Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-15473

Isolate/sandbox PAM modules, so that they can't crash the server

Details

    • 10.4.0-1

    Description

      Buggy PAM modules can currently crash the server. See MDEV-10361 for example. Should auth_pam isolate PAM modules somehow to prevent problems like this from taking down the whole server? Is it feasible for auth_pam to use sandboxes for PAM modules, or would that cripple performance and slow down authentication too much?

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. MDEV-19876 pam v2: auth_pam_tool_dir and auth_pam_tool permissions are wrong in RPMs

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Task - A task that needs to be done. MDEV-19877 pam v2: auth_pam_tool input format is not user friendly for debugging

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. MDEV-19878 pam v2: pam password authentication doesn't work at all

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-19880 pam v1: pam password authentication doesn't work at all in MariaDB 10.4

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-19881 pam plugin from MariaDB 10.3 doesn't work with MariaDB 10.4

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. MDEV-19882 pam v2: auth_pam_tool truncates passwords that are not null-terminated

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-21385 PAM v2 plugin produces lots of zombie processes

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22459 pam v2 should log an error if auth_pam_tool exec fails

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22482 pam v2: mysql_upgrade doesn't fix the ownership/privileges of auth_pam_tool

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. MXS-2633 Pam authentication doesn't work with server 10.4

          • Major - Major loss of function.
          • Closed
          is blocked by

          Task - A task that needs to be done. MDEV-7032 new pam plugin with a suid wrapper

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-16813 Document PAM updates

          • Major - Major loss of function.
          • Open

          New Feature - A new feature of the product, which has yet to be developed. MDEV-18311 Change default PAM service name to mariadb

          • Major - Major loss of function.
          • Open

          New Feature - A new feature of the product, which has yet to be developed. MXS-3753 Add option to run PAM authentication in a suid sanbox

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-10361 auth_pam + RSA SecurID PAM module + SQLyog causes server crash

          • Major - Major loss of function.
          • Closed

          Activity

            Transition Time In Source Status Execution Times
            Alexey Botchkov made transition -
            Open In Progress
            		79d 12h 57m 1
            Alexey Botchkov made transition -
            In Progress Closed
            		1m 11s 1
            Sergei Golubchik made transition -
            Closed Stalled
            		2h 57m 1
            Alexey Botchkov made transition -
            Stalled In Review
            		1d 22h 19m 1
            Alexey Botchkov made transition -
            Stalled In Progress
            		29d 11h 47m 4
            Alexey Botchkov made transition -
            In Progress In Review
            		11d 5h 34m 4
            Sergei Golubchik made transition -
            In Review Stalled
            		4d 13h 26m 5
            Alexey Botchkov made transition -
            Stalled Closed
            		4d 3h 20m 1

            People

              holyfoot Alexey Botchkov
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              5 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.