (0)9 191 50713, fax. +358 (0)9 191 50610
--
Chuck Norris counted to infinity - twice.
- id,
Jukka Hienola <=
- Re: id, Paul Eggert, 2007/03/13