[MDEV-21385] PAM v2 plugin produces lots of zombie processes - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.4(EOL)
Fix Version/s: 10.4.14, 10.5.5
Component/s: Authentication and Privilege System, Plugin - pam
Labels:
None
Environment:
OS: CentOS 8

Description

The authentication using the PAM v2 module works, but produces a lot of zombie processes.

$ ps aux | grep auth_pam_tool

...

root      1637  0.0  0.0      0     0 ?        Z    Dez22   0:00 [auth_pam_tool] <defunct>

root      1638  0.0  0.0      0     0 ?        Z    Dez22   0:00 [auth_pam_tool] <defunct>

root      1639  0.0  0.0      0     0 ?        Z    Dez21   0:00 [auth_pam_tool] <defunct>

root      1640  0.0  0.0      0     0 ?        Z    Dez21   0:00 [auth_pam_tool] <defunct>

root      1641  0.0  0.0      0     0 ?        Z    Dez22   0:00 [auth_pam_tool] <defunct>

root      1642  0.0  0.0      0     0 ?        Z    08:21   0:00 [auth_pam_tool] <defunct>

...

Configuration details:

Using sssd with ldap backend for mariadb service
OS: CentOS 8

Logs (to make clear authentifaction itself works):

Dez 23 14:30:59 web1 mysqld[13717]: pam_sss(mariadb:auth): authentication success; logname= uid=27 euid=27 tty= ruser= rhost= user=web_<removed>

Dez 23 14:31:01 web1 mysqld[13717]: pam_sss(mariadb:auth): authentication success; logname= uid=27 euid=27 tty= ruser= rhost= user=web_<removed>

Dez 23 14:31:01 web1 mysqld[13717]: pam_sss(mariadb:auth): authentication success; logname= uid=27 euid=27 tty= ruser= rhost= user=web_<removed>

/etc/pam.d/mariadb

auth    required pam_sss.so domains=mariadb

account required pam_sss.so domains=mariadb

Attachments

Issue Links

is caused by

MDEV-7032 new pam plugin with a suid wrapper

Closed

MDEV-15473 Isolate/sandbox PAM modules, so that they can't crash the server

Closed

Activity

Ascending order - Click to sort in descending order

Florian Bezdeka created issue - 2019-12-23 13:32

Florian Bezdeka made changes - 2019-12-23 13:36

Field	Original Value	New Value
Description	The authentication using the PAM v2 module works, but produces a lot of zombie processes. {{ $ ps aux \| grep auth_pam_tool ... root 1637 0.0 0.0 0 0 ? Z Dez22 0:00 [auth_pam_tool] <defunct> root 1638 0.0 0.0 0 0 ? Z Dez22 0:00 [auth_pam_tool] <defunct> root 1639 0.0 0.0 0 0 ? Z Dez21 0:00 [auth_pam_tool] <defunct> root 1640 0.0 0.0 0 0 ? Z Dez21 0:00 [auth_pam_tool] <defunct> root 1641 0.0 0.0 0 0 ? Z Dez22 0:00 [auth_pam_tool] <defunct> root 1642 0.0 0.0 0 0 ? Z 08:21 0:00 [auth_pam_tool] <defunct> ...}} Configuration details: - Using sssd with ldap backend for mariadb service - OS: CentOS 8 Logs (to make clear authentifaction itself works): {{Dez 23 14:30:59 web1 mysqld[13717]: pam_sss(mariadb:auth): authentication success; logname= uid=27 euid=27 tty= ruser= rhost= user=web_<removed> Dez 23 14:31:01 web1 mysqld[13717]: pam_sss(mariadb:auth): authentication success; logname= uid=27 euid=27 tty= ruser= rhost= user=web_<removed> Dez 23 14:31:01 web1 mysqld[13717]: pam_sss(mariadb:auth): authentication success; logname= uid=27 euid=27 tty= ruser= rhost= user=web_<removed>}}	The authentication using the PAM v2 module works, but produces a lot of zombie processes. {noformat} $ ps aux \| grep auth_pam_tool ... root 1637 0.0 0.0 0 0 ? Z Dez22 0:00 [auth_pam_tool] <defunct> root 1638 0.0 0.0 0 0 ? Z Dez22 0:00 [auth_pam_tool] <defunct> root 1639 0.0 0.0 0 0 ? Z Dez21 0:00 [auth_pam_tool] <defunct> root 1640 0.0 0.0 0 0 ? Z Dez21 0:00 [auth_pam_tool] <defunct> root 1641 0.0 0.0 0 0 ? Z Dez22 0:00 [auth_pam_tool] <defunct> root 1642 0.0 0.0 0 0 ? Z 08:21 0:00 [auth_pam_tool] <defunct> ... {noformat} Configuration details: - Using sssd with ldap backend for mariadb service - OS: CentOS 8 Logs (to make clear authentifaction itself works): {noformat} Dez 23 14:30:59 web1 mysqld[13717]: pam_sss(mariadb:auth): authentication success; logname= uid=27 euid=27 tty= ruser= rhost= user=web_<removed> Dez 23 14:31:01 web1 mysqld[13717]: pam_sss(mariadb:auth): authentication success; logname= uid=27 euid=27 tty= ruser= rhost= user=web_<removed> Dez 23 14:31:01 web1 mysqld[13717]: pam_sss(mariadb:auth): authentication success; logname= uid=27 euid=27 tty= ruser= rhost= user=web_<removed> {noformat}

Florian Bezdeka made changes - 2019-12-23 14:53

Affects Version/s		10.4 [ 22408 ]
Affects Version/s	10.4.10 [ 23907 ]

Elena Stepanova made changes - 2019-12-23 16:45

Fix Version/s		10.4 [ 22408 ]
Assignee		Sergei Golubchik [ serg ]

Elena Stepanova made changes - 2019-12-23 16:46

Assignee

Sergei Golubchik [ serg ]

Elena Stepanova [ elenst ]

Elena Stepanova made changes - 2019-12-23 16:47

Labels

need_feedback

Florian Bezdeka made changes - 2019-12-24 10:39

Description

The authentication using the PAM v2 module works, but produces a lot of zombie processes.

{noformat}
$ ps aux | grep auth_pam_tool
...

root 1637 0.0 0.0 0 0 ? Z Dez22 0:00 [auth_pam_tool] <defunct>
root 1638 0.0 0.0 0 0 ? Z Dez22 0:00 [auth_pam_tool] <defunct>
root 1639 0.0 0.0 0 0 ? Z Dez21 0:00 [auth_pam_tool] <defunct>
root 1640 0.0 0.0 0 0 ? Z Dez21 0:00 [auth_pam_tool] <defunct>
root 1641 0.0 0.0 0 0 ? Z Dez22 0:00 [auth_pam_tool] <defunct>
root 1642 0.0 0.0 0 0 ? Z 08:21 0:00 [auth_pam_tool] <defunct>
...
{noformat}

Configuration details:
- Using sssd with ldap backend for mariadb service
- OS: CentOS 8

Logs (to make clear authentifaction itself works):
{noformat}
Dez 23 14:30:59 web1 mysqld[13717]: pam_sss(mariadb:auth): authentication success; logname= uid=27 euid=27 tty= ruser= rhost= user=web_<removed>
Dez 23 14:31:01 web1 mysqld[13717]: pam_sss(mariadb:auth): authentication success; logname= uid=27 euid=27 tty= ruser= rhost= user=web_<removed>
Dez 23 14:31:01 web1 mysqld[13717]: pam_sss(mariadb:auth): authentication success; logname= uid=27 euid=27 tty= ruser= rhost= user=web_<removed>
{noformat}

Elena Stepanova made changes - 2019-12-24 17:24

Labels

need_feedback

Elena Stepanova made changes - 2019-12-24 17:24

Assignee

Elena Stepanova [ elenst ]

Sergei Golubchik [ serg ]

Sergei Golubchik made changes - 2020-01-21 18:42

Assignee

Sergei Golubchik [ serg ]

Alexey Botchkov [ holyfoot ]

Geoff Montee (Inactive) made changes - 2020-05-26 17:16

Component/s

Plugin - pam [ 10500 ]

Geoff Montee (Inactive) made changes - 2020-05-26 17:17

Link

This issue is caused by ~~MDEV-15473~~ [ ~~MDEV-15473~~ ]

Geoff Montee (Inactive) made changes - 2020-05-26 17:17

Link

This issue is caused by ~~MDEV-7032~~ [ ~~MDEV-7032~~ ]

Sergei Golubchik made changes - 2020-06-09 14:18

Priority

Major [ 3 ]

Critical [ 2 ]

Sergei Golubchik made changes - 2020-06-09 14:18

Fix Version/s

10.5 [ 23123 ]

Alexey Botchkov made changes - 2020-07-09 10:27

Status

Open [ 1 ]

In Progress [ 3 ]

Alexey Botchkov made changes - 2020-07-10 09:45

Assignee	Alexey Botchkov [ holyfoot ]	Sergei Golubchik [ serg ]
Status	In Progress [ 3 ]	In Review [ 10002 ]

Sergei Golubchik made changes - 2020-07-10 12:12

Assignee	Sergei Golubchik [ serg ]	Alexey Botchkov [ holyfoot ]
Status	In Review [ 10002 ]	Stalled [ 10000 ]

Alexey Botchkov made changes - 2020-07-10 19:40

issue.field.resolutiondate

2020-07-10 19:40:30.0

2020-07-10 19:40:30.852

Alexey Botchkov made changes - 2020-07-10 19:40

Fix Version/s		10.4.14 [ 24305 ]
Fix Version/s	10.4 [ 22408 ]
Fix Version/s	10.5 [ 23123 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Maria M Pflaum (Inactive) made changes - 2020-07-10 22:36

Link

This issue is blocked by TODO-2473 [ TODO-2473 ]

Oleksandr Byelkin made changes - 2020-08-11 13:01

Fix Version/s

10.5.5 [ 24423 ]

Sergei Golubchik made changes - 2021-12-06 21:50

Workflow

MariaDB v3 [ 102646 ]

MariaDB v4 [ 157143 ]

Jira Automation (IT) made changes - 2024-07-04 03:18

Zendesk Related Tickets

172177 130723 122545 161549

People

Assignee:: Alexey Botchkov

Reporter:: Florian Bezdeka

Votes:: 5 Vote for this issue

Watchers:: 16 Start watching this issue

Dates

Created:: 2019-12-23 13:32

Updated:: 2024-07-07 22:14

Resolved:: 2020-07-10 19:40

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration