From owner-freebsd-stable@FreeBSD.ORG Thu Jun 14 20:41:39 2007 Return-Path: X-Original-To: stable@freebsd.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DAD4D16A469 for ; Thu, 14 Jun 2007 20:41:38 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.235]) by mx1.freebsd.org (Postfix) with ESMTP id 5003713C457 for ; Thu, 14 Jun 2007 20:41:38 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: by wx-out-0506.google.com with SMTP id h28so578328wxd for ; Thu, 14 Jun 2007 13:41:37 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=Rdn3eT0nGdd5ll5aYEVaRE0K3FXcAYSGQvyVIuBwf5RJX2JAhah4ooPkcPWjzmDClDm2ZmwVWdok8oUIw9zdcBiRpwBJ/dR2Py3i4ePMD7i2UyIsOiJtW0ZD4VvLGqEuphd7mf0U+EsNoJIsdBFqu9MuzeKCV1piszvj7mE1XcM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=auepCBxiLwTQiARat/6MVYXsYUeVAm9JzGx+NbYu2mkkdAIptN7VUOhcd/FY5WY2reVwdd4stJgpUFKVd/j5RTcjA78UD91iR16szegihYeGbFtKOfp8F/ra46FIwmGjvi6f4PBnzw5w9V2Q434rF/0gtt3hRFnToqetVkxM54U= Received: by 10.70.132.2 with SMTP id f2mr3545499wxd.1181853697389; Thu, 14 Jun 2007 13:41:37 -0700 (PDT) Received: by 10.70.63.4 with HTTP; Thu, 14 Jun 2007 13:41:37 -0700 (PDT) Message-ID: <8e10486b0706141341v4f5ba02clb4aa7e1c62a32896@mail.gmail.com> Date: Thu, 14 Jun 2007 17:41:37 -0300 From: "Alexandre Biancalana" To: stable@freebsd.org In-Reply-To: MIME-Version: 1.0 References: <7EEECFAE63E9B976653B3254@ganymede.hub.org> <20070613181555.GA1506@roadrunner.q.local> <8e10486b0706141003k1ac4cc56tf585363c11896a8@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: Unix domain socket leak in 6-STABLE X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jun 2007 20:41:39 -0000 On 6/14/07, Marc G. Fournier wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > - --On Thursday, June 14, 2007 14:03:27 -0300 Alexandre Biancalana > wrote: > > > On 6/14/07, Marc G. Fournier wrote: > > > >> I don't know ... it was caused by an application, but nothing was freed > up > >> after the application was stop'd ... > > > > > > In my case the sockets are closed only if I stop the samba processes. > When I > > just changed the connection mode from Unix Socket to TCP on > nss_ldap.conf, > > the connections remain opened. I think this could be a problem with > nss_ldap > > (in the way of the connections are handled ?) because samba is accessing > > OpenLDAP directly via TCP, the access via Unix Sockets is only done by > Samba > > throughnss_ldap. > > > > I trying to simulate this error on another machine. I will write some > > scripts/program that connect to OpenLDAP socket directly and via > nss_ldap > > and post the results. > > > > Any more hints ? > > Hrmm .. how about nss in general? the one VPS that I killed off was using > nss-mysql for passwd/group and shadow ... its definitely not something > that is > normally done here, and about the only thing I can think of that is > 'unusual' > about that specific VPS, in my case ... Huuuummmm maybe... I don't know nss-mysql (I didn't ever know about your existence..... hahaha) What's the connection method used to access MySQL database ? You can read the rest of my message and try a similar test...... How I said......... here is the test: I write the following perl script: #!/usr/bin/perl $counter = 0; @users = ('user1', 'user2', 'user3'); while ( $counter <= 4 ) { my $idx = int(rand($#users)); my @data = getpwnam($users[$idx]); print join(' ', @data) . "\n"; $counter++; } sleep(50); After run the script I have: AleStation:/usr/home/ale $ sockstat -uc USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root xterm 1528 3 stream -> /tmp/.X11-unix/X0 root xterm 1464 3 stream -> /tmp/.X11-unix/X0 ale nedit 1436 3 stream -> /tmp/.X11-unix/X0 ale xmms 1404 3 stream -> /tmp/.X11-unix/X0 ale gconfd-2 1331 4 dgram -> ?? ale gconfd-2 1331 12 stream /var/tmp/orbit-ale/linc-533-0-37a529d2e9123 ale gconfd-2 1331 14 stream -> /var/tmp/orbit-ale/linc-52b-0-249abddc2887e ale dbus-daemo 1329 4 stream -> /var/run/openldap/ldapi ale dbus-daemo 1329 5 stream -> ?? ale dbus-daemo 1329 7 stream -> ?? ale dbus-daemo 1329 8 stream /var/tmp/dbus-luPSSzilmv ale dbus-daemo 1329 10 stream -> /var/run/openldap/ldapi ale dbus-launc 1328 3 stream -> /tmp/.X11-unix/X0 ale pidgin 1324 3 stream -> /tmp/.X11-unix/X0 ale pidgin 1324 5 stream -> /var/tmp/dbus-luPSSzilmv ale firefox-bi 1323 3 stream -> /tmp/.X11-unix/X0 ale firefox-bi 1323 11 stream -> /var/tmp/orbit-ale/linc-533-0-37a529d2e9123 ale firefox-bi 1323 19 stream /var/tmp/orbit-ale/linc-52b-0-249abddc2887e ale gkrellm 1309 5 stream -> /tmp/.X11-unix/X0 ale wmaker 1306 3 stream -> /tmp/.X11-unix/X0 root Xorg 1301 10 stream /tmp/.X11-unix/X0 root Xorg 1301 11 stream /tmp/.X11-unix/X0 root Xorg 1301 12 stream /tmp/.X11-unix/X0 root Xorg 1301 13 stream /tmp/.X11-unix/X0 root Xorg 1301 14 stream /tmp/.X11-unix/X0 root Xorg 1301 15 stream /tmp/.X11-unix/X0 root Xorg 1301 16 stream /tmp/.X11-unix/X0 root Xorg 1301 17 stream /tmp/.X11-unix/X0 root Xorg 1301 18 stream /tmp/.X11-unix/X0 root Xorg 1301 19 stream /tmp/.X11-unix/X0 ale xinit 1300 3 stream -> /tmp/.X11-unix/X0 root login 1295 3 dgram -> ?? root login 1295 5 stream -> /var/run/openldap/ldapi root natd 1294 4 dgram -> ?? _dhcp dhclient 1219 3 dgram -> ?? root dhclient 1195 3 dgram -> ?? root smbd 1044 4 dgram -> ?? root smbd 1044 18 stream -> /var/db/samba/winbindd_privileged/pipe root smbd 1044 22 stream -> /var/run/openldap/ldapi root winbindd 954 3 dgram -> ?? root winbindd 954 15 stream -> ?? root winbindd 954 17 stream -> ?? root winbindd 954 19 stream /var/db/samba/winbindd_privileged/pipe root winbindd 954 20 stream -> ?? root winbindd 953 3 dgram -> ?? root winbindd 953 15 stream -> ?? root winbindd 953 17 stream -> ?? root winbindd 953 19 stream /var/db/samba/winbindd_privileged/pipe root winbindd 951 3 dgram -> ?? root winbindd 951 14 stream -> ?? root winbindd 925 3 dgram -> ?? root winbindd 925 15 stream -> ?? root winbindd 925 19 stream /var/db/samba/winbindd_privileged/pipe root winbindd 925 20 stream -> ?? root winbindd 925 21 stream -> ?? root smbd 921 4 dgram -> ?? root smbd 921 18 stream -> /var/db/samba/winbindd_privileged/pipe root smbd 921 22 stream -> /var/run/openldap/ldapi root nmbd 917 4 dgram -> ?? ldap slapd 898 3 dgram -> ?? ldap slapd 898 19 stream /var/run/openldap/ldapi ldap slapd 898 21 stream /var/run/openldap/ldapi ldap slapd 898 22 stream /var/run/openldap/ldapi ldap slapd 898 23 stream /var/run/openldap/ldapi AleStation:/usr/home/ale $ sockstat -uc |wc -l 65 Running the above script, after the end of the while loop I have: AleStation:/usr/home/ale $ sockstat -uc USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS ale perl5.8.8 1639 3 stream -> /var/run/openldap/ldapi ale perl5.8.8 1639 4 stream -> /var/run/openldap/ldapi ale perl5.8.8 1639 6 stream -> /var/run/openldap/ldapi ale perl5.8.8 1639 7 stream -> /var/run/openldap/ldapi ale perl5.8.8 1639 8 stream -> /var/run/openldap/ldapi root xterm 1528 3 stream -> /tmp/.X11-unix/X0 root xterm 1464 3 stream -> /tmp/.X11-unix/X0 ale nedit 1436 3 stream -> /tmp/.X11-unix/X0 ale xmms 1404 3 stream -> /tmp/.X11-unix/X0 ale gconfd-2 1331 4 dgram -> ?? ale gconfd-2 1331 12 stream /var/tmp/orbit-ale/linc-533-0-37a529d2e9123 ale gconfd-2 1331 14 stream -> /var/tmp/orbit-ale/linc-52b-0-249abddc2887e ale dbus-daemo 1329 4 stream -> /var/run/openldap/ldapi ale dbus-daemo 1329 5 stream -> ?? ale dbus-daemo 1329 7 stream -> ?? ale dbus-daemo 1329 8 stream /var/tmp/dbus-luPSSzilmv ale dbus-daemo 1329 10 stream -> /var/run/openldap/ldapi ale dbus-launc 1328 3 stream -> /tmp/.X11-unix/X0 ale pidgin 1324 3 stream -> /tmp/.X11-unix/X0 ale pidgin 1324 5 stream -> /var/tmp/dbus-luPSSzilmv ale firefox-bi 1323 3 stream -> /tmp/.X11-unix/X0 ale firefox-bi 1323 11 stream -> /var/tmp/orbit-ale/linc-533-0-37a529d2e9123 ale firefox-bi 1323 19 stream /var/tmp/orbit-ale/linc-52b-0-249abddc2887e ale gkrellm 1309 5 stream -> /tmp/.X11-unix/X0 ale wmaker 1306 3 stream -> /tmp/.X11-unix/X0 root Xorg 1301 10 stream /tmp/.X11-unix/X0 root Xorg 1301 11 stream /tmp/.X11-unix/X0 root Xorg 1301 12 stream /tmp/.X11-unix/X0 root Xorg 1301 13 stream /tmp/.X11-unix/X0 root Xorg 1301 14 stream /tmp/.X11-unix/X0 root Xorg 1301 15 stream /tmp/.X11-unix/X0 root Xorg 1301 16 stream /tmp/.X11-unix/X0 root Xorg 1301 17 stream /tmp/.X11-unix/X0 root Xorg 1301 18 stream /tmp/.X11-unix/X0 root Xorg 1301 19 stream /tmp/.X11-unix/X0 ale xinit 1300 3 stream -> /tmp/.X11-unix/X0 root login 1295 3 dgram -> ?? root login 1295 5 stream -> /var/run/openldap/ldapi root natd 1294 4 dgram -> ?? _dhcp dhclient 1219 3 dgram -> ?? root dhclient 1195 3 dgram -> ?? root smbd 1044 4 dgram -> ?? root smbd 1044 18 stream -> /var/db/samba/winbindd_privileged/pipe root smbd 1044 22 stream -> /var/run/openldap/ldapi root winbindd 954 3 dgram -> ?? root winbindd 954 15 stream -> ?? root winbindd 954 17 stream -> ?? root winbindd 954 19 stream /var/db/samba/winbindd_privileged/pipe root winbindd 954 20 stream -> ?? root winbindd 953 3 dgram -> ?? root winbindd 953 15 stream -> ?? root winbindd 953 17 stream -> ?? root winbindd 953 19 stream /var/db/samba/winbindd_privileged/pipe root winbindd 951 3 dgram -> ?? root winbindd 951 14 stream -> ?? root winbindd 925 3 dgram -> ?? root winbindd 925 15 stream -> ?? root winbindd 925 19 stream /var/db/samba/winbindd_privileged/pipe root winbindd 925 20 stream -> ?? root winbindd 925 21 stream -> ?? root smbd 921 4 dgram -> ?? root smbd 921 18 stream -> /var/db/samba/winbindd_privileged/pipe root smbd 921 22 stream -> /var/run/openldap/ldapi root nmbd 917 4 dgram -> ?? ldap slapd 898 3 dgram -> ?? ldap slapd 898 19 stream /var/run/openldap/ldapi ldap slapd 898 21 stream /var/run/openldap/ldapi ldap slapd 898 22 stream /var/run/openldap/ldapi ldap slapd 898 23 stream /var/run/openldap/ldapi ldap slapd 898 24 stream /var/run/openldap/ldapi ldap slapd 898 25 stream /var/run/openldap/ldapi ldap slapd 898 26 stream /var/run/openldap/ldapi ldap slapd 898 27 stream /var/run/openldap/ldapi ldap slapd 898 28 stream /var/run/openldap/ldapi AleStation:/usr/home/ale $ sockstat -uc |wc -l 75 This is the diff between the two outputs: USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS +ale perl5.8.8 1639 3 stream -> /var/run/openldap/ldapi +ale perl5.8.8 1639 4 stream -> /var/run/openldap/ldapi +ale perl5.8.8 1639 6 stream -> /var/run/openldap/ldapi +ale perl5.8.8 1639 7 stream -> /var/run/openldap/ldapi +ale perl5.8.8 1639 8 stream -> /var/run/openldap/ldapi root xterm 1528 3 stream -> /tmp/.X11-unix/X0 root xterm 1464 3 stream -> /tmp/.X11-unix/X0 ale nedit 1436 3 stream -> /tmp/.X11-unix/X0 @@ -64,3 +69,10 @@ ldap slapd 898 21 stream /var/run/openldap/ldapi ldap slapd 898 22 stream /var/run/openldap/ldapi ldap slapd 898 23 stream /var/run/openldap/ldapi +ldap slapd 898 24 stream /var/run/openldap/ldapi +ldap slapd 898 25 stream /var/run/openldap/ldapi +ldap slapd 898 26 stream /var/run/openldap/ldapi +ldap slapd 898 27 stream /var/run/openldap/ldapi +ldap slapd 898 28 stream /var/run/openldap/ldapi At each call of getpwnam I have 2 new sockets opened and not closed. At the end of the script all the sockets are close and the number return to the 65 before start the script. The problem is when the program does no end like a daemon. I think that this is a problem of nss_ldap when configured to access OpenLDAP via Unix Domain Socket. I repeated this same test changing the connection to TCP Socket at nss_ldap.conf and only 2 sockets are opened during all execution time of the script. Any comments ??